diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 514c320..0677e2f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -3,6 +3,13 @@ name: Publish on: workflow_call: inputs: + unpublish: + description: | + Unpublish the extension before attempting to publish the current version. + Useful for dev and QA environments where you don't care about the consistency of a published version + required: false + type: boolean + default: false overrides-file: description: "filepath for overrides.json file to override vss-extension defaults" required: true @@ -42,7 +49,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: 20 - cache: 'npm' + cache: "npm" cache-dependency-path: ./nowsecure - name: Install Dependencies @@ -52,6 +59,14 @@ jobs: - name: Install TFX run: npm install -g tfx-cli + - name: Unpublish Extension + if: ${{ inputs.unpublish }} + run: | + tfx extension unpublish \ + --publisher "$(jq -r '.publisher' < ${{ inputs.overrides-file }})" \ + --extension-id "$(jq -r '.id' < ${{ inputs.overrides-file }})" \ + --token ${{ secrets.token }} + - name: Publish Extension run: | tfx extension publish \ diff --git a/.github/workflows/update-binary.yml b/.github/workflows/update-binary.yml new file mode 100644 index 0000000..fc6e33f --- /dev/null +++ b/.github/workflows/update-binary.yml @@ -0,0 +1,59 @@ +name: Update Binary + +on: + workflow_dispatch: + schedule: + # Mon at 5am weekly + - cron: "00 5 * * 0" + +jobs: + update-binary: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Get Latest Release + working-directory: ./nowsecure/bin + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + LATEST_VERSION=$(gh release --repo nowsecure/nowsecure-ci view --json tagName --jq '.tagName') + CURRENT_VERSION=$(cat version) + + if [ "$LATEST_VERSION" = "$CURRENT_VERSION" ]; then + echo "Current version ($CURRENT_VERSION) is latest" + else + echo "$LATEST_VERSION" > version + + find . -name 'ns_*' -delete + + gh release --repo nowsecure/nowsecureci download --clobber \ + --pattern 'ns_darwin-arm64*' \ + --pattern 'ns_linux-amd64*' \ + --pattern 'ns_windows-amd64*' + + # Github release has tgz and zip files, each containing license and readme files + find . -name '*.tgz' -exec tar -xzf {} \; + find . -name '*.zip' -exec unzip {} \; + rm LICENSE README.md + + echo "RELEASE_NOTES=$(gh release --repo nowsecure/nowsecure-ci view --json body --jq '.body')" >> "$GITHUB_ENV" + fi + + echo "LATEST_VERSION=$LATEST_VERSION" >> "$GITHUB_ENV" + + - name: Commit changes + working-directory: ./nowsecure/bin + run: | + PR_TITLE="chore(deps): update nowsecure-ci binary to ${{ env.LATEST_VERSION }}" + BRANCH_NAME="chore/ns-binary/${{ env.LATEST_VERSION }}" + + git config --global user.email "devops@nowsecure.com" + git config --global user.name "Nora The Narwhal" + + if [[ -n "$(git status --porcelain)" ]]; then + git checkout -b "$BRANCH_NAME" + git add . + git commit -m "$PR_TITLE" + git push + gh pr create --title "$PR_TITLE" --body "# NowSecure CI Release Notes \n ${{ env.RELEASE_NOTES }}" + fi diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml index d3f0561..9e69266 100644 --- a/.github/workflows/workflow.yml +++ b/.github/workflows/workflow.yml @@ -5,8 +5,7 @@ on: push: tags: - "v*.*.*" - branches: [ "main" ] - + branches: ["main"] jobs: build: @@ -23,7 +22,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: 20 - cache: 'npm' + cache: "npm" cache-dependency-path: ./nowsecure - name: Install Dependencies @@ -39,42 +38,17 @@ jobs: name: build-output path: ./nowsecure/index.js - package: + dev-publish: needs: build - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Download Build - uses: actions/download-artifact@v5 - with: - artifact-ids: ${{ needs.build.outputs.js-build-artifact }} - path: ./nowsecure - - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 20 - cache: 'npm' - cache-dependency-path: ./nowsecure - - - name: Install Dependencies - working-directory: ./nowsecure - run: npm ci - - - name: Install TFX - run: npm install -g tfx-cli - - - name: Package Extension - run: | - tfx extension create \ - --manifest-globs vss-extension.json \ - --overrides-file dev-overrides.json - - - name: Upload VSIX - uses: actions/upload-artifact@v4 - with: - name: vsix-pr-${{ github.event.pull_request.number }} - path: '*.vsix' + uses: ./.github/workflows/publish.yml + with: + overrides-file: "dev-overrides.json" + artifact-id: ${{ needs.build.outputs.js-build-artifact }} + environment: "development" + additional-flags: "--share-with nowsecure-test" + unpublish: true + secrets: + token: ${{ secrets.QA_TOKEN }} qa-publish: needs: build @@ -85,6 +59,7 @@ jobs: artifact-id: ${{ needs.build.outputs.js-build-artifact }} environment: "QA" additional-flags: "--share-with nowsecure-test" + unpublish: true secrets: token: ${{ secrets.QA_TOKEN }} diff --git a/dev-overrides.json b/dev-overrides.json index ed9ac68..f346fbf 100644 --- a/dev-overrides.json +++ b/dev-overrides.json @@ -1,6 +1,6 @@ { "id": "dev-nowsecure-azure-ci-extension", - "name": "dev-nowsecure-azure-ci-extension", + "name": "DEV NowSecure Azure CI Extension", "public": false, "publisher": "qa-nowsecure" } diff --git a/nowsecure/bin/version b/nowsecure/bin/version new file mode 100644 index 0000000..5366600 --- /dev/null +++ b/nowsecure/bin/version @@ -0,0 +1 @@ +v0.1.2