@@ -2,19 +2,26 @@ name: Deploy
22
33on :
44 push :
5- branches : [main]
5+ branches :
6+ - main
7+ - changeset-release/main
8+ workflow_dispatch :
9+ # Snapit trigger - runs when /snapit comment is made on a PR
10+ issue_comment :
11+ types :
12+ - created
613
7- concurrency :
8- group : ${{ github.workflow }}-${{ github.ref }}
9- cancel-in-progress : true
14+ concurrency : ${{ github.workflow }}-${{ github.ref }}
1015
1116jobs :
1217 checks :
1318 name : Checks 📝
19+ if : ${{ github.event_name == 'push' && github.ref_name == 'main' }}
1420 uses : ./.github/workflows/checks.yml
1521
1622 deploy :
1723 name : Deploy 🚀
24+ if : ${{ github.event_name == 'push' && github.ref_name == 'main' }}
1825 needs : [checks]
1926 runs-on : ubuntu-latest
2027 timeout-minutes : 5
2431 steps :
2532 - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
2633 - uses : ./.github/workflows/actions/prepare
34+ - name : Update npm to 11.7
35+ run : npm install -g npm@11.7
2736 - run : pnpm run type-check
2837 - run : pnpm run build
2938 - run : pnpm run deploy
3039 env :
3140 NPM_TOKEN : ' ' # Empty string forces OIDC
41+ NPM_CONFIG_PROVENANCE : true
42+
43+ preview :
44+ name : Preview 🔮
45+ if : ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref_name == 'changeset-release/main') }}
46+ runs-on : ubuntu-latest
47+ timeout-minutes : 5
48+ permissions :
49+ contents : read
50+ id-token : write # Required for OIDC authentication
51+ steps :
52+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
53+ - uses : ./.github/workflows/actions/prepare
54+ - name : Update npm to 11.7
55+ run : npm install -g npm@11.7
56+
57+ # Changeset entries are consumed on this branch. We need to reset the
58+ # changeset files so that the snapshot command knows the correct packages,
59+ # and does not accidentally publish the new, non-preview version numbers
60+ # prematurely.
61+ - name : Reset changeset entries
62+ run : |
63+ git fetch origin main
64+ git checkout origin/main -- .changeset
65+
66+ run : pnpm run type-check
67+ - run : pnpm run build
68+
69+ - name : Deploy preview versions to NPM
70+ run : |
71+ pnpm changeset version --snapshot preview
72+ pnpm changeset publish --tag preview --no-git-tag
73+ env :
74+ GITHUB_TOKEN : ${{ secrets.SHOPIFY_GH_ACCESS_TOKEN }}
75+ NPM_TOKEN : ' ' # Empty string forces OIDC
76+ NPM_CONFIG_PROVENANCE : true
77+
78+ # Snapit job - runs when /snapit comment is made on a PR
79+ snapit :
80+ name : Snapit
81+ if : ${{ github.event_name == 'issue_comment' && github.event.issue.pull_request && github.event.comment.body == '/snapit' }}
82+ runs-on : ubuntu-latest
83+ permissions :
84+ contents : read
85+ pull-requests : write
86+ id-token : write # Required for OIDC authentication
87+ steps :
88+ # WARNING: DO NOT RUN ANY CUSTOM LOCAL SCRIPT BEFORE RUNNING THE SNAPIT ACTION
89+ # This action can be executed by 3rd party users and it should not be able to run arbitrary code from a PR.
90+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
91+ with :
92+ token : ${{ secrets.SHOPIFY_GH_ACCESS_TOKEN }}
93+
94+ - uses : ./.github/workflows/actions/prepare
95+
96+ - name : Update npm to 11.7
97+ run : npm install -g npm@11.7
98+
99+ - name : Create snapshot
100+ uses : Shopify/snapit@v0.1.0
101+ env :
102+ GITHUB_TOKEN : ${{ secrets.SHOPIFY_GH_ACCESS_TOKEN }}
103+ NPM_TOKEN : ' ' # Empty string forces OIDC
104+ NPM_CONFIG_PROVENANCE : true
105+ with :
106+ build_script : pnpm build:snapit
107+ comment_command : /snapit
0 commit comments