-
-
Notifications
You must be signed in to change notification settings - Fork 151
135 lines (124 loc) · 4.84 KB
/
Copy pathadmin-release.yml
File metadata and controls
135 lines (124 loc) · 4.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Admin Release
# Independent admin release, decoupled from the core release (`v*` tags).
# Builds the admin SPA, bumps its version, packages it (electron-style update
# artifact + latest.json manifest), publishes to S3 (reserved — no-op until
# ADMIN_UPDATE_S3_* are configured), and records the release as an `admin-v*` tag.
on:
push:
tags:
- 'admin-v*'
workflow_dispatch:
inputs:
bump:
description: 'Semver bump level for the admin package'
type: choice
options:
- patch
- minor
- major
default: patch
dry_run:
description: 'Build & package only — no version commit, tag, or S3 publish'
type: boolean
default: false
permissions:
contents: write
# Cloudflare R2 (S3-compatible) publish target — hardcoded per request.
# Credentials come from repo secrets AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY
# (an R2 "S3 API" token). ADMIN_PUBLIC_BASE is the bucket's public read base
# (custom domain mapped to the bucket root); it is written into latest.json `url`.
env:
R2_BUCKET: admin-r2
R2_ENDPOINT: https://de7ecb0eaa0a328071255d557a6adb66.r2.cloudflarestorage.com
ADMIN_PUBLIC_BASE: https://admin-r2.innei.dev
jobs:
release-admin:
name: Build, version & publish admin
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 0
fetch-tags: true
- name: Setup Node.js and pnpm
uses: ./.github/actions/setup-node
with:
node-version: '22.x'
- name: Resolve admin version
id: bump
run: |
if [ "${{ github.event_name }}" = "push" ]; then
# Tag-triggered (admin-v*): the version was already bumped, committed
# and tagged by scripts/release-admin.sh — just read it from the tag.
VERSION="${GITHUB_REF_NAME#admin-v}"
else
VERSION="$(node apps/core/scripts/bump-admin-release.js ${{ inputs.bump }})"
fi
echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
echo "Admin version: ${VERSION}"
- name: Build admin
run: pnpm --filter @mx-admin/admin run build
- name: Package admin
id: pkg
run: |
set -e
VERSION="${{ steps.bump.outputs.version }}"
ZIP="admin-${VERSION}.zip"
# Top-level dist/ wrapper, matching the layout consumers flatten at install time.
( cd apps/admin && zip -r "../../${ZIP}" dist )
SHA="$(sha256sum "${ZIP}" | awk '{print $1}')"
if [ -n "${ADMIN_PUBLIC_BASE:-}" ]; then
URL="${ADMIN_PUBLIC_BASE%/}/${ZIP}"
else
URL=""
fi
cat > latest.json <<EOF
{
"version": "${VERSION}",
"file": "${ZIP}",
"url": "${URL}",
"sha256": "${SHA}",
"tag": "admin-v${VERSION}"
}
EOF
echo "zip=${ZIP}" >> "$GITHUB_OUTPUT"
cat latest.json
- name: Upload workflow artifact
uses: actions/upload-artifact@v7
with:
name: admin-${{ steps.bump.outputs.version }}
path: |
${{ steps.pkg.outputs.zip }}
latest.json
if-no-files-found: error
retention-days: 30
# Publish to Cloudflare R2 (S3-compatible). Skipped only on a dry-run dispatch.
- name: Publish admin assets to R2
if: ${{ !(github.event_name == 'workflow_dispatch' && inputs.dry_run) }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: auto
# Recent aws-cli defaults to CRC64-NVME checksums that R2 rejects — force off.
AWS_REQUEST_CHECKSUM_CALCULATION: when_required
AWS_RESPONSE_CHECKSUM_VALIDATION: when_required
run: |
set -e
ZIP="${{ steps.pkg.outputs.zip }}"
aws s3 cp "${ZIP}" "s3://${R2_BUCKET}/${ZIP}" --endpoint-url "${R2_ENDPOINT}"
aws s3 cp latest.json "s3://${R2_BUCKET}/latest.json" --endpoint-url "${R2_ENDPOINT}"
# Only the UI path (workflow_dispatch) bumps + tags here. The tag-triggered
# path already has its commit + tag from scripts/release-admin.sh.
- name: Commit version bump & tag
if: ${{ github.event_name == 'workflow_dispatch' && !inputs.dry_run }}
run: |
set -e
VERSION="${{ steps.bump.outputs.version }}"
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add apps/admin/package.json
git commit -m "chore(admin): release v${VERSION}"
git tag "admin-v${VERSION}"
git push origin "HEAD:${{ github.ref_name }}"
git push origin "admin-v${VERSION}"