Refactor getRealmKey to fix the frodo-cli build. #452
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Frodo Library Release Pipeline' | |
on: | |
pull_request: | |
branches: | |
- 'main' | |
paths-ignore: | |
- '**/CODE_OF_CONDUCT.md' | |
- '**/CONTRIBUTE.md' | |
- '**/PIPELINE.md' | |
- '**/README.md' | |
- 'docs/**' | |
push: | |
branches: | |
- 'main' | |
paths-ignore: | |
- '**/CODE_OF_CONDUCT.md' | |
- '**/CONTRIBUTE.md' | |
- '**/PIPELINE.md' | |
- '**/README.md' | |
- '**/pipeline.yml' | |
- '**/doc.yml' | |
- 'docs/**' | |
workflow_dispatch: | |
env: | |
NODE_VERSION: 22 | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
# Need to specify ref and repository for PRs from forked repos | |
ref: ${{ github.event.pull_request.head.ref }} | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
cache: 'npm' | |
- name: Update package-log.json before version bump | |
run: npm i --package-lock-only | |
- name: Install dependencies | |
run: npm ci | |
- name: 'Prepare Version Bump' | |
id: version-bump | |
uses: 'phips28/gh-action-bump-version@master' | |
with: | |
major-wording: 'MAJOR RELEASE' | |
minor-wording: 'MINOR RELEASE' | |
patch-wording: 'PATCH RELEASE' | |
rc-wording: '' | |
tag-prefix: 'v' | |
default: prerelease | |
preid: '' | |
bump-policy: 'ignore' | |
skip-commit: 'true' | |
skip-tag: 'true' | |
skip-push: 'true' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Update package-log.json after version bump | |
run: npm i --package-lock-only | |
- name: Version From Tag | |
id: version-from-tag | |
run: echo "version=$(echo '${{ steps.version-bump.outputs.newTag }}' | sed 's/v//')" >> "$GITHUB_OUTPUT" | |
- name: Build library | |
run: npm run build | |
- name: Build docs | |
run: | | |
npm run doc | |
- name: Lint | |
run: npm run lint | |
- name: Security Audit | |
run: npm audit --audit-level high | |
- name: Zip build artifacts | |
run: zip -r build.zip dist mocks package.json package-lock.json snapshotResolve.js types docs | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: build | |
path: | | |
build.zip | |
outputs: | |
newTag: ${{ steps.version-bump.outputs.newTag }} | |
newVersion: ${{ steps.version-from-tag.outputs.version }} | |
preRelease: ${{ contains(steps.version-bump.outputs.newTag, '-') }} | |
test: | |
name: 'Test' | |
# You must use a Linux environment when using service containers or container jobs | |
runs-on: ubuntu-latest | |
needs: [build] | |
strategy: | |
matrix: | |
node-version: [22, 20, 18] | |
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/ | |
# Service containers to run with `test` | |
services: | |
# Label used to access the service container | |
squid: | |
# Docker Hub image | |
image: ubuntu/squid | |
# | |
ports: | |
# Maps tcp port 3128 on the host to the same port in the service container | |
- 3128:3128 | |
steps: | |
# Need to check out repo to get .snap and .har files for unit tests | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
# Need to specify ref and repository for PRs from forked repos | |
ref: ${{ github.event.pull_request.head.ref }} | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
- uses: actions/download-artifact@v4 | |
with: | |
name: build | |
# need -o to overwrite package.json | |
- name: Unzip build artifact | |
run: unzip -o build.zip | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v4 | |
with: | |
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/ | |
node-version: ${{ matrix.node-version }} | |
cache: 'npm' | |
- name: Install dependencies | |
run: | | |
npm ci | |
# | |
# Run tests. | |
# | |
- name: Direct Tests | |
env: | |
FRODO_DEBUG: ${{ vars.FRODO_DEBUG }} | |
FRODO_HOST: ${{ vars.FIDC_TENANT_URL }} | |
FRODO_SA_ID: ${{ vars.FIDC_TENANT_SA_ID }} | |
FRODO_SA_JWK: ${{ secrets.FIDC_TENANT_SA_JWK }} | |
run: | | |
npm run test:debug | |
- name: Proxy Tests | |
env: | |
FRODO_DEBUG: ${{ vars.FRODO_DEBUG }} | |
HTTPS_PROXY: 'http://127.0.0.1:3128' | |
FRODO_HOST: ${{ vars.FIDC_TENANT_URL }} | |
FRODO_SA_ID: ${{ vars.FIDC_TENANT_SA_ID }} | |
FRODO_SA_JWK: ${{ secrets.FIDC_TENANT_SA_JWK }} | |
run: | | |
npm run test:only | |
- name: Security Audit | |
run: | | |
npm audit --omit=dev --audit-level high | |
npm-release: | |
if: github.ref == 'refs/heads/main' | |
needs: [build, test] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: build | |
- name: Unzip build artifact | |
run: unzip build.zip | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
cache: 'npm' | |
- name: Install dependencies | |
run: npm ci | |
- name: Pre-Release | |
if: ${{ fromJSON(needs.build.outputs.preRelease) }} | |
uses: JS-DevTools/npm-publish@v3 | |
with: | |
access: public | |
tag: 'next' | |
token: ${{ secrets.NPM_ACCESS_TOKEN }} | |
- name: Release | |
if: ${{ ! fromJSON(needs.build.outputs.preRelease) }} | |
uses: JS-DevTools/npm-publish@v3 | |
with: | |
access: public | |
token: ${{ secrets.NPM_ACCESS_TOKEN }} | |
- name: Add next tag | |
if: ${{ ! fromJSON(needs.build.outputs.preRelease) }} | |
run: | | |
echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_ACCESS_TOKEN }}" >> ~/.npmrc | |
npm whoami | |
npm dist-tag add @rockcarver/frodo-lib@${{ needs.build.outputs.newVersion }} next | |
release: | |
if: github.ref == 'refs/heads/main' | |
needs: [build, npm-release] | |
name: 'Release' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: build | |
# need -o to overwrite package.json | |
- name: Unzip build artifact | |
run: unzip -o build.zip | |
- name: 'Github SHA' | |
id: github-sha | |
run: echo ${{ github.sha }} > Release.txt | |
- name: Update Changelog | |
uses: thomaseizinger/keep-a-changelog-new-release@v3 | |
with: | |
tag: ${{ needs.build.outputs.newTag }} | |
- name: 'Output Changelog' | |
run: cat CHANGELOG.md | |
- name: 'Release Header' | |
id: release-header | |
run: echo "header=$(echo `grep '## \\[${{ needs.build.outputs.newVersion }}] -' CHANGELOG.md | sed 's/## //' | sed 's/\\[//' | sed 's/]//'`)" >> "$GITHUB_OUTPUT" | |
- name: 'Extract Release Notes' | |
id: extract-release-notes | |
uses: 'dahlia/submark@main' | |
with: | |
input-file: 'CHANGELOG.md' | |
heading-level: 2 | |
heading-title-text: '${{ steps.release-header.outputs.header }}' | |
ignore-case: true | |
omit-heading: true | |
- name: Commit updated changelog, version, and docs | |
id: commit-changelog | |
run: | | |
git config user.name "github-actions[bot]" | |
git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
git add CHANGELOG.md package.json package-lock.json docs | |
git commit --message "Updated changelog, version, and docs for release ${{ needs.build.outputs.newTag }}" | |
git push | |
- name: Release | |
uses: softprops/action-gh-release@v2 | |
with: | |
name: Frodo Library ${{ needs.build.outputs.newVersion }} | |
tag_name: ${{ needs.build.outputs.newTag }} | |
body: ${{ steps.extract-release-notes.outputs.output-text }} | |
prerelease: ${{ needs.build.outputs.preRelease }} | |
generate_release_notes: ${{ contains(needs.build.outputs.newTag, '-') }} | |
files: | | |
CHANGELOG.md | |
LICENSE | |
Release.txt | |
token: ${{ secrets.GITHUB_TOKEN }} | |
doc: | |
if: github.ref == 'refs/heads/main' | |
needs: [build, release] | |
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages | |
permissions: | |
contents: read | |
pages: write | |
id-token: write | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: build | |
# need -o to overwrite package.json | |
- name: Unzip build artifact | |
run: unzip -o build.zip | |
- name: Setup Pages | |
uses: actions/configure-pages@v4 | |
- name: Upload artifact | |
uses: actions/upload-pages-artifact@v3 | |
with: | |
# Upload docs directory | |
path: './docs' | |
- name: Deploy to GitHub Pages | |
id: deployment | |
uses: actions/deploy-pages@v4 |