keep auth in sync (#362) #343
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Main | |
on: | |
workflow_dispatch: | |
inputs: | |
releaseType: | |
description: "Release Type" | |
required: true | |
default: "minor" | |
type: choice | |
options: | |
- major | |
- minor | |
- patch | |
push: | |
branches: | |
- "main" | |
tags-ignore: | |
- "*" | |
# Only one of these can run at a time because it pushes to main | |
# kill any other running jobs and the latest one wins | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event_name }} | |
cancel-in-progress: true | |
env: | |
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} | |
jobs: | |
release: | |
name: Release | |
runs-on: | |
group: ubuntu-large-runners | |
permissions: | |
actions: read | |
contents: write | |
id-token: write | |
pull-requests: read | |
# This can only be triggered from main | |
if: github.ref == 'refs/heads/main' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
ssh-key: ${{ secrets.GH_ACTIONS_DEPLOY_KEY_RULE_BYPASS }} | |
- uses: pnpm/action-setup@v4 | |
with: | |
version: 9 | |
run_install: false | |
- name: Install Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: ".tool-versions" | |
registry-url: "https://registry.npmjs.org" | |
cache: "pnpm" | |
- name: Install dependencies | |
run: pnpm install --frozen-lockfile | |
- run: pnpm install nx --global | |
- uses: nrwl/nx-set-shas@v4 | |
# This must be a real github account otherwise vercel thows ugly errors | |
- run: git config --global user.email "[email protected]" | |
- run: git config --global user.name "Zuplo Integrations" | |
- run: nx run-many -t root:lint:ci root:format:ci build:ci | |
- name: Get Variables | |
id: vars | |
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
- name: Copy readme | |
run: cp README.md packages/zudoku | |
- name: Version | |
if: github.event_name == 'workflow_dispatch' | |
run: nx release version --specifier ${{ github.event.inputs.releaseType }} --git-commit --git-tag=true | |
- name: Version (Prerelease) | |
if: github.event_name == 'push' | |
run: nx release version --specifier 0.0.0-${{ steps.vars.outputs.sha_short }} --git-tag=false | |
- name: Publish Modules | |
run: pnpm publish --provenance --filter zudoku --filter create-zudoku-app --filter config --no-git-checks --tag ${{ github.event_name == 'push' && 'dev' || 'latest' }} | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} | |
- run: echo "ZUDOKU_VERSION=$(node -e 'console.log(require(`./packages/zudoku/package.json`).version)')" >> $GITHUB_ENV | |
- name: Push Git Changes | |
if: github.event_name == 'workflow_dispatch' | |
run: git push origin main --follow-tags | |
- uses: actions/github-script@v7 | |
name: Create Release | |
id: create-release | |
if: github.event_name == 'workflow_dispatch' | |
with: | |
result-encoding: string | |
retries: 3 | |
script: | | |
github.request("POST /repos/{owner}/{repo}/releases", { | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
tag_name: `v${{ env.ZUDOKU_VERSION }}`, | |
draft: false, | |
prerelease: false, | |
generate_release_notes: true, | |
headers: { | |
"X-GitHub-Api-Version": "2022-11-28", | |
}, | |
}); | |
- name: Authenticate to Google Cloud | |
uses: google-github-actions/auth@v2 | |
with: | |
token_format: access_token | |
workload_identity_provider: ${{ vars.GCP_ACTIONS_IDENTITY_PROVIDER }} | |
service_account: github-actions-opensource@zuplo-production.iam.gserviceaccount.com | |
access_token_lifetime: 300s | |
- name: Upload CSS | |
uses: google-github-actions/upload-cloud-storage@v2 | |
with: | |
process_gcloudignore: false | |
path: packages/zudoku/standalone | |
glob: "**/*.css" | |
destination: cdn.zudoku.dev/${{ env.ZUDOKU_VERSION }} | |
parent: false | |
headers: |- | |
content-type: text/css | |
- name: Upload Javascript | |
uses: google-github-actions/upload-cloud-storage@v2 | |
with: | |
process_gcloudignore: false | |
path: packages/zudoku/standalone | |
glob: "**/*.js" | |
destination: cdn.zudoku.dev/${{ env.ZUDOKU_VERSION }} | |
parent: false | |
headers: |- | |
content-type: text/javascript | |
cache-control: public,max-age=31536000,immutable | |
- name: Upload HTML (Latest) | |
# Only publish latest for non-prerelease | |
if: github.event_name == 'workflow_dispatch' | |
uses: google-github-actions/upload-cloud-storage@v2 | |
with: | |
process_gcloudignore: false | |
path: packages/zudoku/standalone/index.html | |
destination: cdn.zudoku.dev/latest | |
parent: false | |
headers: |- | |
content-type: text/html | |
- name: Upload CSS (Latest) | |
# Only publish latest for non-prerelease | |
if: github.event_name == 'workflow_dispatch' | |
uses: google-github-actions/upload-cloud-storage@v2 | |
with: | |
process_gcloudignore: false | |
path: packages/zudoku/standalone | |
glob: "**/*.css" | |
destination: cdn.zudoku.dev/latest | |
parent: false | |
headers: |- | |
content-type: text/css | |
- name: Upload Javascript (Latest) | |
# Only publish latest for non-prerelease | |
if: github.event_name == 'workflow_dispatch' | |
uses: google-github-actions/upload-cloud-storage@v2 | |
with: | |
process_gcloudignore: false | |
path: packages/zudoku/standalone | |
glob: "**/*.js" | |
destination: cdn.zudoku.dev/latest | |
parent: false | |
headers: |- | |
content-type: text/javascript | |
cache-control: public,max-age=31536000,immutable | |
- name: Upload Artifacts | |
uses: google-github-actions/upload-cloud-storage@v2 | |
with: | |
process_gcloudignore: false | |
path: packages/zudoku/stats.html | |
destination: cdn.zudoku.dev/build/rollup/${{ github.run_id }}-${{ github.run_attempt }} | |
parent: false | |
headers: |- | |
content-type: text/html | |
- name: Clear CDN Cache | |
# Only for non-prerelease | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
curl --request POST \ | |
--url https://api.cloudflare.com/client/v4/zones/1abaefabd6800e9979a740a7cdf235a8/purge_cache \ | |
--header 'Content-Type: application/json' \ | |
--header 'Authorization: Bearer ${{ secrets.CF_ZONE_PURGE_ACCESS_TOKEN }}' \ | |
--data '{ "purge_everything": true }' | |
- name: Write Summary | |
run: | | |
echo "📝 Bundle stats uploaded" >> $GITHUB_STEP_SUMMARY | |
echo "" >> $GITHUB_STEP_SUMMARY | |
echo "[View Stats](https://cdn.zudoku.dev/build/rollup/${{ github.run_id }}-${{ github.run_attempt }}/stats.html)" >> $GITHUB_STEP_SUMMARY | |
# Trigger updates of internal projects using Zudoku | |
- run: gh workflow run release.yaml --repo zuplo-poc/docs-zudoku --ref main | |
# Only for non-prerelease | |
if: github.event_name == 'workflow_dispatch' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_SECRET_TRIGGER_POC_WORKFLOWS }} |