Publish releases #21
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish releases | |
| # Consolidates canary and stable releases into single workflow | |
| # Trusted workflow for publishing to npm | |
| on: | |
| push: | |
| branches: [master] | |
| workflow_dispatch: | |
| inputs: | |
| version_specifier: | |
| description: 'Semver bump (patch|minor|major|pre*) or exact version (v1.2.3)' | |
| required: true | |
| type: string | |
| env: | |
| NODE_VERSION: '20' | |
| jobs: | |
| release-stable: # stable releases can only be manually triggered | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Generate GitHub App token (with org members:read) | |
| id: app-token | |
| uses: actions/create-github-app-token@v2 | |
| with: | |
| app-id: ${{ secrets.APP_ID }} | |
| private-key: ${{ secrets.PRIVATE_KEY }} | |
| - name: Check if actor is member of admin or client-libs team | |
| id: team-check | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{ steps.app-token.outputs.token }} | |
| script: | | |
| const org = 'supabase' | |
| const { actor } = context | |
| async function isTeamMember(team_slug) { | |
| console.log('isTeamMember', team_slug) | |
| console.log('actor', actor) | |
| console.log('Context', JSON.stringify(context, null, 2)) | |
| try { | |
| const res = await github.rest.teams.getMembershipForUserInOrg({ | |
| org, | |
| team_slug, | |
| username: actor, | |
| }) | |
| console.log('Here is res', JSON.stringify(res, null, 2)) | |
| return res && res.status === 200 | |
| } catch (_) { | |
| console.log('Here is error', JSON.stringify(_, null, 2)) | |
| return false | |
| } | |
| } | |
| const isAdmin = await isTeamMember('admin') | |
| const isMember = isAdmin | |
| core.setOutput('is_team_member', isMember ? 'true' : 'false') | |
| - name: Fail if not authorized | |
| if: steps.team-check.outputs.is_team_member != 'true' | |
| run: | | |
| echo "You must be a member of @supabase/admin or @supabase/client-libs." | |
| exit 1 | |
| # - uses: actions/checkout@v5 | |
| # with: | |
| # fetch-depth: 0 |