chore: add pnpm audit to the CI and update deps (#457) #99
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: [main] | |
| paths-ignore: | |
| - 'docs/**' | |
| - '**.md' | |
| - '!.changeset/**' | |
| - 'LICENSE' | |
| jobs: | |
| version: | |
| name: Determine version | |
| runs-on: ubuntu-latest | |
| outputs: | |
| hasChangesets: ${{ steps.changesets.outputs.hasChangesets }} | |
| version: ${{ steps.check_tag.outputs.version }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Node and dependencies | |
| uses: ./.github/actions/install-dependencies | |
| - name: Install dependencies | |
| run: pnpm install | |
| - name: Create PR or Publish release | |
| id: changesets | |
| uses: changesets/action@v1 | |
| with: | |
| version: pnpm run ci:version | |
| commit: 'chore: update versions' | |
| title: 'chore: update versions' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Check Hasura Auth tag | |
| id: check_tag | |
| if: steps.changesets.outputs.hasChangesets == 'false' | |
| run: | | |
| VERSION=$(jq -r .version package.json) | |
| GIT_TAG="v$VERSION" | |
| if [ -z "$(git tag -l | grep $GIT_TAG)" ]; then | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| fi | |
| test: | |
| name: Tests | |
| uses: ./.github/workflows/test.yaml | |
| publish: | |
| name: Publish Docker image | |
| needs: | |
| - test | |
| - version | |
| timeout-minutes: 60 | |
| runs-on: ubuntu-latest | |
| # These permissions are needed to interact with GitHub's OIDC Token endpoint. | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Preprocess environment | |
| id: preprocess-environment | |
| run: echo "aws_account_id=${{ secrets.AWS_PRODUCTION_ACCOUNT_ID }}" >> $GITHUB_OUTPUT | |
| - name: Add git tag | |
| if: needs.version.outputs.version != '' | |
| run: | | |
| git tag "v${{ needs.version.outputs.version }}" | |
| git push origin --tags | |
| - name: Determine tags | |
| id: tags | |
| run: | | |
| echo "docker_tags<<EOF" >> $GITHUB_OUTPUT | |
| echo "type=sha" >> $GITHUB_OUTPUT | |
| if [ "${{ needs.version.outputs.version }}" != "false" ]; then | |
| GIT_TAG="v${{ needs.version.outputs.version }}" | |
| echo "type=semver,pattern={{version}},value=$GIT_TAG" >> $GITHUB_OUTPUT | |
| echo "type=semver,pattern={{major}}.{{minor}},value=$GIT_TAG" >> $GITHUB_OUTPUT | |
| echo "type=semver,pattern={{major}},value=$GIT_TAG" >> $GITHUB_OUTPUT | |
| fi | |
| echo 'EOF' >> $GITHUB_OUTPUT | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| # list of Docker images to use as base name for tags | |
| images: | | |
| nhost/hasura-auth | |
| ${{ steps.preprocess-environment.outputs.aws_account_id }}.dkr.ecr.eu-central-1.amazonaws.com/hasura-auth | |
| tags: ${{ steps.tags.outputs.docker_tags }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Configure AWS | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ steps.preprocess-environment.outputs.aws_account_id }}:role/github-actions-nhost-${{ github.event.repository.name }} | |
| aws-region: eu-central-1 | |
| - name: Login to Amazon ECR | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Build and publish to Docker Hub and AWS ECR | |
| uses: docker/build-push-action@v3 | |
| timeout-minutes: 60 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| push: true | |
| - name: Create GitHub Release | |
| uses: taiki-e/create-gh-release-action@v1 | |
| if: needs.version.outputs.version != '' | |
| with: | |
| changelog: CHANGELOG.md | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| ref: refs/tags/${{ needs.version.outputs.version }} | |
| - name: Remove tag | |
| if: failure() && needs.version.outputs.version != '' | |
| run: git push --delete origin ${{ needs.version.outputs.version }} | |
| release: | |
| name: GitHub release | |
| needs: publish | |
| runs-on: ubuntu-latest | |
| if: needs.publish.needs.version.outputs.version != '' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Create GitHub Release | |
| uses: taiki-e/create-gh-release-action@v1 | |
| if: needs.version.outputs.version != '' | |
| with: | |
| changelog: CHANGELOG.md | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| ref: refs/tags/${{ needs.version.outputs.version }} |