Merge pull request #595 from ForgeRock/fix/journey-client-otp-register #397
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| snapshot_tag: | |
| description: 'changesets snapshot tag (beta/canary)' | |
| required: false | |
| default: 'beta' | |
| type: string | |
| npm_tag: | |
| description: 'npm dist-tag for publishing snapshot' | |
| required: false | |
| default: 'beta' | |
| type: string | |
| npm_access: | |
| description: 'access level for publishing snapshot to npm' | |
| required: false | |
| default: 'public' | |
| type: choice | |
| options: | |
| - public | |
| - restricted | |
| env: | |
| NX_CLOUD_ENCRYPTION_KEY: ${{ secrets.NX_CLOUD_ENCRYPTION_KEY }} | |
| NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} | |
| SLACK_WEBHOOK_URL_BETA: ${{ secrets.SLACK_WEBHOOK_URL_BETA }} | |
| PNPM_CACHE_FOLDER: .pnpm-store | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| CI: true | |
| jobs: | |
| publish-or-pr: | |
| if: github.event_name == 'push' | |
| permissions: | |
| contents: write | |
| issues: write | |
| pull-requests: write | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| env: | |
| LEFTHOOK: 0 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.GH_TOKEN }} | |
| - name: Setup Project | |
| uses: ./.github/actions/setup | |
| with: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| - name: publish | |
| uses: changesets/action@v1 | |
| id: changesets | |
| with: | |
| publish: pnpm ci:release | |
| version: pnpm ci:version | |
| title: Release PR | |
| branch: main | |
| commit: 'chore: version-packages' | |
| setupGitUser: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
| - name: Publish Release Steps | |
| if: steps.changesets.outputs.published == 'true' | |
| uses: ./.github/actions/publish-release | |
| with: | |
| publishedPackages: ${{ steps.changesets.outputs.publishedPackages }} | |
| slackWebhook: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| - name: Publish Beta Steps | |
| if: steps.changesets.outputs.published == 'false' | |
| uses: ./.github/actions/publish-beta | |
| - name: Calculate baseline bundle sizes | |
| run: | | |
| chmod +x ./scripts/bundle-sizes.sh | |
| rm -f previous_sizes.json | |
| echo "📊 Calculating fresh baseline bundle sizes for main branch" | |
| ./scripts/bundle-sizes.sh | |
| echo "✅ Baseline bundle sizes calculated" | |
| cat previous_sizes.json | |
| - name: Upload baseline bundle sizes | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: bundle-size-baseline | |
| path: previous_sizes.json | |
| retention-days: 30 | |
| snapshot: | |
| # Guard against publishing snapshots from the protected release branch. | |
| if: >- | |
| ${{ | |
| github.event_name == 'workflow_dispatch' && | |
| github.ref != 'refs/heads/changeset-release/main' | |
| }} | |
| name: Publish Snapshots | |
| permissions: | |
| contents: write | |
| id-token: write | |
| issues: write | |
| pull-requests: write | |
| runs-on: ubuntu-latest | |
| env: | |
| LEFTHOOK: 0 | |
| steps: | |
| - name: Branch name | |
| run: | | |
| echo "Checking out branch: ${{ github.ref_name }}" | |
| # Checkout the branch selected when triggering the workflow | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.GH_TOKEN }} | |
| - name: Setup Project | |
| uses: ./.github/actions/setup | |
| with: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Version Packages for snapshot | |
| run: pnpm changeset version --snapshot ${{ inputs.snapshot_tag }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
| - name: Publish packages snapshot with npm_tag | |
| id: npmpublish | |
| run: pnpm publish -r --tag ${{ inputs.npm_tag }} --no-git-checks --access ${{ inputs.npm_access }} | |
| - name: Format published packages for Slack | |
| if: steps.npmpublish.outcome == 'success' | |
| id: format-packages | |
| env: | |
| NPM_TAG: ${{ inputs.npm_tag }} | |
| SNAPSHOT_TAG: ${{ inputs.snapshot_tag }} | |
| run: | | |
| FORMATTED=$(jq -rs --arg tag "$SNAPSHOT_TAG" '[.[] | select(.version | contains($tag))] | .[] | ":package: *\(.name)* `\(.version)`"' packages/*/package.json packages/sdk-effects/*/package.json 2>/dev/null | sort -u) | |
| PAYLOAD=$(jq -n --arg packages "$FORMATTED" --arg npmTag "$NPM_TAG" '{"npmTag": $npmTag, "publishedPackages": $packages}') | |
| echo "payload<<EOF" >> $GITHUB_OUTPUT | |
| echo "$PAYLOAD" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| - name: Send GitHub Action data to a Slack workflow | |
| if: steps.npmpublish.outcome == 'success' | |
| id: slack-notify-beta | |
| continue-on-error: true | |
| uses: slackapi/slack-github-action@v2.1.1 | |
| with: | |
| webhook: ${{ env.SLACK_WEBHOOK_URL_BETA }} | |
| webhook-type: webhook-trigger | |
| payload: ${{ steps.format-packages.outputs.payload }} | |
| - name: Warn if Slack notification failed | |
| if: steps.slack-notify-beta.outcome == 'failure' | |
| run: | | |
| echo "::warning::Slack beta notification failed. Check the webhook URL and payload format." |