Skip to content

keep auth in sync (#362) #343

keep auth in sync (#362)

keep auth in sync (#362) #343

Workflow file for this run

name: Main
on:
workflow_dispatch:
inputs:
releaseType:
description: "Release Type"
required: true
default: "minor"
type: choice
options:
- major
- minor
- patch
push:
branches:
- "main"
tags-ignore:
- "*"
# Only one of these can run at a time because it pushes to main
# kill any other running jobs and the latest one wins
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}
cancel-in-progress: true
env:
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
jobs:
release:
name: Release
runs-on:
group: ubuntu-large-runners
permissions:
actions: read
contents: write
id-token: write
pull-requests: read
# This can only be triggered from main
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
ssh-key: ${{ secrets.GH_ACTIONS_DEPLOY_KEY_RULE_BYPASS }}
- uses: pnpm/action-setup@v4
with:
version: 9
run_install: false
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version-file: ".tool-versions"
registry-url: "https://registry.npmjs.org"
cache: "pnpm"
- name: Install dependencies
run: pnpm install --frozen-lockfile
- run: pnpm install nx --global
- uses: nrwl/nx-set-shas@v4
# This must be a real github account otherwise vercel thows ugly errors
- run: git config --global user.email "[email protected]"
- run: git config --global user.name "Zuplo Integrations"
- run: nx run-many -t root:lint:ci root:format:ci build:ci
- name: Get Variables
id: vars
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Copy readme
run: cp README.md packages/zudoku
- name: Version
if: github.event_name == 'workflow_dispatch'
run: nx release version --specifier ${{ github.event.inputs.releaseType }} --git-commit --git-tag=true
- name: Version (Prerelease)
if: github.event_name == 'push'
run: nx release version --specifier 0.0.0-${{ steps.vars.outputs.sha_short }} --git-tag=false
- name: Publish Modules
run: pnpm publish --provenance --filter zudoku --filter create-zudoku-app --filter config --no-git-checks --tag ${{ github.event_name == 'push' && 'dev' || 'latest' }}
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
- run: echo "ZUDOKU_VERSION=$(node -e 'console.log(require(`./packages/zudoku/package.json`).version)')" >> $GITHUB_ENV
- name: Push Git Changes
if: github.event_name == 'workflow_dispatch'
run: git push origin main --follow-tags
- uses: actions/github-script@v7
name: Create Release
id: create-release
if: github.event_name == 'workflow_dispatch'
with:
result-encoding: string
retries: 3
script: |
github.request("POST /repos/{owner}/{repo}/releases", {
owner: context.repo.owner,
repo: context.repo.repo,
tag_name: `v${{ env.ZUDOKU_VERSION }}`,
draft: false,
prerelease: false,
generate_release_notes: true,
headers: {
"X-GitHub-Api-Version": "2022-11-28",
},
});
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
token_format: access_token
workload_identity_provider: ${{ vars.GCP_ACTIONS_IDENTITY_PROVIDER }}
service_account: github-actions-opensource@zuplo-production.iam.gserviceaccount.com
access_token_lifetime: 300s
- name: Upload CSS
uses: google-github-actions/upload-cloud-storage@v2
with:
process_gcloudignore: false
path: packages/zudoku/standalone
glob: "**/*.css"
destination: cdn.zudoku.dev/${{ env.ZUDOKU_VERSION }}
parent: false
headers: |-
content-type: text/css
- name: Upload Javascript
uses: google-github-actions/upload-cloud-storage@v2
with:
process_gcloudignore: false
path: packages/zudoku/standalone
glob: "**/*.js"
destination: cdn.zudoku.dev/${{ env.ZUDOKU_VERSION }}
parent: false
headers: |-
content-type: text/javascript
cache-control: public,max-age=31536000,immutable
- name: Upload HTML (Latest)
# Only publish latest for non-prerelease
if: github.event_name == 'workflow_dispatch'
uses: google-github-actions/upload-cloud-storage@v2
with:
process_gcloudignore: false
path: packages/zudoku/standalone/index.html
destination: cdn.zudoku.dev/latest
parent: false
headers: |-
content-type: text/html
- name: Upload CSS (Latest)
# Only publish latest for non-prerelease
if: github.event_name == 'workflow_dispatch'
uses: google-github-actions/upload-cloud-storage@v2
with:
process_gcloudignore: false
path: packages/zudoku/standalone
glob: "**/*.css"
destination: cdn.zudoku.dev/latest
parent: false
headers: |-
content-type: text/css
- name: Upload Javascript (Latest)
# Only publish latest for non-prerelease
if: github.event_name == 'workflow_dispatch'
uses: google-github-actions/upload-cloud-storage@v2
with:
process_gcloudignore: false
path: packages/zudoku/standalone
glob: "**/*.js"
destination: cdn.zudoku.dev/latest
parent: false
headers: |-
content-type: text/javascript
cache-control: public,max-age=31536000,immutable
- name: Upload Artifacts
uses: google-github-actions/upload-cloud-storage@v2
with:
process_gcloudignore: false
path: packages/zudoku/stats.html
destination: cdn.zudoku.dev/build/rollup/${{ github.run_id }}-${{ github.run_attempt }}
parent: false
headers: |-
content-type: text/html
- name: Clear CDN Cache
# Only for non-prerelease
if: github.event_name == 'workflow_dispatch'
run: |
curl --request POST \
--url https://api.cloudflare.com/client/v4/zones/1abaefabd6800e9979a740a7cdf235a8/purge_cache \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ${{ secrets.CF_ZONE_PURGE_ACCESS_TOKEN }}' \
--data '{ "purge_everything": true }'
- name: Write Summary
run: |
echo "📝 Bundle stats uploaded" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "[View Stats](https://cdn.zudoku.dev/build/rollup/${{ github.run_id }}-${{ github.run_attempt }}/stats.html)" >> $GITHUB_STEP_SUMMARY
# Trigger updates of internal projects using Zudoku
- run: gh workflow run release.yaml --repo zuplo-poc/docs-zudoku --ref main
# Only for non-prerelease
if: github.event_name == 'workflow_dispatch'
env:
GITHUB_TOKEN: ${{ secrets.GH_SECRET_TRIGGER_POC_WORKFLOWS }}