Skip to content

Cosign improvements #3494

Cosign improvements

Cosign improvements #3494

Workflow file for this run

name: Run CI
# Run this workflow every time a new commit pushed to your repository
on:
push:
branches:
- main
- stable/*
tags:
- '*'
pull_request:
workflow_dispatch:
env:
IMAGE_NAME: openformulieren/open-forms-sdk
jobs:
build:
name: Create 'production' build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: npm
- name: Extract version from git
id: build-args
run: |
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Strip "v" prefix from tag name (if present at all)
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
# Use Docker `latest` tag convention
[ "$VERSION" == "main" ] && VERSION=latest
# PRs result in version 'merge' -> transform that into 'latest'
[ "$VERSION" == "merge" ] && VERSION=latest
echo "version=${VERSION}" >> $GITHUB_OUTPUT
- name: Build Javascript
run: |
echo "Building version $REACT_APP_VERSION"
npm ci
npm run build:design-tokens
REACT_APP_VERSION=${REACT_APP_VERSION} npm run build
env:
REACT_APP_VERSION: ${{ steps.build-args.outputs.version }}
- name: Store build artifact
uses: actions/upload-artifact@v4
with:
name: sdk-build
path: dist/
retention-days: 1
tests:
name: Run Javascript tests
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: npm
- name: Install dependencies
run: npm ci
- name: Download build artifact
uses: actions/download-artifact@v4
with:
name: sdk-build
path: dist/
- name: Run tests
run: |
npm test -- --coverage
env:
CI: 'true'
- name: Publish coverage report
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
prettier:
name: Check frontend code formatting with prettier
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: npm
- name: Install dependencies
run: npm ci
- name: Run prettier linter
run: npm run checkformat
publish:
name: Publish the NPM package
runs-on: ubuntu-latest
needs:
- build
- tests
- prettier
# do not publish in forks or non-tag pushes
if: startsWith(github.ref, 'refs/tags/') && github.repository_owner == 'open-formulieren'
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: npm
registry-url: 'https://registry.npmjs.org'
scope: '@open-formulieren'
- name: Install dependencies
run: npm ci
- name: Download build artifact
uses: actions/download-artifact@v4
with:
name: sdk-build
path: dist/
- name: Publish package to NPM
run: |
mv README.npm.md README.md
npm run prepare-package
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
npm publish --access public --new-version=$VERSION
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
docker:
name: Build (and push) Docker image
runs-on: ubuntu-latest
steps:
# This will include the updated OAS (if updated) from the update-oas job.
- uses: actions/checkout@v4
with:
submodules: true
- name: Set tag
id: vars
run: |
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Strip "v" prefix from tag name (if present at all)
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
# Use Docker `latest` tag convention
[ "$VERSION" == "main" ] && VERSION=latest
echo "tag=${VERSION}" >> $GITHUB_OUTPUT
- name: Build the Docker image
env:
RELEASE_VERSION: ${{ steps.vars.outputs.tag }}
run: |
docker build . \
--build-arg SDK_VERSION=${RELEASE_VERSION} \
--tag $IMAGE_NAME:$RELEASE_VERSION
- name: Log into registry
if: github.event_name == 'push' && github.repository_owner == 'open-formulieren' # Exclude PRs / forks
run:
echo "${{ secrets.DOCKER_TOKEN }}" | docker login -u ${{ secrets.DOCKER_USERNAME }}
--password-stdin
- name: Push the Docker image
if: github.event_name == 'push' && github.repository_owner == 'open-formulieren' # Exclude PRs / forks
env:
RELEASE_VERSION: ${{ steps.vars.outputs.tag }}
run: docker push $IMAGE_NAME:$RELEASE_VERSION
update-docker-readme:
needs:
- docker
uses: ./.github/workflows/dockerhub-description.yml
if: github.event_name == 'push' && github.repository_owner == 'open-formulieren' # Exclude PRs / forks
with:
image_name: openformulieren/open-forms-sdk
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}