Skip to content

Commit 17487d5

Browse files
gemxxgemxx
committed
chore: 🤖 Support OIDC by GitHub Actions workflows
1 parent fa6efad commit 17487d5

File tree

1 file changed

+231
-121
lines changed

1 file changed

+231
-121
lines changed

.github/workflows/publish.yml

Lines changed: 231 additions & 121 deletions
Original file line numberDiff line numberDiff line change
@@ -1,166 +1,276 @@
1-
# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
2-
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs
3-
41
name: Release Version
2+
# Publish npm packages based on git tags (v*)
53

64
on:
75
push:
8-
branches: ["main"]
96
tags: ["v*"]
7+
108
jobs:
119
build:
1210
runs-on: ubuntu-latest
1311
environment: release
12+
permissions:
13+
contents: read
14+
id-token: write #
15+
outputs:
16+
tag: ${{ steps.extract_tag.outputs.result }}
1417
steps:
15-
- name: extract tag
18+
- name: Extract tag
1619
id: extract_tag
17-
uses: actions/github-script@v6
20+
uses: actions/github-script@v7
1821
with:
1922
script: |
2023
const prefix = 'refs/tags/';
2124
const ref = context.ref;
22-
return ref.startsWith(prefix) ? ref.substring(prefix.length) : '';
25+
if (!ref.startsWith(prefix)) {
26+
throw new Error('Invalid ref: not a tag');
27+
}
28+
return ref.substring(prefix.length);
2329
result-encoding: string
24-
- uses: actions/checkout@v3
25-
- name: cache node_modules
26-
uses: actions/cache@v3
27-
env:
28-
cache-name: cache-node-modules
30+
31+
- name: Checkout code
32+
uses: actions/checkout@v4
33+
with:
34+
fetch-depth: 0
35+
36+
- name: Cache node_modules
37+
uses: actions/cache@v4
2938
with:
3039
path: node_modules
31-
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
40+
key: ${{ runner.os }}-build-${{ hashFiles('**/package.json', '**/yarn.lock') }}
3241
restore-keys: |
33-
${{ runner.os }}-build-${{ env.cache-name }}-
3442
${{ runner.os }}-build-
3543
${{ runner.os }}-
3644
37-
- name: Use Node.js
38-
uses: actions/setup-node@v3
45+
- name: Setup Node.js
46+
uses: actions/setup-node@v4
3947
with:
40-
node-version: 14.x
41-
- name: setup global dependencies
48+
node-version: 22.x
49+
50+
- name: Setup global dependencies
4251
run: |
43-
npm install yarn -g
44-
npm install zx@7.2.3 -g
52+
npm install -g yarn@1.22.22
53+
npm install -g zx@7.2.3
4554
46-
- name: install repo dependencies
55+
- name: Install dependencies
4756
run: |
48-
yarn install --registry="https://registry.yarnpkg.com"
49-
- name: npm version
57+
yarn install --frozen-lockfile --registry="https://registry.yarnpkg.com"
58+
59+
- name: Set package version
5060
run: |
5161
zx scripts/workflow/set-package-version.mjs
5262
env:
53-
TAG: ${{steps.extract_tag.outputs.result}}
54-
- name: build
63+
TAG: ${{ steps.extract_tag.outputs.result }}
64+
65+
- name: Build packages
5566
run: |
5667
yarn build:all
57-
- name: upload build
68+
69+
- name: Upload build artifacts
5870
uses: actions/upload-artifact@v4
5971
with:
6072
name: build
6173
path: |
6274
packages/*/dist/**
6375
packages/*/es/**
6476
package.json
77+
retention-days: 7
6578
release_npm:
66-
permissions:
67-
contents: write # support to do the release on branch
68-
pull-requests: write
69-
70-
if: ${{ startsWith(github.ref, 'refs/tags/') }}
71-
needs: [build]
72-
environment: release
73-
runs-on: ubuntu-latest
74-
75-
steps:
76-
- name: extract tag
77-
id: extract_tag
78-
uses: actions/github-script@v6
79-
with:
80-
script: |
81-
const prefix = 'refs/tags/';
82-
const ref = context.ref;
83-
return ref.startsWith(prefix) ? ref.substring(prefix.length) : '';
84-
result-encoding: string
85-
- uses: actions/checkout@v3
86-
with:
87-
ref: 'main'
88-
- name: use Node.js
89-
uses: actions/setup-node@v3
90-
with:
91-
node-version: 14.x
92-
- name: cache node_modules
93-
uses: actions/cache@v3
94-
env:
95-
cache-name: cache-node-modules
96-
with:
97-
path: node_modules
98-
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
99-
restore-keys: |
100-
${{ runner.os }}-build-${{ env.cache-name }}-
101-
${{ runner.os }}-build-
102-
${{ runner.os }}-
103-
- name: setup git
104-
run: |
105-
git config --global user.name ${{ github.actor }}
106-
git config --global user.email ${{ github.actor }}@users.noreply.github.com
107-
git fetch --tags
108-
git pull
109-
- name: setup global deps
110-
run: |
111-
npm install yarn -g
112-
npm install zx@7.2.3 -g
113-
114-
- name: install repo deps
115-
run: |
116-
yarn install --registry="https://registry.yarnpkg.com"
117-
- name: download build
118-
uses: actions/download-artifact@v4
119-
with:
120-
name: build
121-
- name: npm version
122-
run: |
123-
zx scripts/workflow/set-package-version.mjs
124-
env:
125-
TAG: ${{steps.extract_tag.outputs.result}}
126-
- name: setup npm
127-
run: |
128-
npm config set '//registry.npmjs.org/:_authToken' "${NPM_TOKEN}"
129-
130-
echo "ls -a ${{ github.workspace }}"
131-
ls -a ${{ github.workspace }}
132-
env:
133-
CI: true
134-
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
135-
- name: publish
136-
run: |
137-
zx scripts/workflow/npm-publish.mjs
138-
- name: push to release branch
139-
uses: EndBug/add-and-commit@v9
140-
with:
141-
add: "."
142-
default_author: github_actor
143-
fetch: true
144-
new_branch: release
145-
push: '--set-upstream origin release --force'
146-
message: 'Auto Publish npm version ${{steps.extract_tag.outputs.result}}'
147-
- name: create PR from back to main
148-
uses: actions/github-script@v6
149-
env:
150-
RELEASED_VERSION: ${{steps.extract_tag.outputs.result}}
151-
with:
152-
script: |
153-
const owner = context.repo.owner;
154-
const repo = context.repo.repo;
155-
const base = "main";
156-
const head = "release";
157-
const title = "new version published: " + process.env.RELEASED_VERSION;
158-
const body = "";
159-
github.rest.pulls.create({
79+
permissions:
80+
contents: write
81+
id-token: write
82+
83+
needs: [build]
84+
environment: release
85+
runs-on: ubuntu-latest
86+
87+
steps:
88+
- name: Checkout code
89+
uses: actions/checkout@v4
90+
with:
91+
ref: ${{ github.ref }}
92+
fetch-depth: 1
93+
94+
- name: Setup Git
95+
run: |
96+
git config --global user.name "${{ github.actor }}"
97+
git config --global user.email "${{ github.actor }}@users.noreply.github.com"
98+
git fetch --tags
99+
100+
- name: Setup Node.js
101+
uses: actions/setup-node@v4
102+
with:
103+
node-version: 22.x
104+
registry-url: 'https://registry.npmjs.org'
105+
106+
- name: Cache node_modules
107+
uses: actions/cache@v4
108+
with:
109+
path: node_modules
110+
key: ${{ runner.os }}-release-${{ hashFiles('**/package.json', '**/yarn.lock') }}
111+
restore-keys: |
112+
${{ runner.os }}-release-
113+
${{ runner.os }}-build-
114+
${{ runner.os }}-
115+
116+
- name: Setup Git
117+
run: |
118+
git config --global user.name "${{ github.actor }}"
119+
git config --global user.email "${{ github.actor }}@users.noreply.github.com"
120+
git fetch --tags
121+
git pull
122+
123+
- name: Setup global dependencies
124+
run: |
125+
npm install -g yarn@1.22.22
126+
npm install -g zx@7.2.3
127+
128+
- name: Install dependencies
129+
run: |
130+
yarn install --frozen-lockfile --registry="https://registry.yarnpkg.com"
131+
132+
- name: Download build artifacts
133+
uses: actions/download-artifact@v4
134+
with:
135+
name: build
136+
137+
- name: Publish to npm
138+
run: |
139+
zx scripts/workflow/npm-publish.mjs
140+
env:
141+
NPM_CONFIG_PROVENANCE: true
142+
143+
- name: Commit version changes
144+
uses: EndBug/add-and-commit@v9
145+
with:
146+
add: "."
147+
default_author: github_actor
148+
fetch: true
149+
new_branch: release
150+
push: '--set-upstream origin release --force'
151+
message: 'chore(release): publish npm version ${{ needs.build.outputs.tag }}'
152+
153+
create_release_pr:
154+
permissions:
155+
pull-requests: write
156+
157+
needs: [build, release_npm]
158+
runs-on: ubuntu-latest
159+
160+
steps:
161+
- name: Create or update PR
162+
uses: actions/github-script@v7
163+
env:
164+
RELEASED_VERSION: ${{ needs.build.outputs.tag }}
165+
with:
166+
script: |
167+
const owner = context.repo.owner;
168+
const repo = context.repo.repo;
169+
const base = "main";
170+
const head = "release";
171+
const title = `chore(release): version ${process.env.RELEASED_VERSION}`;
172+
const body = `## 🚀 Release ${process.env.RELEASED_VERSION}
173+
174+
This PR was automatically created by the release workflow.
175+
176+
### Changes
177+
- Updated package versions to ${process.env.RELEASED_VERSION}
178+
- Published packages to npm registry
179+
180+
### NPM Packages
181+
https://www.npmjs.com/search?q=%40xgplayer
182+
183+
---
184+
*Auto-generated by GitHub Actions*`;
185+
186+
try {
187+
// Check if PR already exists
188+
const { data: pulls } = await github.rest.pulls.list({
189+
owner,
190+
repo,
191+
state: 'open',
192+
head: `${owner}:${head}`,
193+
base
194+
});
195+
196+
if (pulls.length > 0) {
197+
// Update existing PR
198+
const pullNumber = pulls[0].number;
199+
await github.rest.pulls.update({
200+
owner,
201+
repo,
202+
pull_number: pullNumber,
203+
title,
204+
body
205+
});
206+
console.log(`✅ Updated existing PR #${pullNumber}`);
207+
core.summary
208+
.addHeading('✅ PR Updated')
209+
.addLink(`PR #${pullNumber}`, `https://github.com/${owner}/${repo}/pull/${pullNumber}`)
210+
.write();
211+
} else {
212+
// Create new PR
213+
const { data: pr } = await github.rest.pulls.create({
160214
owner,
161215
repo,
162216
base,
163217
head,
164218
title,
165219
body
166-
});
220+
});
221+
console.log(`✅ Created new PR #${pr.number}`);
222+
core.summary
223+
.addHeading('✅ PR Created')
224+
.addLink(`PR #${pr.number}`, pr.html_url)
225+
.write();
226+
}
227+
} catch (error) {
228+
console.error('❌ Error creating/updating PR:', error.message);
229+
core.summary
230+
.addHeading('⚠️ PR Creation Failed')
231+
.addRaw(`Error: ${error.message}`)
232+
.write();
233+
// Don't fail the workflow if PR creation fails
234+
}
235+
236+
release_summary:
237+
needs: [build, release_npm, create_release_pr]
238+
runs-on: ubuntu-latest
239+
if: always()
240+
241+
steps:
242+
- name: Generate release summary
243+
run: |
244+
VERSION="${{ needs.build.outputs.tag }}"
245+
BUILD_STATUS="${{ needs.build.result }}"
246+
RELEASE_STATUS="${{ needs.release_npm.result }}"
247+
PR_STATUS="${{ needs.create_release_pr.result }}"
248+
249+
BUILD_BADGE=$([ "$BUILD_STATUS" = "success" ] && echo "✅" || echo "❌")
250+
RELEASE_BADGE=$([ "$RELEASE_STATUS" = "success" ] && echo "✅" || echo "❌")
251+
PR_BADGE=$([ "$PR_STATUS" = "success" ] && echo "✅" || echo "❌")
252+
253+
{
254+
echo "# 🎉 Release Summary"
255+
echo ""
256+
echo "## Version Information"
257+
echo "| Field | Value |"
258+
echo "|-------|-------|"
259+
echo "| Version | \`$VERSION\` |"
260+
echo "| Tag | \`${{ github.ref }}\` |"
261+
echo "| Commit | [\`${{ github.sha }}\`](https://github.com/${{ github.repository }}/commit/${{ github.sha }}) |"
262+
echo ""
263+
echo "## Workflow Status"
264+
echo "| Step | Status |"
265+
echo "|------|--------|"
266+
echo "| Build | $BUILD_BADGE $BUILD_STATUS |"
267+
echo "| NPM Release | $RELEASE_BADGE $RELEASE_STATUS |"
268+
echo "| PR Creation | $PR_BADGE $PR_STATUS |"
269+
echo ""
270+
echo "## Links"
271+
echo "- 📦 [View on NPM](https://www.npmjs.com/search?q=%40xgplayer)"
272+
echo "- 🔗 [Workflow Run](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})"
273+
echo ""
274+
echo "*Auto-generated by GitHub Actions*"
275+
} >> $GITHUB_STEP_SUMMARY
276+

0 commit comments

Comments
 (0)