Skip to content

Commit 4d4f69b

Browse files
authored
Change to OIDC release (#148)
1 parent 7473bb5 commit 4d4f69b

2 files changed

Lines changed: 144 additions & 135 deletions

File tree

.github/workflows/release.yml

Lines changed: 144 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -5,40 +5,173 @@ on:
55
branches:
66
- master
77

8+
issue_comment:
9+
types: [created]
10+
811
env:
9-
npm-token: ${{ secrets.NPM_TOKEN }}
1012
github-token: ${{ secrets.GITHUB_TOKEN }}
11-
node-version: '20.x'
13+
node-version: '24.x'
14+
snapshot-release-tag: pr${{ github.event.issue.number }}-run${{ github.run_number }}-${{ github.run_attempt }}
1215

1316
jobs:
1417
release:
1518
name: Release
16-
runs-on: ubuntu-22.04
19+
if: github.event.comment == ''
20+
runs-on: ubuntu-24.04
1721
permissions:
22+
id-token: write # allows ODIC publishing
1823
contents: write
1924
pull-requests: write
2025

2126
steps:
22-
- name: Check out repository
23-
uses: actions/checkout@v4
27+
- uses: actions/checkout@v4
2428

25-
- name: Set up Node.js
26-
uses: actions/setup-node@v4
29+
- uses: actions/setup-node@v4
2730
with:
2831
node-version: ${{ env.node-version }}
2932
cache: yarn
3033
cache-dependency-path: '**/yarn.lock'
3134

32-
- name: Install packages
33-
run: yarn install --prefer-offline
35+
- run: yarn install --prefer-offline
3436

3537
- name: Create Release Pull Request or Publish to NPM
3638
id: changesets
37-
uses: changesets/action@v1.4.0
39+
uses: changesets/action@v1.8.0
3840
with:
3941
publish: yarn release
4042
commit: 'chore(release): update packages versions'
4143
title: 'Upcoming Release Changes'
4244
env:
4345
GITHUB_TOKEN: ${{ env.github-token }}
44-
NPM_TOKEN: ${{ env.npm-token }}
46+
47+
release-snapshot-check:
48+
if: github.event.comment != ''
49+
runs-on: ubuntu-24.04
50+
permissions:
51+
pull-requests: write
52+
outputs:
53+
triggered: ${{ steps.check.outputs.triggered }}
54+
steps:
55+
- name: Acknowledge deployment request to commenter
56+
id: check
57+
uses: khan/pull-request-comment-trigger@v1.1.0
58+
with:
59+
trigger: '/release-snapshot'
60+
reaction: rocket
61+
env:
62+
GITHUB_TOKEN: ${{ env.github-token }}
63+
64+
- name: Validate user
65+
if: ${{ steps.check.outputs.triggered == 'true' }}
66+
run: |
67+
if [[ "${AUTHOR_ASSOCIATION}" != 'OWNER' ]]
68+
then
69+
echo "User authorization failed"
70+
exit 1
71+
else
72+
echo "User authorization successful"
73+
exit 0
74+
fi
75+
env:
76+
AUTHOR_ASSOCIATION: ${{ github.event.comment.author_association }}
77+
78+
- name: Report failure
79+
if: failure()
80+
uses: octokit/request-action@v2.4.0
81+
with:
82+
route: POST /repos/{owner}/{repo}/issues/{issue_number}/comments
83+
owner: ${{ github.repository_owner }}
84+
repo: ${{ github.event.repository.name }}
85+
issue_number: ${{ github.event.issue.number }}
86+
body: '❌ No permission to release snapshot'
87+
env:
88+
GITHUB_TOKEN: ${{ env.github-token }}
89+
90+
release-snapshot:
91+
runs-on: ubuntu-24.04
92+
needs: release-snapshot-check
93+
permissions:
94+
id-token: write # allows ODIC publishing
95+
contents: read
96+
pull-requests: write # allows posting a message to the PR about success/error
97+
if: needs.release-snapshot-check.outputs.triggered == 'true'
98+
steps:
99+
- name: Get Pull Request ref
100+
id: get_pull_request_ref
101+
uses: octokit/request-action@v2.4.0
102+
with:
103+
route: GET /repos/{owner}/{repo}/pulls/{issue_number}
104+
owner: ${{ github.repository_owner }}
105+
repo: ${{ github.event.repository.name }}
106+
issue_number: ${{ github.event.issue.number }}
107+
env:
108+
GITHUB_TOKEN: ${{ env.github-token }}
109+
110+
- uses: actions/checkout@v4
111+
with:
112+
persist-credentials: true
113+
repository: ${{ fromJson(steps.get_pull_request_ref.outputs.data).head.repo.full_name }}
114+
ref: ${{ fromJson(steps.get_pull_request_ref.outputs.data).head.ref }}
115+
116+
- uses: actions/setup-node@v4
117+
with:
118+
node-version: ${{ env.node-version }}
119+
registry-url: 'https://registry.npmjs.org'
120+
cache: yarn
121+
cache-dependency-path: '**/yarn.lock'
122+
123+
- run: yarn install --prefer-offline
124+
125+
- name: Deploy snapshot
126+
run: |
127+
yarn changeset version --snapshot $RELEASE_TAG
128+
yarn nx run-many --target=build
129+
yarn changeset publish --tag alpha --no-git-tag
130+
env:
131+
GITHUB_TOKEN: ${{ env.github-token }}
132+
RELEASE_TAG: ${{ env.snapshot-release-tag }}
133+
134+
- name: Get snapshot versions
135+
id: get_snapshot_versions
136+
run: |
137+
PACKAGES=(
138+
"@eddeee888/nx-graphql-code-generator"
139+
)
140+
141+
echo "versions<<EOF" >> $GITHUB_OUTPUT
142+
for pkg in "${PACKAGES[@]}"; do
143+
version=$(npm view "$pkg" dist-tags.alpha)
144+
echo "" >> $GITHUB_OUTPUT
145+
echo "$pkg@$version" >> $GITHUB_OUTPUT
146+
done
147+
echo "" >> $GITHUB_OUTPUT
148+
echo "EOF" >> $GITHUB_OUTPUT
149+
150+
- name: Report success
151+
if: success()
152+
uses: octokit/request-action@v2.4.0
153+
with:
154+
route: POST /repos/{owner}/{repo}/issues/{issue_number}/comments
155+
owner: ${{ github.repository_owner }}
156+
repo: ${{ github.event.repository.name }}
157+
issue_number: ${{ github.event.issue.number }}
158+
body: |
159+
✅ **Snapshot published**
160+
161+
```bash
162+
${{ steps.get_snapshot_versions.outputs.versions }}
163+
```
164+
env:
165+
GITHUB_TOKEN: ${{ env.github-token }}
166+
167+
- name: Report failure
168+
if: failure()
169+
uses: octokit/request-action@v2.4.0
170+
with:
171+
route: POST /repos/{owner}/{repo}/issues/{issue_number}/comments
172+
owner: ${{ github.repository_owner }}
173+
repo: ${{ github.event.repository.name }}
174+
issue_number: ${{ github.event.issue.number }}
175+
body: '❌ Failed to publish package/s with tag `${{ env.snapshot-release-tag }}`'
176+
env:
177+
GITHUB_TOKEN: ${{ env.github-token }}

.github/workflows/snapshot.yml

Lines changed: 0 additions & 124 deletions
This file was deleted.

0 commit comments

Comments
 (0)