Publish Packages #48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Packages | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| branch: | |
| description: 'Branch to publish packages from' | |
| required: true | |
| default: 'master' | |
| version: | |
| description: 'Version to publish' | |
| required: true | |
| default: 'prerelease' | |
| type: choice | |
| options: | |
| # these will bump corresponding part of the version | |
| # and publish it as 'latest' (which is the default when adding dependencies) | |
| - 'patch' | |
| - 'minor' | |
| - 'major' | |
| # these will bump corresponding part of the version | |
| # append something like -alpha.0 | |
| # and publish it as 'next' (which is only used when explicitly requested) | |
| - 'prepatch' | |
| - 'preminor' | |
| - 'premajor' | |
| # if the current version is a release, then it does the same as 'prepatch' | |
| # otherwise it bumps the counter (-alpha.0 -> -alpha.1 -> -alpha.2, etc.) | |
| - 'prerelease' | |
| # Do not allow concurrent runs | |
| concurrency: ${{ github.workflow }}-${{ github.ref }} | |
| jobs: | |
| publish: | |
| name: Publish Packages | |
| runs-on: ubuntu-latest | |
| permissions: write-all | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ inputs.branch || 'master' }} | |
| - name: Get the secrets from GSM | |
| id: secrets_manager | |
| uses: toptal/davinci-github-actions/gsm-secrets@master | |
| with: | |
| workload_identity_provider: ${{ secrets.IDENTITY_POOL }} | |
| service_account: ${{ secrets.SA_IDENTITY_POOL }} | |
| secrets_name: |- | |
| NPM_TOKEN_PUBLISH:toptal-ci/NPM_TOKEN_PUBLISH | |
| TOPTAL_BUILD_BOT_TOKEN:toptal-ci/TOPTAL_BUILD_BOT_TOKEN | |
| - name: Parse secrets | |
| id: parse_secrets | |
| uses: toptal/davinci-github-actions/expose-json-outputs@master | |
| with: | |
| json: ${{ steps.secrets_manager.outputs.secrets }} | |
| - name: Set ENV Variables | |
| run: |- | |
| echo "NPM_TOKEN=${{ steps.parse_secrets.outputs.NPM_TOKEN_PUBLISH }}" >> $GITHUB_ENV | |
| echo "GITHUB_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_TOKEN }}" >> $GITHUB_ENV | |
| - name: Setup Node.js 18.x | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| # Add a registry to npm config. | |
| # 'npm whoami' - is a check of the validity of the NPM token and connection. | |
| - name: Setup npm | |
| run: | | |
| npm set "//registry.npmjs.org/:_authToken=${{ env.NPM_TOKEN }}" | |
| npm whoami | |
| # Lerna should be able to make commits and create tags for new versions in repo as a user. | |
| - name: Configure git user | |
| run: | | |
| git config --global user.email "bot@toptal.com" | |
| git config --global user.name "toptal-bot" | |
| - name: Install Dependencies | |
| run: | | |
| yarn install --frozen-lockfile --non-interactive | |
| - name: Build Packages | |
| run: | | |
| yarn build | |
| - name: Bump versions | |
| run: | | |
| yarn lerna version ${{ inputs.version }} --yes | |
| # publish using appropriate distribution tag (see comments for the 'version' input for details) | |
| # the (x && y || z) construct below is thes same as ternary operator (x ? y : z) | |
| # if the version starts with 'pre' then use 'next' as a distribution tag, otherwise use 'latest' | |
| - name: Publish packages | |
| run: | | |
| yarn lerna publish from-git \ | |
| --dist-tag ${{ startsWith(inputs.version, 'pre') && 'next' || 'latest' }} \ | |
| --yes | |