Merge pull request #453 from ForgeRock/renovate/node-22.x #317

Workflow file for this run

.github/workflows/publish.yml at 9ec79a0

	name: Publish
	on:
	push:
	branches:
	- main
	workflow_dispatch:
	inputs:
	branch:
	description: 'Branch/ref to publish from'
	required: false
	default: 'main'
	type: string
	dist_tag:
	description: 'npm dist-tag'
	required: false
	default: 'beta'
	type: string
	prerelease:
	description: 'changesets prerelease tag (beta/canary)'
	required: false
	default: 'beta'
	type: string
	access:
	description: 'npm access'
	required: false
	default: 'public'
	type: string
	env:
	NX_CLOUD_ENCRYPTION_KEY: ${{ secrets.NX_CLOUD_ENCRYPTION_KEY }}
	NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
	NX_CLOUD_DISTRIBUTED_EXECUTION: true
	PNPM_CACHE_FOLDER: .pnpm-store
	CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
	CI: true

	jobs:
	publish-or-pr:
	if: github.event_name == 'push'
	permissions:
	contents: write # changesets/action
	issues: write
	pull-requests: write
	id-token: write # OIDC for provenance if npm publish happens here
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	token: ${{ secrets.GH_TOKEN }}
	- uses: pnpm/action-setup@v4
	with:
	run_install: false
	- uses: actions/setup-node@v5
	id: cache
	with:
	node-version-file: '.node-version'
	cache: 'pnpm'
	registry-url: 'https://registry.npmjs.org'

	- name: Update npm
	run: npm install -g npm@latest

	- run: pnpm install --frozen-lockfile

	- run: pnpm dlx nx-cloud start-ci-run --distribute-on=".nx/workflows/dynamic-changesets.yml" --stop-agents-after="e2e-ci" --with-env-vars="CODECOV_TOKEN"

	- name: Cache Playwright browsers
	uses: actions/cache@v4
	with:
	path: ~/.cache/ms-playwright
	key: ${{ runner.os }}-playwright-${{ hashFiles('**/pnpm-lock.yaml') }}
	restore-keys: \|
	${{ runner.os }}-playwright-

	- run: pnpm exec playwright install

	- uses: nrwl/nx-set-shas@v4

	- name: setup pnpm config
	run: pnpm config set store-dir $PNPM_CACHE_FOLDER

	- run: pnpm exec nx affected -t build lint test e2e-ci

	- uses: actions/upload-artifact@v4
	if: ${{ !cancelled() }}
	with:
	name: playwright-report
	path: \|
	.//.playwright/
	retention-days: 30

	- run: git status
	- name: publish
	uses: changesets/action@v1
	id: changesets
	with:
	publish: pnpm ci:release
	version: pnpm ci:version
	title: Release PR
	branch: main
	commit: 'chore: version-packages'
	setupGitUser: true
	env:
	HOME: ${{ github.workspace }}
	GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}

	- run: pnpm pkg-pr-new publish './packages/' './packages/sdk-effects/' --packageManager=pnpm --comment=off
	if: steps.changesets.outputs.published == 'false'

	- name: Send GitHub Action data to a Slack workflow
	if: steps.changesets.outputs.published == 'true'
	uses: slackapi/slack-github-action@v2.1.1
	with:
	payload-delimiter: '_'
	webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
	webhook-type: webhook-trigger
	payload: steps.changesets.outputs.publishedPackages

	- uses: codecov/codecov-action@v5
	with:
	files: ./packages/*/coverage/.xml
	token: ${{ secrets.CODECOV_TOKEN }}

	- name: Ensure builds run
	run: pnpm nx run-many -t build
	env:
	NX_CLOUD_DISTRIBUTED_EXECUTION: false

	- name: Build docs
	run: pnpm generate-docs

	- name: Publish api docs
	if: steps.changesets.outputs.published == 'true'
	uses: JamesIves/github-pages-deploy-action@v4.7.3
	with:
	folder: docs
	commit-message: 'chore: release-api-docs'

	- name: Publish api docs [beta]
	if: steps.changesets.outputs.published == 'false'
	id: latest-deploy
	uses: JamesIves/github-pages-deploy-action@v4.7.3
	with:
	folder: docs
	commit-message: 'chore: release-api-docs-beta'
	target-folder: 'beta'

	- name: Calculate baseline bundle sizes
	run: \|
	chmod +x ./scripts/bundle-sizes.sh
	rm -f previous_sizes.json
	echo "📊 Calculating fresh baseline bundle sizes for main branch"
	./scripts/bundle-sizes.sh
	echo "✅ Baseline bundle sizes calculated"
	cat previous_sizes.json

	- name: Upload baseline bundle sizes
	uses: actions/upload-artifact@v4
	with:
	name: bundle-size-baseline
	path: previous_sizes.json
	retention-days: 30

	snapshot:
	if: ${{ github.event_name == 'workflow_dispatch' }}
	name: Publish Snapshots
	permissions:
	contents: write
	id-token: write
	issues: write
	pull-requests: write
	runs-on: ubuntu-latest
	env:
	HUSKY: 0
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	ref: ${{ inputs.branch }}
	- uses: pnpm/action-setup@v4
	with:
	run_install: false
	- uses: actions/setup-node@v5
	with:
	node-version-file: '.node-version'
	cache: 'pnpm'

	- name: Update npm
	run: npm install -g npm@latest

	- run: pnpm install --frozen-lockfile

	- run: pnpm dlx nx-cloud start-ci-run --distribute-on=".nx/workflows/dynamic-changesets.yml" --stop-agents-after="e2e-ci" --with-env-vars="CODECOV_TOKEN"

	- name: Cache Playwright browsers
	uses: actions/cache@v4
	with:
	path: ~/.cache/ms-playwright
	key: ${{ runner.os }}-playwright-${{ hashFiles('**/pnpm-lock.yaml') }}
	restore-keys: \|
	${{ runner.os }}-playwright-

	- run: pnpm exec playwright install

	- uses: nrwl/nx-set-shas@v4
	with:
	main-branch-name: main

	- name: setup pnpm config
	run: pnpm config set store-dir $PNPM_CACHE_FOLDER

	- run: pnpm exec nx run-many -t build test e2e-ci

	- uses: actions/upload-artifact@v4
	if: ${{ !cancelled() }}
	with:
	name: playwright-report
	path: \|
	.//.playwright/
	retention-days: 30

	- name: Version Packages as prerelease
	run: pnpm changeset version --snapshot ${{ inputs.prerelease }}
	env:
	GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}

	# The actual npm publish that must occur in the authorized file
	- name: Publish packages with dist-tag
	run: pnpm publish -r --tag ${{ inputs.dist_tag }} --no-git-checks --access ${{ inputs.access }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #453 from ForgeRock/renovate/node-22.x #317

Workflow file

Merge pull request #453 from ForgeRock/renovate/node-22.x #317

Uh oh!

Workflow file for this run