GitHub-Actions/.github/workflows/npmPublish.yml at main · Expensify/GitHub-Actions · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Publish package to npmjs

on:
  workflow_call:
    inputs:
      repository:
        description: 'Repository name with owner. For example: "Expensify/eslint-config-expensify"'
        default: ${{ github.repository }}
        required: false
        type: string
      should_run_build:
        description: 'True if we should run "npm run build" for the package'
        default: false
        required: false
        type: boolean
      should_run_pack:
        description: 'True if we should run "npm pack" for the package'
        default: false
        required: false
        type: boolean

jobs:
  publish:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write # Required for OIDC: https://docs.npmjs.com/trusted-publishers
    steps:
      - name: Generate a GitHub App token
        id: generateAppToken
        uses: actions/create-github-app-token@9d97a4282b2c51a2f4f0465b9326399f53c890d4
        with:
          app-id: ${{ secrets.OS_BOTIFY_APP_ID }}
          private-key: ${{ secrets.OS_BOTIFY_PRIVATE_KEY }}

      # v4.2.2
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
        with:
          repository: ${{ inputs.repository }}
          token: ${{ steps.generateAppToken.outputs.token }}

      # actions/setup-node@v4.3.0
      - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e
        with:
          registry-url: 'https://registry.npmjs.org'
          node-version-file: '.nvmrc'

      - name: Install npm packages
        run: npm ci

      # Don't commit the version bump, we will commit later
      - name: Update npm version
        run: npm version patch --git-tag-version false

      - name: Set new version in GitHub ENV
        run: echo "NEW_VERSION=$(jq '.version' package.json)" >> "$GITHUB_ENV"

      - name: Created signed commit and push tags
        run: |
          set -euxo pipefail
          version="${{ env.NEW_VERSION }}"

          # Find all files changes with package*.json
          FILES=$(git status --porcelain -- package*.json | awk '{ print $2 }')

          for file in $FILES; do
            message="Update $file version to $version"
            sha=$(git rev-parse "main:$file")
            # Create a file with the base64 encoded content
            base64 -i "$file" > "base64.txt"
            new_commit_sha=$(gh api --method PUT /repos/:owner/:repo/contents/"$file" \
              --field message="$message" \
              --field content="@base64.txt" \
              --field encoding="base64" \
              --field branch="main" \
              --field sha="$sha" \
              --jq '.commit.sha')
          done

          # Set up git user info so we can push a tag
          # os-botify[bot] GitHub App ID can be found here: https://api.github.com/users/os-botify[bot]
          git config --global user.name "os-botify[bot]"
          git config --global user.email "140437396+os-botify[bot]@users.noreply.github.com"

          # Fetch the commit that was made via the API
          git fetch origin main

          # Tag new_commit_sha with our new version
          git tag -a "$version" "$new_commit_sha" -m "$version"

          # Push the new tag
          git push origin tag "$version"
        env:
          GITHUB_TOKEN: ${{ steps.generateAppToken.outputs.token }}

      - name: Optionally run `npm run build`
        if: ${{ inputs.should_run_build }}
        run: npm run build

      - name: Optionally run `npm pack` to create a tarball
        if: ${{ inputs.should_run_pack }}
        run: npm pack

      - name: Publish to npm
        run: npm publish --provenance

      - name: Set name version in GitHub ENV
        run: echo "NAME=$(jq '.name' package.json)" >> "$GITHUB_ENV"

      - name: Get Pull Request Number
        # v7.0.1
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
        id: pull_request_number
        with:
          script: |
            if (context.issue.number) {
              // Return issue number if present
              return context.issue.number;
            } else {
              // Otherwise return issue number from commit
              return (
                await github.rest.repos.listPullRequestsAssociatedWithCommit({
                  commit_sha: context.sha,
                  owner: context.repo.owner,
                  repo: context.repo.repo,
                })
              ).data[0].number;
            }
          result-encoding: string

      - name: Comment on PR
        run: |
          gh pr comment ${{steps.pull_request_number.outputs.result}} --repo ${{ inputs.repository }} --body ":rocket: Published to [npm](https://www.npmjs.com/) in [${{ env.NEW_VERSION }}](https://www.npmjs.com/package/${{ env.NAME }}/v/${{ env.NEW_VERSION }}) :tada:"
        env:
          GITHUB_TOKEN: ${{ steps.generateAppToken.outputs.token }}