|
1 | 1 | name: Deploy SDK |
2 | 2 |
|
3 | | -# Only run after a pull request has been merged. This is because |
4 | | -# bot account runs write operations on the github repo to push a tag. |
| 3 | +# PR test publish to confirm OIDC is configured correctly |
5 | 4 | on: |
6 | | - push: |
7 | | - branches: [main] # all branches where deployments currently occur. Make sure this list matches list of branches in `.releaserc` file. |
| 5 | + pull_request: |
| 6 | + types: [opened, synchronize, reopened] |
8 | 7 |
|
9 | 8 | permissions: |
| 9 | + id-token: write |
10 | 10 | contents: write # access to push the git tag |
11 | 11 | issues: write # Bot creates an issue if there is an issue during deployment process |
12 | 12 | pull-requests: write # allow bot to make comments on PRs after they get deployed |
13 | 13 |
|
14 | 14 | jobs: |
15 | | - deploy-git-tag: |
16 | | - name: Deploy git tag |
17 | | - runs-on: ubuntu-latest |
18 | | - outputs: |
19 | | - new_release_git_head: ${{ steps.semantic-release.outputs.new_release_git_head }} |
20 | | - new_release_published: ${{ steps.semantic-release.outputs.new_release_published }} |
21 | | - new_release_version: ${{ steps.semantic-release.outputs.new_release_version }} |
22 | | - steps: |
23 | | - |
24 | | - - name: 'Generate token' |
25 | | - id: generate_token |
26 | | - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 |
27 | | - with: |
28 | | - app_id: ${{ secrets.CIO_APP_ID }} |
29 | | - private_key: ${{ secrets.CIO_APP_SECRET }} |
30 | | - |
31 | | - - uses: actions/checkout@v4 |
32 | | - |
33 | | - # If using sd on macos, "brew install" works great. for Linux, this is the recommended way. |
34 | | - - name: Install sd CLI to use later in the workflow |
35 | | - # uses: kenji-miyake/setup-sd@59a1bd7bba077f6c491f04cd9d24b524ea2db4b6 # v1.1.1 |
36 | | - uses: levibostian/setup-sd@cbdeed93d4fe03f9e36b73bb6d9e7c3c4805e1f9 # add-file-extension # Using fork until upstream Action has bug fixed in it. |
37 | | - |
38 | | - - name: Deploy git tag via semantic release |
39 | | - uses: cycjimmy/semantic-release-action@0a51e81a6baff2acad3ee88f4121c589c73d0f0e # v4.2.0 |
40 | | - id: semantic-release |
41 | | - with: |
42 | | - semantic_version: latest |
43 | | - extra_plugins: | |
44 | | - conventional-changelog-conventionalcommits |
45 | | - @semantic-release/github |
46 | | - @semantic-release/exec |
47 | | - env: |
48 | | - # Needs to push git commits to repo. Needs write access. |
49 | | - GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} |
50 | | - |
51 | | - - name: Notify team of git tag being created |
52 | | - uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 |
53 | | - if: steps.semantic-release.outputs.new_release_published == 'true' |
54 | | - with: |
55 | | - # Use block kit to format the Slack message: https://app.slack.com/block-kit-builder |
56 | | - payload: | |
57 | | - { |
58 | | - "text": "ReactNative SDK git tag created", |
59 | | - "username": "ReactNative deployment bot", |
60 | | - "icon_url": "https://vectorified.com/images/icon-react-native-24.png", |
61 | | - "channel": "#mobile-deployments", |
62 | | - "blocks": [ |
63 | | - { |
64 | | - "type": "section", |
65 | | - "text": { |
66 | | - "type": "mrkdwn", |
67 | | - "text": "*ReactNative* SDK git tag created successfully! (deployment step 1 of 2)" |
68 | | - } |
69 | | - }, |
70 | | - { |
71 | | - "type": "divider" |
72 | | - }, |
73 | | - { |
74 | | - "type": "section", |
75 | | - "text": { |
76 | | - "type": "mrkdwn", |
77 | | - "text": "*Version ${{ steps.semantic-release.outputs.new_release_version }}*\n\nReactNative SDK deployment progress:\n ~1. <https://github.com/${{github.repository}}/releases/tag/${{steps.semantic-release.outputs.new_release_version}}|create git tag>~\n2. deploy to npm\n\n" |
78 | | - } |
79 | | - } |
80 | | - ] |
81 | | - } |
82 | | - env: |
83 | | - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |
84 | | - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK |
85 | | - |
86 | | - - name: Notify team of failure |
87 | | - uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 |
88 | | - if: ${{ failure() }} # only run this if any previous step failed |
89 | | - with: |
90 | | - # Use block kit to format the Slack message: https://app.slack.com/block-kit-builder |
91 | | - payload: | |
92 | | - { |
93 | | - "text": "ReactNative SDK deployment failure", |
94 | | - "username": "ReactNative deployment bot", |
95 | | - "icon_url": "https://vectorified.com/images/icon-react-native-24.png", |
96 | | - "channel": "#mobile-deployments", |
97 | | - "blocks": [ |
98 | | - { |
99 | | - "type": "section", |
100 | | - "text": { |
101 | | - "type": "mrkdwn", |
102 | | - "text": "*ReactNative* SDK deployment :warning: failure :warning:" |
103 | | - } |
104 | | - }, |
105 | | - { |
106 | | - "type": "divider" |
107 | | - }, |
108 | | - { |
109 | | - "type": "section", |
110 | | - "text": { |
111 | | - "type": "mrkdwn", |
112 | | - "text": "ReactNative SDK failed deployment during step *create git tag*. View <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|CI server logs> to learn why and fix the issue. <https://github.com/customerio/mobile/blob/main/GIT-WORKFLOW.md|Learn more about the deployment process and how to fix errors>." |
113 | | - } |
114 | | - } |
115 | | - ] |
116 | | - } |
117 | | - env: |
118 | | - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |
119 | | - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK |
120 | | - |
121 | 15 | deploy-npm: |
122 | 16 | name: Deploy to npm |
123 | | - needs: [deploy-git-tag] |
124 | | - if: needs.deploy-git-tag.outputs.new_release_published == 'true' # only run if a git tag was made. |
| 17 | + environment: release |
125 | 18 | runs-on: ubuntu-latest |
126 | 19 | steps: |
127 | 20 | - uses: actions/checkout@v4 |
128 | | - with: |
129 | | - ref: ${{ needs.deploy-git-tag.outputs.new_release_git_head }} |
130 | 21 |
|
131 | 22 | - uses: actions/setup-node@v4 |
132 | 23 | with: |
133 | 24 | node-version: '20' |
134 | 25 | cache: 'npm' |
| 26 | + registry-url: 'https://registry.npmjs.org' |
135 | 27 |
|
136 | | - - run: npm ci |
| 28 | + - name: Install npm 11.5.1+ for OIDC support |
| 29 | + run: npm install -g npm@latest |
137 | 30 |
|
138 | | - - name: Deploy to npm |
139 | | - run: ./scripts/deploy-code.sh |
140 | | - env: |
141 | | - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} |
142 | | - IS_PRERELEASE: false # at this time, all deployments are made to `main` production branch |
| 31 | + - name: Install dependencies |
| 32 | + run: npm ci |
143 | 33 |
|
144 | | - - name: Notify team of successful deployment |
145 | | - uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 |
146 | | - if: ${{ success() }} |
147 | | - with: |
148 | | - # Use block kit to format the Slack message: https://app.slack.com/block-kit-builder |
149 | | - payload: | |
150 | | - { |
151 | | - "text": "ReactNative SDK deployed to npm", |
152 | | - "username": "ReactNative deployment bot", |
153 | | - "icon_url": "https://vectorified.com/images/icon-react-native-24.png", |
154 | | - "channel": "#mobile-deployments", |
155 | | - "blocks": [ |
156 | | - { |
157 | | - "type": "section", |
158 | | - "text": { |
159 | | - "type": "mrkdwn", |
160 | | - "text": "*ReactNative* SDK deployed to npm! (deployment step 2 of 2)" |
161 | | - } |
162 | | - }, |
163 | | - { |
164 | | - "type": "divider" |
165 | | - }, |
166 | | - { |
167 | | - "type": "section", |
168 | | - "text": { |
169 | | - "type": "mrkdwn", |
170 | | - "text": "*Version ${{ needs.deploy-git-tag.outputs.new_release_version }}*\n\nReactNative SDK deployment progress:\n ~1. <https://github.com/${{github.repository}}/releases/tag/${{ needs.deploy-git-tag.outputs.new_release_version }}|create git tag>~\n~2. deploy to npm~\n\n" |
171 | | - } |
172 | | - } |
173 | | - ] |
174 | | - } |
175 | | - env: |
176 | | - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |
177 | | - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK |
| 34 | + - name: Test authentication |
| 35 | + run: npm whoami |
178 | 36 |
|
179 | | - - name: Notify team of failure |
180 | | - uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 |
181 | | - if: ${{ failure() }} # only run this if any previous step failed |
182 | | - with: |
183 | | - # Use block kit to format the Slack message: https://app.slack.com/block-kit-builder |
184 | | - payload: | |
185 | | - { |
186 | | - "text": "ReactNative SDK deployment failure", |
187 | | - "username": "ReactNative deployment bot", |
188 | | - "icon_url": "https://vectorified.com/images/icon-react-native-24.png", |
189 | | - "channel": "#mobile-deployments", |
190 | | - "blocks": [ |
191 | | - { |
192 | | - "type": "section", |
193 | | - "text": { |
194 | | - "type": "mrkdwn", |
195 | | - "text": "*ReactNative* SDK deployment :warning: failure :warning:" |
196 | | - } |
197 | | - }, |
198 | | - { |
199 | | - "type": "divider" |
200 | | - }, |
201 | | - { |
202 | | - "type": "section", |
203 | | - "text": { |
204 | | - "type": "mrkdwn", |
205 | | - "text": "ReactNative SDK failed deployment during step *deploy to npm*. View <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|CI server logs> to learn why and fix the issue. <https://github.com/customerio/mobile/blob/main/GIT-WORKFLOW.md|Learn more about the deployment process and how to fix errors>." |
206 | | - } |
207 | | - } |
208 | | - ] |
209 | | - } |
210 | | - env: |
211 | | - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |
212 | | - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK |
| 37 | + - name: Run pre-deploy |
| 38 | + run: npm run pre-deploy |
| 39 | + |
| 40 | + - name: Set test version |
| 41 | + run: npm version 0.0.0-test-oidc --no-git-tag-version |
213 | 42 |
|
214 | | - publish-sample-apps-public-builds: |
215 | | - needs: deploy-npm |
216 | | - uses: ./.github/workflows/build-release-sample-apps.yml |
217 | | - secrets: inherit |
| 43 | + - name: Publish to npm |
| 44 | + run: npm publish --dry-run --tag test-oidc |
0 commit comments