-
Notifications
You must be signed in to change notification settings - Fork 15
chore(DX-809): update to use preferred OIDC for npm publish in github actions #542
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
5e5576a
trigger test publish dry run
lloyd-cio 6677ffc
drop this step
lloyd-cio 311f731
non dry run - publish test version to confirm OIDC
lloyd-cio a16f882
done testing - bring back original workflow w/ new OIDC config
lloyd-cio 12daa5c
Merge branch 'main' into DX-809
lloyd-cio File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,217 +1,44 @@ | ||
| name: Deploy SDK | ||
|
|
||
| # Only run after a pull request has been merged. This is because | ||
| # bot account runs write operations on the github repo to push a tag. | ||
| # PR test publish to confirm OIDC is configured correctly | ||
| on: | ||
| push: | ||
| branches: [main] # all branches where deployments currently occur. Make sure this list matches list of branches in `.releaserc` file. | ||
| pull_request: | ||
| types: [opened, synchronize, reopened] | ||
|
|
||
| permissions: | ||
| id-token: write | ||
| contents: write # access to push the git tag | ||
| issues: write # Bot creates an issue if there is an issue during deployment process | ||
| pull-requests: write # allow bot to make comments on PRs after they get deployed | ||
|
|
||
| jobs: | ||
| deploy-git-tag: | ||
| name: Deploy git tag | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| new_release_git_head: ${{ steps.semantic-release.outputs.new_release_git_head }} | ||
| new_release_published: ${{ steps.semantic-release.outputs.new_release_published }} | ||
| new_release_version: ${{ steps.semantic-release.outputs.new_release_version }} | ||
| steps: | ||
|
|
||
| - name: 'Generate token' | ||
| id: generate_token | ||
| uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 | ||
| with: | ||
| app_id: ${{ secrets.CIO_APP_ID }} | ||
| private_key: ${{ secrets.CIO_APP_SECRET }} | ||
|
|
||
| - uses: actions/checkout@v4 | ||
|
|
||
| # If using sd on macos, "brew install" works great. for Linux, this is the recommended way. | ||
| - name: Install sd CLI to use later in the workflow | ||
| # uses: kenji-miyake/setup-sd@59a1bd7bba077f6c491f04cd9d24b524ea2db4b6 # v1.1.1 | ||
| uses: levibostian/setup-sd@cbdeed93d4fe03f9e36b73bb6d9e7c3c4805e1f9 # add-file-extension # Using fork until upstream Action has bug fixed in it. | ||
|
|
||
| - name: Deploy git tag via semantic release | ||
| uses: cycjimmy/semantic-release-action@0a51e81a6baff2acad3ee88f4121c589c73d0f0e # v4.2.0 | ||
| id: semantic-release | ||
| with: | ||
| semantic_version: latest | ||
| extra_plugins: | | ||
| conventional-changelog-conventionalcommits | ||
| @semantic-release/github | ||
| @semantic-release/exec | ||
| env: | ||
| # Needs to push git commits to repo. Needs write access. | ||
| GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | ||
|
|
||
| - name: Notify team of git tag being created | ||
| uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 | ||
| if: steps.semantic-release.outputs.new_release_published == 'true' | ||
| with: | ||
| # Use block kit to format the Slack message: https://app.slack.com/block-kit-builder | ||
| payload: | | ||
| { | ||
| "text": "ReactNative SDK git tag created", | ||
| "username": "ReactNative deployment bot", | ||
| "icon_url": "https://vectorified.com/images/icon-react-native-24.png", | ||
| "channel": "#mobile-deployments", | ||
| "blocks": [ | ||
| { | ||
| "type": "section", | ||
| "text": { | ||
| "type": "mrkdwn", | ||
| "text": "*ReactNative* SDK git tag created successfully! (deployment step 1 of 2)" | ||
| } | ||
| }, | ||
| { | ||
| "type": "divider" | ||
| }, | ||
| { | ||
| "type": "section", | ||
| "text": { | ||
| "type": "mrkdwn", | ||
| "text": "*Version ${{ steps.semantic-release.outputs.new_release_version }}*\n\nReactNative SDK deployment progress:\n ~1. <https://github.com/${{github.repository}}/releases/tag/${{steps.semantic-release.outputs.new_release_version}}|create git tag>~\n2. deploy to npm\n\n" | ||
| } | ||
| } | ||
| ] | ||
| } | ||
| env: | ||
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
| SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | ||
|
|
||
| - name: Notify team of failure | ||
| uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 | ||
| if: ${{ failure() }} # only run this if any previous step failed | ||
| with: | ||
| # Use block kit to format the Slack message: https://app.slack.com/block-kit-builder | ||
| payload: | | ||
| { | ||
| "text": "ReactNative SDK deployment failure", | ||
| "username": "ReactNative deployment bot", | ||
| "icon_url": "https://vectorified.com/images/icon-react-native-24.png", | ||
| "channel": "#mobile-deployments", | ||
| "blocks": [ | ||
| { | ||
| "type": "section", | ||
| "text": { | ||
| "type": "mrkdwn", | ||
| "text": "*ReactNative* SDK deployment :warning: failure :warning:" | ||
| } | ||
| }, | ||
| { | ||
| "type": "divider" | ||
| }, | ||
| { | ||
| "type": "section", | ||
| "text": { | ||
| "type": "mrkdwn", | ||
| "text": "ReactNative SDK failed deployment during step *create git tag*. View <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|CI server logs> to learn why and fix the issue. <https://github.com/customerio/mobile/blob/main/GIT-WORKFLOW.md|Learn more about the deployment process and how to fix errors>." | ||
| } | ||
| } | ||
| ] | ||
| } | ||
| env: | ||
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
| SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | ||
|
|
||
| deploy-npm: | ||
| name: Deploy to npm | ||
| needs: [deploy-git-tag] | ||
| if: needs.deploy-git-tag.outputs.new_release_published == 'true' # only run if a git tag was made. | ||
| environment: release | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ needs.deploy-git-tag.outputs.new_release_git_head }} | ||
|
|
||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '20' | ||
| cache: 'npm' | ||
| registry-url: 'https://registry.npmjs.org' | ||
|
|
||
| - run: npm ci | ||
| - name: Install npm 11.5.1+ for OIDC support | ||
| run: npm install -g npm@latest | ||
|
|
||
| - name: Deploy to npm | ||
| run: ./scripts/deploy-code.sh | ||
| env: | ||
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
| IS_PRERELEASE: false # at this time, all deployments are made to `main` production branch | ||
| - name: Install dependencies | ||
| run: npm ci | ||
|
|
||
| - name: Notify team of successful deployment | ||
| uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 | ||
| if: ${{ success() }} | ||
| with: | ||
| # Use block kit to format the Slack message: https://app.slack.com/block-kit-builder | ||
| payload: | | ||
| { | ||
| "text": "ReactNative SDK deployed to npm", | ||
| "username": "ReactNative deployment bot", | ||
| "icon_url": "https://vectorified.com/images/icon-react-native-24.png", | ||
| "channel": "#mobile-deployments", | ||
| "blocks": [ | ||
| { | ||
| "type": "section", | ||
| "text": { | ||
| "type": "mrkdwn", | ||
| "text": "*ReactNative* SDK deployed to npm! (deployment step 2 of 2)" | ||
| } | ||
| }, | ||
| { | ||
| "type": "divider" | ||
| }, | ||
| { | ||
| "type": "section", | ||
| "text": { | ||
| "type": "mrkdwn", | ||
| "text": "*Version ${{ needs.deploy-git-tag.outputs.new_release_version }}*\n\nReactNative SDK deployment progress:\n ~1. <https://github.com/${{github.repository}}/releases/tag/${{ needs.deploy-git-tag.outputs.new_release_version }}|create git tag>~\n~2. deploy to npm~\n\n" | ||
| } | ||
| } | ||
| ] | ||
| } | ||
| env: | ||
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
| SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | ||
| - name: Test authentication | ||
| run: npm whoami | ||
|
|
||
| - name: Notify team of failure | ||
| uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 | ||
| if: ${{ failure() }} # only run this if any previous step failed | ||
| with: | ||
| # Use block kit to format the Slack message: https://app.slack.com/block-kit-builder | ||
| payload: | | ||
| { | ||
| "text": "ReactNative SDK deployment failure", | ||
| "username": "ReactNative deployment bot", | ||
| "icon_url": "https://vectorified.com/images/icon-react-native-24.png", | ||
| "channel": "#mobile-deployments", | ||
| "blocks": [ | ||
| { | ||
| "type": "section", | ||
| "text": { | ||
| "type": "mrkdwn", | ||
| "text": "*ReactNative* SDK deployment :warning: failure :warning:" | ||
| } | ||
| }, | ||
| { | ||
| "type": "divider" | ||
| }, | ||
| { | ||
| "type": "section", | ||
| "text": { | ||
| "type": "mrkdwn", | ||
| "text": "ReactNative SDK failed deployment during step *deploy to npm*. View <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|CI server logs> to learn why and fix the issue. <https://github.com/customerio/mobile/blob/main/GIT-WORKFLOW.md|Learn more about the deployment process and how to fix errors>." | ||
| } | ||
| } | ||
| ] | ||
| } | ||
| env: | ||
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
| SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | ||
| - name: Run pre-deploy | ||
| run: npm run pre-deploy | ||
|
|
||
| - name: Set test version | ||
| run: npm version 0.0.0-test-oidc --no-git-tag-version | ||
|
|
||
| publish-sample-apps-public-builds: | ||
| needs: deploy-npm | ||
| uses: ./.github/workflows/build-release-sample-apps.yml | ||
| secrets: inherit | ||
| - name: Publish to npm | ||
| run: npm publish --dry-run --tag test-oidc | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.