diff --git a/.github/workflows/cleanup-preview-packages.yaml b/.github/workflows/cleanup-preview-packages.yaml deleted file mode 100644 index c1a1f9ba5..000000000 --- a/.github/workflows/cleanup-preview-packages.yaml +++ /dev/null @@ -1,37 +0,0 @@ -name: Cleanup PR preview packages -on: - workflow_dispatch: - schedule: - - cron: '0 0/6 * * 6,0' - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - cleanup: - name: Cleanup PR Previews - runs-on: ubuntu-latest - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} - GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} - - steps: - - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 - with: - egress-policy: audit - - name: Checkout Source Code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Prepare cleanup - id: prepare - run: | - echo "openPRs=$(gh pr list --state open --json number|jq -cM 'map(.number|tostring)')" >> $GITHUB_OUTPUT - echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }}" > .npmrc - - - name: Cleanup PR preview - uses: Kong/public-shared-actions/pr-previews/cleanup@main - with: - package: "@kong/kong-auth-elements" - openPRs: ${{ steps.prepare.outputs.openPRs }} diff --git a/.github/workflows/pr-closed.yaml b/.github/workflows/pr-closed.yaml index 99f2c0574..d7a58d172 100644 --- a/.github/workflows/pr-closed.yaml +++ b/.github/workflows/pr-closed.yaml @@ -7,8 +7,6 @@ jobs: remove-pr-preview-comment: name: Remove PR preview comment from PR runs-on: ubuntu-latest - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} steps: - name: Harden Runner uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 5f65c3a6b..6744fbe17 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -7,13 +7,23 @@ on: - alpha - beta + pull_request: + branches: + - main + - alpha + - beta + +permissions: + id-token: write + contents: read + actions: read + + jobs: run-tests: name: Tests uses: ./.github/workflows/test.yaml - # Must pass in secrets here so that the calling workflow can pass in the NPM_TOKEN needed to install private packages. secrets: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} VITE_AUTH_URL: ${{ secrets.VITE_AUTH_URL }} publish: needs: run-tests @@ -24,35 +34,100 @@ jobs: uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit + + - name: Remove preview consumption comment + if: github.event_name == 'pull_request' + uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 + with: + header: pr_preview_consumption + delete: true + GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} + - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: token: ${{ secrets.KONGPONENTS_BOT_PAT }} + fetch-depth: 0 - name: Use Node.js uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: + registry-url: https://registry.npmjs.org node-version-file: '.nvmrc' - name: Install dependencies run: yarn install --frozen-lockfile - - name: Lint - run: yarn lint - - name: Build run: yarn build - - name: Create .npmrc + - name: Publish package preview + id: package-preview + # Do not run for `alpha` or `beta` branches + if: github.event_name == 'pull_request' && github.actor != 'renovate[bot]' && !contains(github.head_ref || github.ref_name, 'alpha') && !contains(github.head_ref || github.ref_name, 'beta') env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} - # Reference the env variable NPM_TOKEN here, not the secret - run: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc + GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} + run: | + git config user.email "konnectx-engineers+kongponents-bot@konghq.com" + git config user.name "Kong UI Bot" + + preid="pr.${{ github.event.pull_request.number }}.$(git rev-parse --short ${{ github.event.pull_request.head.sha }})" + tag="pr-${{ github.event.pull_request.number }}" + echo "preid=${preid}" + + git checkout ${{ github.head_ref }} + + yarn version --prerelease --preid ${preid} --allow-branch ${{ github.head_ref }} --no-git-tag-version --yes --amend + + package_version=$(jq -r ".version" package.json) + package=@kong/kong-auth-elements@"${package_version}" + + npm show "${package}" >/dev/null 2>&1 && npm_show_status=0 || npm_show_status=1 + if [ $npm_show_status -eq 0 ]; then + echo "Package ${package} is already published. Skipping publishing." + exit 0 + fi + + npm_instructions="" + + pkg=$(npm publish --no-git-checks --access public --report-summary --tag "${tag}" | grep "+ "| sed 's/+ //') + + if [[ -z "${pkg}" ]]; then + echo "Error publishing package" + exit -1 + fi + + npm_instructions="@$(echo ${pkg}|cut -d'@' -f2)@${tag}" + + echo "npm_instructions<> $GITHUB_OUTPUT + echo -e "$npm_instructions" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + - name: Provide preview link info + if: ${{ steps.package-preview.outputs.npm_instructions != '' }} + uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 + with: + header: pr_preview_consumption + message: | + ### Install the preview package from this PR in your consuming application + + In your host project, you may install the preview package version generated by this PR: + + ```sh + ${{ steps.package-preview.outputs.npm_instructions }} + ``` + GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} - name: Semantic Release uses: cycjimmy/semantic-release-action@16ca923e6ccbb50770c415a0ccd43709a8c5f7a4 # v4.2.2 + if: github.event_name == 'push' env: # Since branch protections are on (pushing commits) you need to use a bot PAT GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} + # as of now cycjimmy/semantic-release-action is not publishing to npmjs as + # trusted publishing is not yet supported, so we want to do a publish as separate step + - name: Publish to npm + if: github.event_name == 'push' + run: | + npm publish diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 5d8763459..c3d8e5c49 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,19 +1,10 @@ name: Tests on: - pull_request: - branches: - - main - - alpha - - beta # Allow workflow to be called by another workflow workflow_call: - # Must define secrets here so that the calling workflow can pass in the NPM_TOKEN needed to install private packages. secrets: - NPM_TOKEN: - description: 'The NPM_TOKEN passed from the caller workflow as it is not available within workflow_call.' - required: true VITE_AUTH_URL: description: 'The base URL of the KAuth backend, e.g. https://global.api.konghq.tech' required: true @@ -36,13 +27,6 @@ jobs: uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - - name: Remove preview consumption comment - if: github.event_name == 'pull_request' - uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 - with: - header: pr_preview_consumption - delete: true - GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -53,6 +37,7 @@ jobs: uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version-file: '.nvmrc' + registry-url: https://registry.npmjs.org - name: Install dependencies run: yarn install --frozen-lockfile @@ -66,73 +51,6 @@ jobs: - name: Typecheck run: yarn typecheck - - name: Build - if: github.event_name == 'pull_request' - run: yarn build - - - name: Create .npmrc - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} - # Reference the env variable NPM_TOKEN here, not the secret - run: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc - - - name: Publish package preview - id: package-preview - # Do not run for `alpha` or `beta` branches - if: github.event_name == 'pull_request' && github.actor != 'renovate[bot]' && !contains(github.head_ref || github.ref_name, 'alpha') && !contains(github.head_ref || github.ref_name, 'beta') - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} - run: | - git config user.email "konnectx-engineers+kongponents-bot@konghq.com" - git config user.name "Kong UI Bot" - - preid="pr.${{ github.event.pull_request.number }}.$(git rev-parse --short ${{ github.event.pull_request.head.sha }})" - tag="pr-${{ github.event.pull_request.number }}" - echo "preid=${preid}" - - git checkout ${{ github.head_ref }} - - yarn version --prerelease --preid ${preid} --allow-branch ${{ github.head_ref }} --no-git-tag-version --yes --amend - - package_version=$(jq -r ".version" package.json) - package=@kong/kong-auth-elements@"${package_version}" - - npm show "${package}" >/dev/null 2>&1 && npm_show_status=0 || npm_show_status=1 - if [ $npm_show_status -eq 0 ]; then - echo "Package ${package} is already published. Skipping publishing." - exit 0 - fi - - npm_instructions="" - - pkg=$(npm publish --no-git-checks --access public --report-summary --tag "${tag}" | grep "+ "| sed 's/+ //') - - if [[ -z "${pkg}" ]]; then - echo "Error publishing package" - exit -1 - fi - - npm_instructions="@$(echo ${pkg}|cut -d'@' -f2)@${tag}" - - echo "npm_instructions<> $GITHUB_OUTPUT - echo -e "$npm_instructions" >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT - - - name: Provide preview link info - if: ${{ steps.package-preview.outputs.npm_instructions != '' }} - uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 - with: - header: pr_preview_consumption - message: | - ### Install the preview package from this PR in your consuming application - - In your host project, you may install the preview package version generated by this PR: - - ```sh - ${{ steps.package-preview.outputs.npm_instructions }} - ``` - GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} - - name: Run Cypress component tests uses: cypress-io/github-action@b8ba51a856ba5f4c15cf39007636d4ab04f23e3c # v6.10.2 with: diff --git a/.nvmrc b/.nvmrc index 91d5f6ff8..b5e8f5c1d 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -22.18.0 +24.6.0 diff --git a/package.json b/package.json index 618e1d1b7..e6cf21af2 100644 --- a/package.json +++ b/package.json @@ -128,7 +128,12 @@ "changelogFile": "CHANGELOG.md" } ], - "@semantic-release/npm", + [ + "@semantic-release/npm", + { + "npmPublish": false + } + ], [ "@semantic-release/git", { @@ -155,7 +160,7 @@ "node": ">=22.18.0" }, "volta": { - "node": "22.18.0", + "node": "24.6.0", "yarn": "1.22.22" } }