diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml index 50d02900b..6de7f718e 100644 --- a/.github/workflows/build-and-test.yaml +++ b/.github/workflows/build-and-test.yaml @@ -1,251 +1,18 @@ name: "Build and Test Client" -env: - do_sonarscan: >- - ${{ (github.event_name == 'push' || - github.event.pull_request.head.repo.full_name == github.repository) && - github.actor != 'dependabot[bot]' }} - on: pull_request: push: branches: - main - "release/**" -jobs: - ccc: - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./lib - timeout-minutes: 5 - steps: - - name: Conventional Commits Check - if: contains(fromJSON('["pull_request", "pull_request_target"]'), github.event_name) - id: conventional-commits - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - # Types include: - # - fix: fixes - # - feat: features and enhancements - # - chore: non-feature or enhancement (i.e. docs, ci, linting, automated, etc) - types: | - fix - feat - chore - revert - # Scopes include: - # - sdk: changes to @opentdf/sdk (was lib) - # - cli: changes to @opentdf/ctl - # - ci: anything related to ci - # - tests: test only changes - # - docs: anything related solely to documentation - scopes: | - ci - cli - docs - sdk - tests - - lib: - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./lib - timeout-minutes: 5 - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - with: - fetch-depth: ${{ !fromJSON(env.do_sonarscan) && 1 || 0 }} - - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0 - with: - node-version: '22' - cache: 'npm' - cache-dependency-path: './lib/package-lock.json' - - run: npm ci - - run: npm test - - uses: fingerprintjs/action-coverage-report-md@72dfb7de7581612640a8e599e918b2eda98f9bba #v2.0.1 - id: coverage-md - with: - srcBasePath: './' - textReportPath: './lib/coverage/coverage.txt' - - run: echo "${MARKDOWN_REPORT}" >>$GITHUB_STEP_SUMMARY - env: - MARKDOWN_REPORT: '${{ steps.coverage-md.outputs.markdownReport }}' - - run: npm audit --omit dev && npm audit --audit-level high --omit dev - - run: npm run license-check - - run: npm run lint - - run: npm pack - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 - with: - name: opentdf-sdk-lib - path: ./lib/opentdf-sdk-*.tgz - - name: SonarCloud Scan - if: fromJSON(env.do_sonarscan) - uses: SonarSource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf #v5.2.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - cli: - needs: - - lib - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./cli - timeout-minutes: 5 - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0 - with: - node-version: '22' - cache: 'npm' - cache-dependency-path: './cli/package-lock.json' - - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1 - with: - name: opentdf-sdk-lib - path: lib/ - - run: npm uninstall @opentdf/sdk && npm ci && npm i ../lib/opentdf-sdk-*.tgz - - run: npm test - - run: npm audit --omit dev && npm audit --audit-level high --omit dev - - run: npm run license-check - - run: npm run lint - - run: npm pack - - name: Setup Bats and bats libs - uses: bats-core/bats-action@3.0.1 - - run: bats bin/opentdf.bats - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 - with: - name: opentdf-ctl - path: ./cli/opentdf-ctl-*.tgz - - web-app: - needs: - - lib - runs-on: ubuntu-22.04 # NOTE: Playwright not yet supported on 24.04 - defaults: - run: - working-directory: ./web-app - timeout-minutes: 5 - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0 - with: - node-version: '22' - cache: 'npm' - cache-dependency-path: './web-app/package-lock.json' - - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1 - with: - name: opentdf-sdk-lib - path: lib/ - - run: npm uninstall @opentdf/sdk && npm ci && npm i ../lib/opentdf-sdk-*.tgz - - run: npm install - - run: npm audit --omit dev && npm audit --audit-level high --omit dev - - run: npm run license-check - - run: npm run lint - - run: npx playwright install - - run: npm test - - run: npm pack - scripts: - runs-on: ubuntu-latest - defaults: - run: - working-directory: .github/workflows - timeout-minutes: 5 - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - - name: πŸ¦‡πŸ¦‡πŸ¦‡πŸ¦‡πŸ¦‡πŸ¦‡ - run: docker run --rm -v "$PWD:/mnt" --workdir "/mnt" bats/bats:1.11.0 *.bats - - name: πŸ¦ͺ βœ” 🧼🧼🧼 - run: >- - docker run --rm -v "$PWD:/mnt" --workdir "/mnt" "koalaman/shellcheck:v0.10.0" - --color=always *.sh +# Default empty permissions for all jobs +permissions: {} - platform-roundtrip: - needs: - - cli - - lib - - web-app - runs-on: ubuntu-22.04 # NOTE: Playwright not yet supported on 24.04 - defaults: - run: - working-directory: .github/workflows/roundtrip - timeout-minutes: 45 - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0 - with: - node-version: '22' - cache: 'npm' - cache-dependency-path: './web-app/package-lock.json' - - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1 - with: - name: opentdf-sdk-lib - path: lib/ - - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1 - with: - name: opentdf-ctl - path: cli/ - - name: Git clone backend - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - with: - path: .github/workflows/roundtrip/platform - repository: opentdf/platform - - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b #v5.4.0 - with: - go-version-file: .github/workflows/roundtrip/platform/service/go.mod - check-latest: false - cache-dependency-path: | - .github/workflows/roundtrip/platform/lib/fixtures/go.sum - .github/workflows/roundtrip/platform/lib/ocrypto/go.sum - .github/workflows/roundtrip/platform/protocol/go/go.sum - .github/workflows/roundtrip/platform/sdk/go.sum - .github/workflows/roundtrip/platform/service/go.sum - - run: find ./ -name go.mod - - name: go configure backend - run: |- - go work init - for x in platform/{protocol/go,lib/{fixtures,ocrypto},sdk,service}; do - go work use "$x" - done - - run: docker compose up -d --wait --wait-timeout 240 - - env: - PLAYWRIGHT_TESTS_TO_RUN: roundtrip - run: |- - ./wait-and-test.sh platform - - platform-xtest: - needs: - - cli - - lib - uses: opentdf/tests/.github/workflows/xtest.yml@main - with: - focus-sdk: js - js-ref: ${{ github.ref }} latest lts - platform-ref: main lts - - ci: - needs: - - lib - - cli - - web-app - - scripts - - platform-xtest - runs-on: ubuntu-22.04 - if: ${{ !cancelled() }} - steps: - - - name: "All jobs succeeded" - id: success - if: ${{ contains(needs.*.result, 'success') }} - run: | - : - - - name: "One or more jobs failed" - if: ${{ contains(needs.*.result, 'failure') }} - run: | - exit 1 +jobs: + build-and-test: + uses: opentdf/web-sdk/.github/workflows/reusable_build-and-test.yaml@main + secrets: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/deliver.yaml b/.github/workflows/deliver.yaml index 6e351e2f2..c05936a51 100644 --- a/.github/workflows/deliver.yaml +++ b/.github/workflows/deliver.yaml @@ -13,125 +13,11 @@ on: permissions: {} jobs: - deliver-ghp: + deliver: permissions: contents: read packages: write pages: write - runs-on: ubuntu-latest - - steps: - - name: "Checkout repo" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - - - name: "Setup node" - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 - with: - node-version: "22" - registry-url: https://npm.pkg.github.com - - - name: "Check version number is same between tag, library, and/or release" - id: check-version - env: - REF: ${{ github.ref }} - run: | - if [[ "$REF" = refs/heads/release/* ]]; then - scripts/check-version-is.sh "${GITHUB_REF##*release/}" - elif [[ "$REF" = refs/tags/sdk/v* ]]; then - scripts/check-version-is.sh "${GITHUB_REF_NAME#sdk/v}" - else - scripts/check-version-is.sh - fi - - - name: "Output build metadata" - id: guess-build-metadata - run: | - FULL_VERSION=$(.github/workflows/gh-semver.sh) - DIST_TAG=$(.github/workflows/guess-dist-tag.sh) - - echo "FULL_VERSION=$FULL_VERSION" >> "$GITHUB_OUTPUT" - echo "DIST_TAG=$DIST_TAG" >> "$GITHUB_OUTPUT" - - - name: "Run: make doc" - run: | - make doc - - - name: "Echo info" - env: - DIST_TAG: ${{ steps.guess-build-metadata.outputs.DIST_TAG }} - FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} - run: | - echo "::notice file=lib/package.json::Will be published to \ - [GitHub Packages](https://github.com/opentdf/web-sdk/pkgs/npm/client) \ - as $DIST_TAG \ - with version=[$FULL_VERSION]" - - - name: "Deliver to GitHub Packages" - env: - DIST_TAG: ${{ steps.guess-build-metadata.outputs.DIST_TAG }} - FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - bash scripts/deliver-to-npm-registry.sh "$FULL_VERSION" "$DIST_TAG" - - - name: "Echo info to Run Summary" - run: | - { - echo "- [Client Library](https://github.com/opentdf/web-sdk/pkgs/npm/client)" - echo "- [Command Line Tool](https://github.com/opentdf/web-sdk/pkgs/npm/cli)" - } >>"$GITHUB_STEP_SUMMARY" - - - name: "Publish documentation to gh-pages" - uses: JamesIves/github-pages-deploy-action@6c2d9db40f9296374acc17b90404b6e8864128c8 # v4.7.3 - with: - branch: gh-pages - folder: lib/dist/docs - - deliver-npmjs: - permissions: - contents: read - runs-on: ubuntu-latest - steps: - - name: "Checkout repo" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - - - name: "Setup node" - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 - with: - node-version: "22" - registry-url: "https://registry.npmjs.org" - - - name: "Run: make all" - run: | - make all - - - name: "Output build metadata" - id: guess-build-metadata - run: | - FULL_VERSION=$(.github/workflows/gh-semver.sh) - DIST_TAG=$(.github/workflows/guess-dist-tag.sh) - - echo "FULL_VERSION=$FULL_VERSION" >> "$GITHUB_OUTPUT" - echo "DIST_TAG=$DIST_TAG" >> "$GITHUB_OUTPUT" - - - name: "Deliver to npmjs" - env: - DIST_TAG: ${{ steps.guess-build-metadata.outputs.DIST_TAG }} - FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: | - bash scripts/deliver-to-npm-registry.sh "$FULL_VERSION" "$DIST_TAG" - - - name: "Echo info to Run Summary" - env: - FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} - run: | - { - echo "- [Client Library](https://www.npmjs.com/package/@opentdf/sdk/v/$FULL_VERSION)" - echo "- [Command Line Tool](https://www.npmjs.com/package/@opentdf/ctl/v/$FULL_VERSION)" - echo "- [unpkg](https://unpkg.com/browse/@opentdf/sdk@$FULL_VERSION)" - } >>"$GITHUB_STEP_SUMMARY" + uses: opentdf/web-sdk/.github/workflows/reusable_deliver.yaml@main + secrets: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8d9516c14..5b716494e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -17,40 +17,3 @@ jobs: secrets: APP_ID: ${{ secrets.APP_ID }} AUTOMATION_KEY: ${{ secrets.AUTOMATION_KEY }} - - update-dependencies: - if: ${{ needs.release-please.outputs.prs_created == 'true' }} - needs: release-please - runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: write - steps: - - name: "Generate a token" - id: generate-token - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 - with: - app-id: ${{ secrets.APP_ID }} - private-key: ${{ secrets.AUTOMATION_KEY }} - - - name: "Checkout repo" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: true - ref: ${{ fromJSON(needs.release-please.outputs.prs)[0].headBranchName }} - - - name: "Update dependencies" - run: | - git config --global user.name "opentdf-automation[bot]" - git config --global user.email "149537512+opentdf-automation[bot]@users.noreply.github.com" - make all - git add . - git commit -m "Update dependencies" - git push - - - name: "Sign 'Update dependencies' commit" - env: - GH_TOKEN: ${{ steps.generate-token.outputs.token }} - PULL_NUMBERS: ${{ fromJSON(needs.release-please.outputs.prs)[0].number }} - GITHUB_REPOSITORY: ${{ github.repository }} - uses: opentdf/platform/.github/actions/sign-backport-action-commits@main diff --git a/.github/workflows/reusable_build-and-test.yaml b/.github/workflows/reusable_build-and-test.yaml new file mode 100644 index 000000000..dba7e325a --- /dev/null +++ b/.github/workflows/reusable_build-and-test.yaml @@ -0,0 +1,248 @@ +name: "Reusable worflow: Build and Test Client" + +env: + do_sonarscan: >- + ${{ (github.event_name == 'push' || + github.event.pull_request.head.repo.full_name == github.repository) && + github.actor != 'dependabot[bot]' }} + +on: + workflow_call: + +jobs: + ccc: + runs-on: ubuntu-latest + defaults: + run: + working-directory: ./lib + timeout-minutes: 5 + steps: + - name: Conventional Commits Check + if: contains(fromJSON('["pull_request", "pull_request_target"]'), github.event_name) + id: conventional-commits + uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 + env: + GITHUB_TOKEN: ${{ github.token }} + with: + # Types include: + # - fix: fixes + # - feat: features and enhancements + # - chore: non-feature or enhancement (i.e. docs, ci, linting, automated, etc) + types: | + fix + feat + chore + revert + # Scopes include: + # - sdk: changes to @opentdf/sdk (was lib) + # - cli: changes to @opentdf/ctl + # - ci: anything related to ci + # - tests: test only changes + # - docs: anything related solely to documentation + scopes: | + ci + cli + docs + sdk + tests + + lib: + runs-on: ubuntu-latest + defaults: + run: + working-directory: ./lib + timeout-minutes: 5 + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + with: + fetch-depth: ${{ !fromJSON(env.do_sonarscan) && 1 || 0 }} + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0 + with: + node-version: '22' + cache: 'npm' + cache-dependency-path: './lib/package-lock.json' + - run: npm ci + - run: npm test + - uses: fingerprintjs/action-coverage-report-md@72dfb7de7581612640a8e599e918b2eda98f9bba #v2.0.1 + id: coverage-md + with: + srcBasePath: './' + textReportPath: './lib/coverage/coverage.txt' + - run: echo "${MARKDOWN_REPORT}" >>$GITHUB_STEP_SUMMARY + env: + MARKDOWN_REPORT: '${{ steps.coverage-md.outputs.markdownReport }}' + - run: npm audit --omit dev && npm audit --audit-level high --omit dev + - run: npm run license-check + - run: npm run lint + - run: npm pack + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 + with: + name: opentdf-sdk-lib + path: ./lib/opentdf-sdk-*.tgz + - name: SonarCloud Scan + if: fromJSON(env.do_sonarscan) + uses: SonarSource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf #v5.2.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + cli: + needs: + - lib + runs-on: ubuntu-latest + defaults: + run: + working-directory: ./cli + timeout-minutes: 5 + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0 + with: + node-version: '22' + cache: 'npm' + cache-dependency-path: './cli/package-lock.json' + - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1 + with: + name: opentdf-sdk-lib + path: lib/ + - run: npm uninstall @opentdf/sdk && npm ci && npm i ../lib/opentdf-sdk-*.tgz + - run: npm test + - run: npm audit --omit dev && npm audit --audit-level high --omit dev + - run: npm run license-check + - run: npm run lint + - run: npm pack + - name: Setup Bats and bats libs + uses: bats-core/bats-action@3.0.1 + - run: bats bin/opentdf.bats + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 + with: + name: opentdf-ctl + path: ./cli/opentdf-ctl-*.tgz + + web-app: + needs: + - lib + runs-on: ubuntu-22.04 # NOTE: Playwright not yet supported on 24.04 + defaults: + run: + working-directory: ./web-app + timeout-minutes: 5 + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0 + with: + node-version: '22' + cache: 'npm' + cache-dependency-path: './web-app/package-lock.json' + - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1 + with: + name: opentdf-sdk-lib + path: lib/ + - run: npm uninstall @opentdf/sdk && npm ci && npm i ../lib/opentdf-sdk-*.tgz + - run: npm install + - run: npm audit --omit dev && npm audit --audit-level high --omit dev + - run: npm run license-check + - run: npm run lint + - run: npx playwright install + - run: npm test + - run: npm pack + + scripts: + runs-on: ubuntu-latest + defaults: + run: + working-directory: .github/workflows + timeout-minutes: 5 + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + - name: πŸ¦‡πŸ¦‡πŸ¦‡πŸ¦‡πŸ¦‡πŸ¦‡ + run: docker run --rm -v "$PWD:/mnt" --workdir "/mnt" bats/bats:1.11.0 *.bats + - name: πŸ¦ͺ βœ” 🧼🧼🧼 + run: >- + docker run --rm -v "$PWD:/mnt" --workdir "/mnt" "koalaman/shellcheck:v0.10.0" + --color=always *.sh + + platform-roundtrip: + needs: + - cli + - lib + - web-app + runs-on: ubuntu-22.04 # NOTE: Playwright not yet supported on 24.04 + defaults: + run: + working-directory: .github/workflows/roundtrip + timeout-minutes: 45 + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0 + with: + node-version: '22' + cache: 'npm' + cache-dependency-path: './web-app/package-lock.json' + - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1 + with: + name: opentdf-sdk-lib + path: lib/ + - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1 + with: + name: opentdf-ctl + path: cli/ + - name: Git clone backend + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + with: + path: .github/workflows/roundtrip/platform + repository: opentdf/platform + - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b #v5.4.0 + with: + go-version-file: .github/workflows/roundtrip/platform/service/go.mod + check-latest: false + cache-dependency-path: | + .github/workflows/roundtrip/platform/lib/fixtures/go.sum + .github/workflows/roundtrip/platform/lib/ocrypto/go.sum + .github/workflows/roundtrip/platform/protocol/go/go.sum + .github/workflows/roundtrip/platform/sdk/go.sum + .github/workflows/roundtrip/platform/service/go.sum + - run: find ./ -name go.mod + - name: go configure backend + run: |- + go work init + for x in platform/{protocol/go,lib/{fixtures,ocrypto},sdk,service}; do + go work use "$x" + done + - run: docker compose up -d --wait --wait-timeout 240 + - env: + PLAYWRIGHT_TESTS_TO_RUN: roundtrip + run: |- + ./wait-and-test.sh platform + + platform-xtest: + needs: + - cli + - lib + uses: opentdf/tests/.github/workflows/xtest.yml@main + with: + focus-sdk: js + js-ref: ${{ github.ref }} latest lts + platform-ref: main lts + + ci: + needs: + - lib + - cli + - web-app + - scripts + - platform-xtest + runs-on: ubuntu-22.04 + if: ${{ !cancelled() }} + steps: + + - name: "All jobs succeeded" + id: success + if: ${{ contains(needs.*.result, 'success') }} + run: | + : + + - name: "One or more jobs failed" + if: ${{ contains(needs.*.result, 'failure') }} + run: | + exit 1 diff --git a/.github/workflows/reusable_deliver.yaml b/.github/workflows/reusable_deliver.yaml new file mode 100644 index 000000000..25e408f7b --- /dev/null +++ b/.github/workflows/reusable_deliver.yaml @@ -0,0 +1,131 @@ +name: "Reusable worflow: Deliver Client to npm registry" + +on: + workflow_call: + +# Default empty permissions for all jobs +permissions: {} + +jobs: + deliver-ghp: + permissions: + contents: read + packages: write + pages: write + runs-on: ubuntu-latest + + steps: + - name: "Checkout repo" + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: "Setup node" + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 + with: + node-version: "22" + registry-url: https://npm.pkg.github.com + + - name: "Check version number is same between tag, library, and/or release" + id: check-version + env: + REF: ${{ github.ref }} + run: | + if [[ "$REF" = refs/heads/release/* ]]; then + scripts/check-version-is.sh "${GITHUB_REF##*release/}" + elif [[ "$REF" = refs/tags/sdk/v* ]]; then + scripts/check-version-is.sh "${GITHUB_REF_NAME#sdk/v}" + else + scripts/check-version-is.sh + fi + + - name: "Output build metadata" + id: guess-build-metadata + run: | + FULL_VERSION=$(.github/workflows/gh-semver.sh) + DIST_TAG=$(.github/workflows/guess-dist-tag.sh) + + echo "FULL_VERSION=$FULL_VERSION" >> "$GITHUB_OUTPUT" + echo "DIST_TAG=$DIST_TAG" >> "$GITHUB_OUTPUT" + + - name: "Run: make doc" + run: | + make doc + + - name: "Echo info" + env: + DIST_TAG: ${{ steps.guess-build-metadata.outputs.DIST_TAG }} + FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} + run: | + echo "::notice file=lib/package.json::Will be published to \ + [GitHub Packages](https://github.com/opentdf/web-sdk/pkgs/npm/client) \ + as $DIST_TAG \ + with version=[$FULL_VERSION]" + + - name: "Deliver to GitHub Packages" + env: + DIST_TAG: ${{ steps.guess-build-metadata.outputs.DIST_TAG }} + FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} + NODE_AUTH_TOKEN: ${{ github.token }} + run: | + bash scripts/deliver-to-npm-registry.sh "$FULL_VERSION" "$DIST_TAG" + + - name: "Echo info to Run Summary" + run: | + { + echo "- [Client Library](https://github.com/opentdf/web-sdk/pkgs/npm/client)" + echo "- [Command Line Tool](https://github.com/opentdf/web-sdk/pkgs/npm/cli)" + } >>"$GITHUB_STEP_SUMMARY" + + - name: "Publish documentation to gh-pages" + uses: JamesIves/github-pages-deploy-action@6c2d9db40f9296374acc17b90404b6e8864128c8 # v4.7.3 + with: + branch: gh-pages + folder: lib/dist/docs + + deliver-npmjs: + permissions: + contents: read + runs-on: ubuntu-latest + steps: + - name: "Checkout repo" + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: "Setup node" + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 + with: + node-version: "22" + registry-url: "https://registry.npmjs.org" + + - name: "Run: make all" + run: | + make all + + - name: "Output build metadata" + id: guess-build-metadata + run: | + FULL_VERSION=$(.github/workflows/gh-semver.sh) + DIST_TAG=$(.github/workflows/guess-dist-tag.sh) + + echo "FULL_VERSION=$FULL_VERSION" >> "$GITHUB_OUTPUT" + echo "DIST_TAG=$DIST_TAG" >> "$GITHUB_OUTPUT" + + - name: "Deliver to npmjs" + env: + DIST_TAG: ${{ steps.guess-build-metadata.outputs.DIST_TAG }} + FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + run: | + bash scripts/deliver-to-npm-registry.sh "$FULL_VERSION" "$DIST_TAG" + + - name: "Echo info to Run Summary" + env: + FULL_VERSION: ${{ steps.guess-build-metadata.outputs.FULL_VERSION }} + run: | + { + echo "- [Client Library](https://www.npmjs.com/package/@opentdf/sdk/v/$FULL_VERSION)" + echo "- [Command Line Tool](https://www.npmjs.com/package/@opentdf/ctl/v/$FULL_VERSION)" + echo "- [unpkg](https://unpkg.com/browse/@opentdf/sdk@$FULL_VERSION)" + } >>"$GITHUB_STEP_SUMMARY"