Publish Packages #39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Packages | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| branch: | |
| description: 'Branch to publish packages from' | |
| required: true | |
| default: 'master' | |
| version: | |
| description: 'Version to publish' | |
| required: true | |
| default: 'patch' | |
| type: choice | |
| options: | |
| - 'patch' | |
| - 'minor' | |
| - 'major' | |
| - 'prepatch' | |
| - 'preminor' | |
| - 'premajor' | |
| - 'prerelease' | |
| # Do not allow concurrent runs | |
| concurrency: ${{ github.workflow }}-${{ github.ref }} | |
| jobs: | |
| publish: | |
| name: Publish Packages | |
| runs-on: ubuntu-latest | |
| permissions: write-all | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ inputs.branch || 'master' }} | |
| - name: Get the secrets from GSM | |
| id: secrets_manager | |
| uses: toptal/davinci-github-actions/gsm-secrets@master | |
| with: | |
| workload_identity_provider: ${{ secrets.IDENTITY_POOL }} | |
| service_account: ${{ secrets.SA_IDENTITY_POOL }} | |
| secrets_name: |- | |
| NPM_TOKEN_PUBLISH:toptal-ci/NPM_TOKEN_PUBLISH | |
| TOPTAL_BUILD_BOT_TOKEN:toptal-ci/TOPTAL_BUILD_BOT_TOKEN | |
| - name: Parse secrets | |
| id: parse_secrets | |
| uses: toptal/davinci-github-actions/expose-json-outputs@master | |
| with: | |
| json: ${{ steps.secrets_manager.outputs.secrets }} | |
| - name: Set ENV Variables | |
| run: |- | |
| echo "NPM_TOKEN=${{ steps.parse_secrets.outputs.NPM_TOKEN_PUBLISH }}" >> $GITHUB_ENV | |
| echo "GITHUB_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_TOKEN }}" >> $GITHUB_ENV | |
| - name: Setup Node.js 18.x | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| # Add a registry to npm config. | |
| # 'npm whoami' - is a check of the validity of the NPM token and connection. | |
| - name: Setup npm | |
| run: | | |
| npm set "//registry.npmjs.org/:_authToken=${{ env.NPM_TOKEN }}" | |
| npm whoami | |
| # Lerna should be able to make commits and create tags for new versions in repo as a user. | |
| - name: Configure git user | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "toptal-bot" | |
| - name: Install Dependencies | |
| run: | | |
| yarn install --frozen-lockfile --non-interactive | |
| - name: Build Packages | |
| run: | | |
| yarn build | |
| - name: Bump versions | |
| run: | | |
| yarn lerna version ${{ inputs.version }} --yes | |
| - name: Publish packages (latest) | |
| if: startsWith('${{ inputs.version }}', 'pre') == false | |
| run: | | |
| yarn lerna publish from-git --yes | |
| - name: Publish packages (next) | |
| if: startsWith('${{ inputs.version }}', 'pre') == true | |
| run: | | |
| yarn lerna publish from-git --dist-tag next --yes | |