Cosign improvements #3494
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Run CI | |
# Run this workflow every time a new commit pushed to your repository | |
on: | |
push: | |
branches: | |
- main | |
- stable/* | |
tags: | |
- '*' | |
pull_request: | |
workflow_dispatch: | |
env: | |
IMAGE_NAME: openformulieren/open-forms-sdk | |
jobs: | |
build: | |
name: Create 'production' build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.nvmrc' | |
cache: npm | |
- name: Extract version from git | |
id: build-args | |
run: | | |
# Strip git ref prefix from version | |
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | |
# Strip "v" prefix from tag name (if present at all) | |
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') | |
# Use Docker `latest` tag convention | |
[ "$VERSION" == "main" ] && VERSION=latest | |
# PRs result in version 'merge' -> transform that into 'latest' | |
[ "$VERSION" == "merge" ] && VERSION=latest | |
echo "version=${VERSION}" >> $GITHUB_OUTPUT | |
- name: Build Javascript | |
run: | | |
echo "Building version $REACT_APP_VERSION" | |
npm ci | |
npm run build:design-tokens | |
REACT_APP_VERSION=${REACT_APP_VERSION} npm run build | |
env: | |
REACT_APP_VERSION: ${{ steps.build-args.outputs.version }} | |
- name: Store build artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: sdk-build | |
path: dist/ | |
retention-days: 1 | |
tests: | |
name: Run Javascript tests | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.nvmrc' | |
cache: npm | |
- name: Install dependencies | |
run: npm ci | |
- name: Download build artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: sdk-build | |
path: dist/ | |
- name: Run tests | |
run: | | |
npm test -- --coverage | |
env: | |
CI: 'true' | |
- name: Publish coverage report | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
prettier: | |
name: Check frontend code formatting with prettier | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.nvmrc' | |
cache: npm | |
- name: Install dependencies | |
run: npm ci | |
- name: Run prettier linter | |
run: npm run checkformat | |
publish: | |
name: Publish the NPM package | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
- tests | |
- prettier | |
# do not publish in forks or non-tag pushes | |
if: startsWith(github.ref, 'refs/tags/') && github.repository_owner == 'open-formulieren' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.nvmrc' | |
cache: npm | |
registry-url: 'https://registry.npmjs.org' | |
scope: '@open-formulieren' | |
- name: Install dependencies | |
run: npm ci | |
- name: Download build artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: sdk-build | |
path: dist/ | |
- name: Publish package to NPM | |
run: | | |
mv README.npm.md README.md | |
npm run prepare-package | |
# Strip git ref prefix from version | |
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | |
npm publish --access public --new-version=$VERSION | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
docker: | |
name: Build (and push) Docker image | |
runs-on: ubuntu-latest | |
steps: | |
# This will include the updated OAS (if updated) from the update-oas job. | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Set tag | |
id: vars | |
run: | | |
# Strip git ref prefix from version | |
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | |
# Strip "v" prefix from tag name (if present at all) | |
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') | |
# Use Docker `latest` tag convention | |
[ "$VERSION" == "main" ] && VERSION=latest | |
echo "tag=${VERSION}" >> $GITHUB_OUTPUT | |
- name: Build the Docker image | |
env: | |
RELEASE_VERSION: ${{ steps.vars.outputs.tag }} | |
run: | | |
docker build . \ | |
--build-arg SDK_VERSION=${RELEASE_VERSION} \ | |
--tag $IMAGE_NAME:$RELEASE_VERSION | |
- name: Log into registry | |
if: github.event_name == 'push' && github.repository_owner == 'open-formulieren' # Exclude PRs / forks | |
run: | |
echo "${{ secrets.DOCKER_TOKEN }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} | |
--password-stdin | |
- name: Push the Docker image | |
if: github.event_name == 'push' && github.repository_owner == 'open-formulieren' # Exclude PRs / forks | |
env: | |
RELEASE_VERSION: ${{ steps.vars.outputs.tag }} | |
run: docker push $IMAGE_NAME:$RELEASE_VERSION | |
update-docker-readme: | |
needs: | |
- docker | |
uses: ./.github/workflows/dockerhub-description.yml | |
if: github.event_name == 'push' && github.repository_owner == 'open-formulieren' # Exclude PRs / forks | |
with: | |
image_name: openformulieren/open-forms-sdk | |
secrets: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }} |