@@ -25,8 +25,8 @@ permissions:
2525 id-token : write
2626
2727jobs :
28- mass-payout :
29- name : Publish Mass Payout Packages
28+ build- mass-payout
29+ name : Build Mass Payout Packages
3030 runs-on : token-studio-linux-large
3131 # Only run if manual trigger OR tag push (already filtered by v*-mp pattern)
3232 if : ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'push' }}
4949 node-version : 22.20.0
5050 registry-url : https://registry.npmjs.org
5151
52- - name : Create .npmrc file
53- run : |
54- cat << 'EOF' > .npmrc
55- //registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}
56- EOF
52+ - name : Update npm
53+ run :
npm install -g [email protected] 5754
5855 - name : Install dependencies
5956 run : npm ci
@@ -64,44 +61,127 @@ jobs:
6461 - name : Build Mass Payout packages
6562 run : npm run mass-payout:build
6663
67- - name : Publish Mass Payout packages
68- env :
69- NODE_AUTH_TOKEN : ${{ secrets.NPM_TOKEN }}
70- DRY_RUN : ${{ inputs.dry-run-enabled }}
64+ - name : Pack Valid Packages
65+ id : pack
7166 run : |
67+ # Create a clean directory for artifacts
68+ mkdir -p dist-artifacts
69+
70+ # Loop through all directories in mass-payout
7271 for package_dir in packages/mass-payout/*/; do
7372 if [ -d "${package_dir}" ] && [ -f "${package_dir}package.json" ]; then
74- package_name=$(basename "${package_dir}")
75- echo "📦 Processing Mass Payout package: ${package_name}"
73+
74+ pushd "${package_dir}" > /dev/null
75+ PACKAGE_NAME=$(basename "${package_dir}")
76+
77+ # Check if private
78+ IS_PRIVATE=$(node -p "require('./package.json').private || false")
79+
80+ if [[ "$IS_PRIVATE" == "true" ]]; then
81+ echo "⏭️ Skipping private package: ${PACKAGE_NAME}"
82+ else
83+ echo "📦 Packing Mass Payout package: ${PACKAGE_NAME}"
84+
85+ # Calculate expected filename for verification
86+ JSON_NAME=$(node -p "require('./package.json').name.replace('@', '').replace('/', '-')")
87+ JSON_VERSION=$(node -p "require('./package.json').version")
88+ EXPECTED_FILENAME="${JSON_NAME}-${JSON_VERSION}.tgz"
89+
90+ npm pack
91+
92+ if [ ! -f "$EXPECTED_FILENAME" ]; then
93+ echo "::error::Expected package file $EXPECTED_FILENAME not found in $package_dir"
94+ exit 1
95+ fi
96+
97+ # Move to the staging folder
98+ # Full path to dist-artifacts relative to where we are
99+ mv "$EXPECTED_FILENAME" "../../../dist-artifacts/"
100+ echo "✅ Packed $PACKAGE_NAME to dist-artifacts"
101+ fi
102+
103+ popd > /dev/null
104+ fi
105+ done
106+
107+ # Verify successful packing
108+ if [ -z "$(ls -A dist-artifacts)" ]; then
109+ echo "::warning::No public packages were found to pack."
110+ else
111+ echo "::group::Contents of dist-artifacts"
112+ ls -la dist-artifacts
113+ echo "::endgroup::"
114+ fi
76115
77- cd "${package_dir}"
116+ name : Upload Artifacts
117+ uses : actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
118+ with :
119+ name : mass-payout-tarballs
120+ path : dist-artifacts/*.tgz
121+ if-no-files-found : ignore # If all are private
78122
79- if ! node -p "require('./package.json').private || false" | grep -q "true"; then
80- PUBLISH_ARGS=("--access=restricted")
81- if [[ "${DRY_RUN}" == "true" ]]; then
82- PUBLISH_ARGS+=("--dry-run")
83- echo "🔍 DRY RUN MODE: Would publish @hashgraph/mass-payout-${package_name}"
84- fi
123+ publish-mass-payout :
124+ name : Publish Mass Payout Packages
125+ needs : build-mass-payout
126+ runs-on : ubuntu-latest
127+ env :
128+ DRY_RUN : ${{ inputs.dry-run-enabled }}
85129
86- if ! npm publish "${PUBLISH_ARGS[@]}"; then
87- echo "❌ Failed to publish package: ${package_name}"
88- echo "📋 Package info:" && cat package.json | jq '.name, .version'
89- exit 1
90- fi
91- else
92- echo "⏭️ Skipping private package: ${package_name}"
93- fi
130+ steps :
131+ - name : Harden Runner
132+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
133+ with :
134+ egress-policy : audit
135+
136+ - name : Setup NodeJS Environment
137+ uses : actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
138+ with :
139+ node-version : 22.20.0
140+ registry-url : https://registry.npmjs.org
141+
142+ - name : Update npm
143+ run :
npm install -g [email protected] 144+
145+ - name : Download Artifacts
146+ uses : actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
147+ with :
148+ name : mass-payout-tarballs
149+ path : ./dist
150+
151+ - name : Publish Packages
152+ run : |
153+ # Check if directory exists and is not empty
154+ if [ ! -d "./dist" ] || [ -z "$(ls -A ./dist)" ]; then
155+ echo "⚠️ No artifacts found to publish. Skipping."
156+ exit 0
157+ fi
158+
159+ # Iterate through every tarball in the dist folder
160+ for FILE in ./dist/*.tgz; do
161+ [ -e "$FILE" ] || continue
162+
163+ echo "🚀 Processing $FILE"
164+
165+ PUBLISH_ARGS=("--access=restricted")
166+
167+ if [[ "${DRY_RUN}" == "true" ]]; then
168+ PUBLISH_ARGS+=("--dry-run")
169+ echo "🔍 DRY RUN MODE: Would publish $FILE"
170+ else
171+ echo "🚀 Publishing $FILE..."
172+ fi
94173
95- cd - > /dev/null
174+ if ! npm publish "$FILE" "${PUBLISH_ARGS[@]}"; then
175+ echo "❌ Failed to publish package: $FILE"
176+ exit 1
96177 fi
97178 done
98179
99- # Summary job to report results
100180summary :
101181 name : Publish Summary
102182 runs-on : token-studio-linux-large
103183 needs :
104- - mass-payout
184+ - publish- mass-payout
105185 if : ${{ always() }}
106186 steps :
107187 - name : Harden the runner (Audit all outbound calls)
@@ -114,7 +194,7 @@ jobs:
114194 echo "## Mass Payout Publish Results" >> "${GITHUB_STEP_SUMMARY}"
115195 echo "| Package Type | Status |" >> "${GITHUB_STEP_SUMMARY}"
116196 echo "| --- | --- |" >> "${GITHUB_STEP_SUMMARY}"
117- echo "| Mass Payout | ${{ needs.mass-payout.result }} |" >> "${GITHUB_STEP_SUMMARY}"
197+ echo "| Mass Payout | ${{ needs.publish- mass-payout.result }} |" >> "${GITHUB_STEP_SUMMARY}"
118198
119199 if [[ "${{ inputs.dry-run-enabled }}" == "true" ]]; then
120200 echo "" >> "${GITHUB_STEP_SUMMARY}"
0 commit comments