Merge pull request #611 from InjectiveLabs/chore/auction-whitelist-ne… #1104
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| # Unified publish workflow for all release types: | |
| # - latest: Triggered on push to dev branch (npm tag: latest) | |
| # - canary: Triggered on feature branches with "canary" in commit message (npm tag: alpha) | |
| # - beta: Triggered on feature branches with "beta" in commit message (npm tag: beta) | |
| # | |
| # Uses OIDC trusted publishing - no NPM_TOKEN required. | |
| # Configured as trusted publisher on npm: https://docs.npmjs.com/trusted-publishers | |
| on: | |
| push: | |
| branches-ignore: | |
| - master | |
| workflow_dispatch: | |
| # OIDC requires id-token: write permission | |
| # contents: write is needed for git push --follow-tags | |
| permissions: | |
| contents: write | |
| id-token: write | |
| jobs: | |
| # ============================================ | |
| # Publish Job - Handles latest, canary, and beta | |
| # ============================================ | |
| publish: | |
| name: 'Publish' | |
| runs-on: ubuntu-latest | |
| # Skip if: | |
| # - Contains skip keywords (for dev branch) | |
| # - Is workflow_dispatch on dev branch | |
| # - Is a feature branch without canary/beta keyword | |
| if: | | |
| !contains(github.event.head_commit.message, 'GITBOOK') && | |
| !contains(github.event.head_commit.message, 'skip-deploy') && | |
| !contains(github.event.head_commit.message, 'skip deploy') && | |
| ( | |
| github.ref == 'refs/heads/dev' || | |
| contains(github.event.head_commit.message, 'canary') || | |
| contains(github.event.head_commit.message, 'beta') | |
| ) && | |
| !(github.ref == 'refs/heads/dev' && github.event_name == 'workflow_dispatch') | |
| outputs: | |
| publish_type: ${{ steps.determine-publish-type.outputs.type }} | |
| dist_tag: ${{ steps.determine-publish-type.outputs.dist_tag }} | |
| version_args: ${{ steps.determine-publish-type.outputs.version_args }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Using Node from .nvmrc | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: '.nvmrc' | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: latest | |
| - name: Get pnpm store directory | |
| shell: bash | |
| run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV | |
| - name: Setup pnpm cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ${{ env.STORE_PATH }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| # OIDC trusted publishing requires npm 11.5.1+ | |
| - name: Update npm for OIDC trusted publishing | |
| run: npm install -g npm@latest | |
| - name: Set up Git user | |
| run: | | |
| git config user.name "${{ github.actor }}" | |
| git config user.email "${{ github.actor }}@users.noreply.github.com" | |
| - name: Determine publish type | |
| id: determine-publish-type | |
| env: | |
| COMMIT_MSG: ${{ github.event.head_commit.message }} | |
| BRANCH: ${{ github.ref }} | |
| run: | | |
| # Check for conflicting keywords | |
| HAS_CANARY=false | |
| HAS_BETA=false | |
| if echo "$COMMIT_MSG" | grep -qi "canary"; then | |
| HAS_CANARY=true | |
| fi | |
| if echo "$COMMIT_MSG" | grep -qi "beta"; then | |
| HAS_BETA=true | |
| fi | |
| # Determine publish type based on branch and commit message | |
| if [[ "$BRANCH" == "refs/heads/dev" ]]; then | |
| TYPE="latest" | |
| DIST_TAG="latest" | |
| VERSION_ARGS="patch --force-publish --force-git-tag --no-changelog --yes --no-push" | |
| elif [[ "$HAS_CANARY" == "true" && "$HAS_BETA" == "true" ]]; then | |
| echo "::error::Commit message contains both 'canary' and 'beta'. Please use only one." | |
| exit 1 | |
| elif [[ "$HAS_CANARY" == "true" ]]; then | |
| TYPE="canary" | |
| DIST_TAG="alpha" | |
| VERSION_ARGS="prerelease --preid alpha --force-publish --force-git-tag --no-changelog --yes --no-push" | |
| elif [[ "$HAS_BETA" == "true" ]]; then | |
| TYPE="beta" | |
| DIST_TAG="beta" | |
| VERSION_ARGS="prerelease --preid beta --force-publish --force-git-tag --no-changelog --yes --no-push" | |
| else | |
| echo "::error::No valid publish type determined. This should not happen." | |
| exit 1 | |
| fi | |
| echo "type=$TYPE" >> $GITHUB_OUTPUT | |
| echo "dist_tag=$DIST_TAG" >> $GITHUB_OUTPUT | |
| echo "version_args=$VERSION_ARGS" >> $GITHUB_OUTPUT | |
| - name: Build dependencies | |
| run: | | |
| node etc/bootstrapEnv | |
| pnpm install | |
| pnpm build | |
| - name: Version packages | |
| run: | | |
| pnpm exec lerna version ${{ steps.determine-publish-type.outputs.version_args }} | |
| # pnpm pack resolves catalog: protocol, npm publish handles OIDC authentication | |
| - name: Publish to npm (OIDC) | |
| run: | | |
| DIST_TAG="${{ steps.determine-publish-type.outputs.dist_tag }}" | |
| PUBLISHED_PACKAGES="[]" | |
| ROOT_DIR="$(pwd)" | |
| PUBLISH_COUNT=0 | |
| for pkg_json in packages/*/package.json packages/wallets/*/package.json; do | |
| pkg_dir=$(dirname "$pkg_json") | |
| pkg_name=$(node -p "require('./$pkg_json').name") | |
| pkg_version=$(node -p "require('./$pkg_json').version") | |
| echo "📦 Publishing $pkg_name@$pkg_version" | |
| # Pack with pnpm to resolve catalog: dependencies | |
| pnpm --dir "$pkg_dir" pack --pack-destination "$ROOT_DIR" | |
| tarball_name=$(echo "$pkg_name" | sed 's/@//;s/\//-/')-$pkg_version.tgz | |
| if [ -f "$tarball_name" ]; then | |
| if npm publish "$tarball_name" --access public --tag "$DIST_TAG" --provenance; then | |
| PUBLISHED_PACKAGES=$(echo "$PUBLISHED_PACKAGES" | node -p "JSON.stringify([...JSON.parse(require('fs').readFileSync('/dev/stdin','utf8')), {name:'$pkg_name',version:'$pkg_version'}])") | |
| PUBLISH_COUNT=$((PUBLISH_COUNT + 1)) | |
| fi | |
| rm -f "$tarball_name" | |
| else | |
| echo "⚠️ No tarball found for $pkg_name" | |
| fi | |
| done | |
| echo "{\"publishedPackages\":$PUBLISHED_PACKAGES}" > pnpm-publish-summary.json | |
| if [ "$PUBLISH_COUNT" -eq 0 ]; then | |
| echo "::error::No packages were published. Check npm OIDC trusted publisher configuration." | |
| exit 1 | |
| fi | |
| echo "✅ Successfully published $PUBLISH_COUNT packages" | |
| - name: Push tags to git | |
| run: | | |
| git push origin HEAD --follow-tags | |
| - name: Broadcast published versions on Slack | |
| run: node etc/slack.cjs --api=$SLACK_API --actor=$GIT_ACTOR --commit-message=$GIT_LATEST_COMMIT_MESSAGE | |
| env: | |
| GIT_ACTOR: ${{ github.actor }} | |
| SLACK_API: ${{ secrets.SLACK_API }} | |
| GIT_LATEST_COMMIT_MESSAGE: ${{ github.event.head_commit.message }} | |
| # ============================================ | |
| # Package Bump Jobs (only after latest publish on dev branch) | |
| # ============================================ | |
| trigger-package-bumps: | |
| name: 'Trigger Package Bumps' | |
| needs: publish | |
| if: needs.publish.result == 'success' && needs.publish.outputs.publish_type == 'latest' | |
| uses: ./.github/workflows/package-bump.yaml | |
| secrets: inherit |