-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathreusable-continuous-delivery.yml
More file actions
185 lines (169 loc) · 7.46 KB
/
reusable-continuous-delivery.yml
File metadata and controls
185 lines (169 loc) · 7.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
name: publish github
on:
workflow_call:
inputs:
pr-number:
description: The number of the PR that is being deployed
required: false
type: string
ref:
description: The branch that is being deployed. Should be a branch on the given repository
required: false
default: main
type: string
repository:
description: The {owner}/{repository} that is being deployed.
required: true
type: string
bun-version:
description: The version of Bun to use (default `latest`)
required: false
default: latest
type: string
operating-system:
description: The operating system to use (default `ubuntu-latest`)
required: false
default: ubuntu-latest
type: string
with-submodules:
description: Whether to include submodules when checking out the repository (default `false`)
required: false
default: 'false'
type: string
working-directory:
description: The working directory to run the commands in
required: false
default: .
type: string
build:
description: Whether to run `bun build` before publishing
required: false
default: false
type: boolean
registry:
description: The registry to publish to, either `npm`, `github` or `both`
required: true
type: string
npm-scope:
description: The scope to use when publishing to the NPM registry (e.g., @aetherjs). If provided, package.json name will be temporarily updated.
required: false
type: string
github-scope:
description: The scope to use when publishing to the GitHub registry (e.g., @aether-development). If provided, package.json name will be temporarily updated.
required: false
type: string
secrets:
GH_AUTH_TOKEN:
description: The token to authenticate with the Github registry
required: false
NPM_AUTH_TOKEN:
description: The token to authenticate with the NPM registry
required: false
concurrency:
group: ${{ github.workflow }}|${{ github.head_ref || github.ref }}|${{ inputs.working-directory }}|${{ inputs.registry }}|${{ inputs.operating-system }}|${{ inputs.repository }}|${{ inputs.bun-version }}
cancel-in-progress: true
jobs:
publish:
name: Continuous Delivery
runs-on: ${{ inputs.operating-system }}
if: ${{ github.repository_owner == 'aether-development' }}
env:
TAG: ${{ github.event_name == 'push' && 'next' || format('pr-{0}', inputs['pr-number']) }}
steps:
- name: Checkout Project
uses: actions/checkout@v4
with:
fetch-depth: 0
repository: ${{ inputs.repository }}
ref: ${{ inputs.ref }}
token: ${{ secrets.GITHUB_TOKEN }}
submodules: ${{ inputs.with-submodules }}
- name: Check Required Secrets
env:
REGISTRY: ${{ inputs.registry }}
NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
GH_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }}
run: |
if [[ "$REGISTRY" == "npm" || "$REGISTRY" == "both" ]]; then
if [[ -z "$NPM_AUTH_TOKEN" ]]; then
echo "Error: NPM_AUTH_TOKEN is required when publishing to npm registry."
exit 1
fi
fi
if [[ "$REGISTRY" == "github" || "$REGISTRY" == "both" ]]; then
if [[ -z "$GH_AUTH_TOKEN" ]]; then
echo "Error: GH_AUTH_TOKEN is required when publishing to GitHub registry."
exit 1
fi
fi
- name: Setup Bun
uses: oven-sh/setup-bun@v1
with:
bun-version: ${{ inputs.bun-version }}
- name: Cache Bun Dependencies
id: bun-cache
uses: actions/cache@v5
with:
path: ~/.bun/install/cache
# Use OS, Bun version, and lockfile hash as the cache key.
key: ${{ runner.os }}-bun-${{ inputs.bun-version }}-${{ hashFiles(format('{0}/bun.lockb', inputs.working-directory)) }}
restore-keys: |
${{ runner.os }}-bun-${{ inputs.bun-version }}-
- name: Install Dependencies
working-directory: ${{ inputs.working-directory }}
run: bun install --frozen-lockfile
- name: Build
if: ${{ inputs.build }}
working-directory: ${{ inputs.working-directory }}
run: bun run build
- name: Bump Version
working-directory: ${{ inputs.working-directory }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
bun run bump --preid "${TAG}.$(git rev-parse --short HEAD)" --skip-changelog
- name: Backup package.json
if: ${{ (inputs.registry == 'npm' || inputs.registry == 'both') && inputs.npm-scope || (inputs.registry == 'github' || inputs.registry == 'both') && inputs.github-scope }}
working-directory: ${{ inputs.working-directory }}
run: cp package.json package.json.bak
- name: Modify package.json for NPM Scope
if: ${{ (inputs.registry == 'npm' || inputs.registry == 'both') && inputs.npm-scope }}
working-directory: ${{ inputs.working-directory }}
run: |
PACKAGE_NAME=$(jq -r '.name' package.json | sed 's/^@[^/]*\///')
jq --arg scope "${{ inputs.npm-scope }}" --arg name "$PACKAGE_NAME" '.name = $scope + "/" + $name' package.json > temp.json && mv temp.json package.json
- name: Publish to NPM Registry
if: ${{ inputs.registry == 'npm' || inputs.registry == 'both' }}
working-directory: ${{ inputs.working-directory }}
env:
NPM_CONFIG_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
run: |
echo "//registry.npmjs.org/:_authToken=${NPM_CONFIG_TOKEN}" >> ~/.npmrc
bun publish --tag ${TAG} --provenance --access public
- name: Restore package.json after NPM publish
if: ${{ (inputs.registry == 'npm' || inputs.registry == 'both') && inputs.npm-scope }}
working-directory: ${{ inputs.working-directory }}
run: mv package.json.bak package.json
- name: Modify package.json for GitHub Scope
if: ${{ (inputs.registry == 'github' || inputs.registry == 'both') && inputs.github-scope }}
working-directory: ${{ inputs.working-directory }}
run: |
PACKAGE_NAME=$(jq -r '.name' package.json | sed 's/^@[^/]*\///')
jq --arg scope "${{ inputs.github-scope }}" --arg name "$PACKAGE_NAME" '.name = $scope + "/" + $name' package.json > temp.json && mv temp.json package.json
- name: Publish to GitHub Registry
if: ${{ inputs.registry == 'github' || inputs.registry == 'both' }}
working-directory: ${{ inputs.working-directory }}
env:
NPM_CONFIG_TOKEN: ${{ secrets.GH_AUTH_TOKEN }}
run: |
REPO_OWNER=$(echo "${{ inputs.repository }}" | cut -d '/' -f 1)
echo "//npm.pkg.github.com/:_authToken=${NPM_CONFIG_TOKEN}" >> ~/.npmrc
bun publish --tag ${TAG} --registry https://npm.pkg.github.com/${REPO_OWNER}
- name: Restore package.json after GitHub publish
if: ${{ (inputs.registry == 'github' || inputs.registry == 'both') && inputs.github-scope }}
working-directory: ${{ inputs.working-directory }}
run: |
# Only move back if the file exists (it might have been moved by the NPM restore step already if both scopes were provided)
if [ -f package.json.bak ]; then
mv package.json.bak package.json
fi