Merge pull request #576 from ForgeRock/changeset-release/master #104
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - develop | |
| workflow_dispatch: | |
| inputs: | |
| snapshot_tag: | |
| description: 'changesets snapshot tag (beta/canary)' | |
| required: false | |
| default: 'beta' | |
| type: string | |
| npm_tag: | |
| description: 'npm tag for publishing snapshot' | |
| required: false | |
| default: 'beta' | |
| type: string | |
| npm_access: | |
| description: 'access level for publishing snapshot to npm' | |
| required: false | |
| default: 'public' | |
| type: choice | |
| options: | |
| - public | |
| - restricted | |
| env: | |
| NX_CLOUD_ENCRYPTION_KEY: ${{ secrets.NX_CLOUD_ENCRYPTION_KEY }} | |
| NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| SLACK_WEBHOOK_URL_BETA: ${{ secrets.SLACK_WEBHOOK_URL_BETA }} | |
| NX_CLOUD_DISTRIBUTED_EXECUTION: true | |
| HUSKY: 0 | |
| CI: true | |
| jobs: | |
| # On push to develop/master, create or update release PR or publish to npm | |
| publish-or-pr: | |
| if: github.event_name == 'push' | |
| name: Create/update release PR or publish to npm | |
| permissions: | |
| contents: write # to create release (changesets/action) | |
| issues: write # to post issue comments (changesets/action) | |
| pull-requests: write # to create pull request (changesets/action) | |
| id-token: write # OIDC for provenance if npm publish happens here | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Branch name | |
| run: | | |
| echo "Checking out branch: ${{ github.ref_name }}" | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup publish | |
| uses: ./.github/actions/setup-publish | |
| with: | |
| CODECOV_TOKEN: ${{ env.CODECOV_TOKEN }} | |
| # This action creates a release pull request with all of | |
| # the package versions and changelogs updated. When there | |
| # are new changesets on your configured baseBranch, the PR will | |
| # be updated. When you're ready, you can merge the release PR | |
| # and the action will publish to npm for you. | |
| # https://github.com/changesets/action | |
| - name: Create/update release PR or publish to npm | |
| uses: changesets/action@v1 | |
| id: changesets | |
| with: | |
| publish: pnpm ci:release # command to tag and publish packages | |
| version: pnpm ci:version # command to update version, edit changelog, read and delete changesets | |
| branch: master # the branch to base the release PR against | |
| title: Release PR # title for the release PR | |
| commit: 'chore: version-packages' # the commit message to use | |
| setupGitUser: true | |
| env: | |
| GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }} | |
| - name: Publish previews to Stackblitz on PR | |
| if: steps.changesets.outputs.published == 'false' | |
| run: pnpm pkg-pr-new publish './packages/*' --packageManager=pnpm --comment=off | |
| - name: Rebase develop with master on publish | |
| if: steps.changesets.outputs.published == 'true' | |
| run: | | |
| git restore . | |
| git checkout master | |
| git fetch --all | |
| git pull origin master | |
| git checkout develop | |
| git restore . | |
| git rebase master | |
| git push -f | |
| env: | |
| GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }} | |
| - name: Format published packages for Slack | |
| if: steps.changesets.outputs.published == 'true' | |
| id: format-packages | |
| env: | |
| PUBLISHED_PACKAGES: ${{ steps.changesets.outputs.publishedPackages }} | |
| run: | | |
| FORMATTED=$(echo "$PUBLISHED_PACKAGES" | jq -r '.[] | ":package: *\(.name)* `\(.version)`"') | |
| PAYLOAD=$(jq -n --arg packages "$FORMATTED" '{"publishedPackages": $packages}') | |
| echo "payload<<EOF" >> $GITHUB_OUTPUT | |
| echo "$PAYLOAD" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| - name: Send GitHub Action data to a Slack workflow | |
| if: steps.changesets.outputs.published == 'true' | |
| id: slack-notify | |
| continue-on-error: true | |
| uses: slackapi/slack-github-action@v2.1.1 | |
| with: | |
| webhook: ${{ env.SLACK_WEBHOOK_URL }} | |
| webhook-type: webhook-trigger | |
| payload: ${{ steps.format-packages.outputs.payload }} | |
| - name: Warn if Slack notification failed | |
| if: steps.slack-notify.outcome == 'failure' | |
| run: | | |
| echo "::warning::Slack notification failed. Check the webhook URL and payload format." | |
| - name: Run code coverage | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| files: ./packages/**/coverage/*.xml | |
| token: ${{ env.CODECOV_TOKEN }} | |
| snapshot: | |
| # On manual trigger of GH action, publish a snapshot release to npm | |
| if: github.event_name == 'workflow_dispatch' | |
| name: Publish snapshot/beta release to npm | |
| permissions: | |
| contents: read | |
| id-token: write # OIDC for provenance when npm publish happens | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Branch name | |
| run: | | |
| echo "Checking out branch: ${{ github.ref_name }}" | |
| # Checkout the branch selected when triggering the workflow | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup publish | |
| uses: ./.github/actions/setup-publish | |
| with: | |
| CODECOV_TOKEN: ${{ env.CODECOV_TOKEN }} | |
| - name: Version packages for snapshot | |
| run: pnpm changeset version --snapshot ${{ inputs.snapshot_tag }} | |
| env: | |
| GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }} | |
| - name: Publish packages snapshot with npm_tag | |
| id: npmpublish | |
| run: pnpm publish -r --tag ${{ inputs.npm_tag }} --no-git-checks --access ${{ inputs.npm_access }} | |
| - name: Format published packages for Slack | |
| if: steps.npmpublish.outcome == 'success' | |
| id: format-packages | |
| env: | |
| NPM_TAG: ${{ inputs.npm_tag }} | |
| SNAPSHOT_TAG: ${{ inputs.snapshot_tag }} | |
| run: | | |
| FORMATTED=$(jq -rs --arg tag "$SNAPSHOT_TAG" '[.[] | select(.version | contains($tag))] | .[] | ":package: *\(.name)* `\(.version)`"' packages/*/package.json) | |
| PAYLOAD=$(jq -n --arg packages "$FORMATTED" --arg npmTag "$NPM_TAG" '{"npmTag": $npmTag, "publishedPackages": $packages}') | |
| echo "payload<<EOF" >> $GITHUB_OUTPUT | |
| echo "$PAYLOAD" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| - name: Send GitHub Action data to a Slack workflow | |
| if: steps.npmpublish.outcome == 'success' | |
| id: slack-notify-beta | |
| continue-on-error: true | |
| uses: slackapi/slack-github-action@v2.1.1 | |
| with: | |
| webhook: ${{ env.SLACK_WEBHOOK_URL_BETA }} | |
| webhook-type: webhook-trigger | |
| payload: ${{ steps.format-packages.outputs.payload }} | |
| - name: Warn if Slack notification failed | |
| if: steps.slack-notify-beta.outcome == 'failure' | |
| run: | | |
| echo "::warning::Slack beta notification failed. Check the webhook URL and payload format." |