try matching permissions #147
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow is used to build and publish a github release | ||
|
Check failure on line 1 in .github/workflows/publish-release.yml
|
||
| # to all platforms. This workflow cannot be manually ran to | ||
| # prevent the same release from being published more than once. | ||
| name: Publish Release | ||
| on: | ||
| release: | ||
| types: [published] | ||
| permissions: | ||
| id-token: write | ||
| contents: write | ||
| jobs: | ||
| # Build and publish the github release to S3 | ||
| publish-prod-to-s3: | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 30 | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 22.11.0 # See package.json for the stable node version that works with our testing. Do not change this unless you know what you are doing as some node versions do not play nicely with our testing server. | ||
| - name: Install project dependencies | ||
| run: npm ci | ||
| - name: Build prod | ||
| run: npm run cdn:build:prod | ||
| - name: Upload prod | ||
| id: s3-upload | ||
| uses: ./.github/actions/s3-upload | ||
| with: | ||
| aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| aws_role: ${{ secrets.AWS_ROLE_ARN }} | ||
| aws_bucket_name: ${{ secrets.AWS_BUCKET }} | ||
| local_dir: $GITHUB_WORKSPACE/build | ||
| - name: Gather cdn purge paths | ||
| id: purge-paths | ||
| run: echo "results=$(echo '${{ steps.s3-upload.outputs.results }}' | jq -j '.[].Key + " "')" >> $GITHUB_OUTPUT | ||
| - name: Purge production cdn | ||
| uses: ./.github/actions/fastly-purge | ||
| with: | ||
| fastly_key: ${{ secrets.FASTLY_PURGE_KEY }} | ||
| fastly_service: js-agent.newrelic.com | ||
| purge_path: ${{ steps.purge-paths.outputs.results }} | ||
| - name: Purge staging cdn | ||
| uses: ./.github/actions/fastly-purge | ||
| with: | ||
| fastly_key: ${{ secrets.FASTLY_PURGE_KEY }} | ||
| fastly_service: staging-js-agent.newrelic.com | ||
| purge_path: ${{ steps.purge-paths.outputs.results }} | ||
| - name: Verify production cdn assets | ||
| uses: ./.github/actions/fastly-verify | ||
| with: | ||
| fastly_key: ${{ secrets.FASTLY_PURGE_KEY }} | ||
| fastly_service: js-agent.newrelic.com | ||
| asset_path: ${{ join(fromJson(steps.s3-upload.outputs.results).*.Key, ' ') }} | ||
| - name: Verify staging cdn assets | ||
| uses: ./.github/actions/fastly-verify | ||
| with: | ||
| fastly_key: ${{ secrets.FASTLY_PURGE_KEY }} | ||
| fastly_service: staging-js-agent.newrelic.com | ||
| asset_path: ${{ join(fromJson(steps.s3-upload.outputs.results).*.Key, ' ') }} | ||
| # Publish the new "current" version to s3 before the prod a/b scripts have been built | ||
| publish-current-to-s3: | ||
| needs: [publish-prod-to-s3] | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 30 | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 22.11.0 # See package.json for the stable node version that works with our testing. Do not change this unless you know what you are doing as some node versions do not play nicely with our testing server. | ||
| - name: Get version number | ||
| id: agent-loader-version | ||
| run: echo "results=$(cat package.json | jq -r '.version')" >> $GITHUB_OUTPUT | ||
| - name: Copy loaders to current | ||
| id: s3-upload | ||
| uses: ./.github/actions/update-current | ||
| with: | ||
| aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| aws_role: ${{ secrets.AWS_ROLE_ARN }} | ||
| aws_bucket_name: ${{ secrets.AWS_BUCKET }} | ||
| loader_version: ${{ steps.agent-loader-version.outputs.results }} | ||
| - name: Gather cdn purge paths | ||
| id: purge-paths | ||
| run: echo "results=$(echo '${{ steps.s3-upload.outputs.results }}' | jq -j '.[].Key + " "')" >> $GITHUB_OUTPUT | ||
| - name: Purge production cdn | ||
| uses: ./.github/actions/fastly-purge | ||
| with: | ||
| fastly_key: ${{ secrets.FASTLY_PURGE_KEY }} | ||
| fastly_service: js-agent.newrelic.com | ||
| purge_path: ${{ steps.purge-paths.outputs.results }} | ||
| - name: Purge staging cdn | ||
| uses: ./.github/actions/fastly-purge | ||
| with: | ||
| fastly_key: ${{ secrets.FASTLY_PURGE_KEY }} | ||
| fastly_service: staging-js-agent.newrelic.com | ||
| purge_path: ${{ steps.purge-paths.outputs.results }} | ||
| - name: Verify production cdn assets | ||
| uses: ./.github/actions/fastly-verify | ||
| with: | ||
| fastly_key: ${{ secrets.FASTLY_PURGE_KEY }} | ||
| fastly_service: js-agent.newrelic.com | ||
| asset_path: ${{ join(fromJson(steps.s3-upload.outputs.results).*.Key, ' ') }} | ||
| - name: Verify staging cdn assets | ||
| uses: ./.github/actions/fastly-verify | ||
| with: | ||
| fastly_key: ${{ secrets.FASTLY_PURGE_KEY }} | ||
| fastly_service: staging-js-agent.newrelic.com | ||
| asset_path: ${{ join(fromJson(steps.s3-upload.outputs.results).*.Key, ' ') }} | ||
| # Rebuild and publish the prod environment A/B script | ||
| publish-prod-ab: | ||
| needs: [publish-current-to-s3] | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 30 | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 22.11.0 # See package.json for the stable node version that works with our testing. Do not change this unless you know what you are doing as some node versions do not play nicely with our testing server. | ||
| - name: Deploy prod a/b script | ||
| uses: ./.github/actions/internal-ab | ||
| with: | ||
| nr_environment: prod | ||
| nrba_app_id: ${{ secrets.INTERNAL_PRODUCTION_APPLICATION_ID }} | ||
| nrba_license_key: ${{ secrets.INTERNAL_LICENSE_KEY }} | ||
| aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| aws_role: ${{ secrets.AWS_ROLE_ARN }} | ||
| aws_bucket_name: ${{ secrets.AWS_BUCKET }} | ||
| fastly_key: ${{ secrets.FASTLY_PURGE_KEY }} | ||
| # Rebuild and publish the eu-prod environment A/B script | ||
| publish-eu-prod-ab: | ||
| needs: [publish-current-to-s3] | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 30 | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 22.11.0 # See package.json for the stable node version that works with our testing. Do not change this unless you know what you are doing as some node versions do not play nicely with our testing server. | ||
| - name: Deploy eu-prod a/b script | ||
| uses: ./.github/actions/internal-ab | ||
| with: | ||
| nr_environment: eu-prod | ||
| nrba_app_id: ${{ secrets.INTERNAL_EU_PRODUCTION_APPLICATION_ID }} | ||
| nrba_license_key: ${{ secrets.INTERNAL_LICENSE_KEY }} | ||
| aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| aws_role: ${{ secrets.AWS_ROLE_ARN }} | ||
| aws_bucket_name: ${{ secrets.AWS_BUCKET }} | ||
| fastly_key: ${{ secrets.FASTLY_PURGE_KEY }} | ||
| # Publish the loaders to nr prod | ||
| publish-to-nr-prod: | ||
| needs: [publish-prod-to-s3] | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 30 | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 22.11.0 # See package.json for the stable node version that works with our testing. Do not change this unless you know what you are doing as some node versions do not play nicely with our testing server. | ||
| - name: Get version number | ||
| id: agent-loader-version | ||
| run: echo "results=$(cat package.json | jq -r '.version')" >> $GITHUB_OUTPUT | ||
| - name: Publish loader to nr | ||
| uses: ./.github/actions/nr-upload | ||
| with: | ||
| nr_prod_api_key: ${{ secrets.NR_API_KEY_PRODUCTION }} | ||
| loader_version: ${{ steps.agent-loader-version.outputs.results }} | ||
| environment: prod | ||
| - name: Verify loaders in nr | ||
| uses: ./.github/actions/nr-verify | ||
| with: | ||
| loader_version: ${{ steps.agent-loader-version.outputs.results }} | ||
| environment: prod | ||
| # Publish the loaders to nr stage | ||
| # publish-to-nr-stage: | ||
| # needs: [ publish-prod-to-s3 ] | ||
| # runs-on: ubuntu-latest | ||
| # timeout-minutes: 30 | ||
| # defaults: | ||
| # run: | ||
| # shell: bash | ||
| # steps: | ||
| # - uses: actions/checkout@v4 | ||
| # - uses: actions/setup-node@v4 | ||
| # with: | ||
| # node-version: 22.11.0 # See package.json for the stable node version that works with our testing. Do not change this unless you know what you are doing as some node versions do not play nicely with our testing server. | ||
| # - name: Get version number | ||
| # id: agent-loader-version | ||
| # run: echo "results=$(cat package.json | jq -r '.version')" >> $GITHUB_OUTPUT | ||
| # - name: Publish loader to nr | ||
| # uses: ./.github/actions/nr-upload | ||
| # with: | ||
| # nr_stage_api_key: ${{ secrets.NR_API_KEY_STAGING }} | ||
| # loader_version: ${{ steps.agent-loader-version.outputs.results }} | ||
| # environment: stage | ||
| # - name: Verify loaders in nr | ||
| # uses: ./.github/actions/nr-verify | ||
| # with: | ||
| # loader_version: ${{ steps.agent-loader-version.outputs.results }} | ||
| # environment: stage | ||
| # Publish the agent to npmjs.org | ||
| call-npm-operations: | ||
| name: Call NPM Operations | ||
| uses: ./.github/workflows/npm-operations.yml | ||
| with: | ||
| action: publish-release | ||
| secrets: | ||
| GITHUB_LOGIN: ${{ secrets.BROWSER_GITHUB_BOT_NAME }} | ||
| GITHUB_EMAIL: ${{ secrets.BROWSER_GITHUB_BOT_EMAIL }} | ||
| NR_API_KEY_PRODUCTION: ${{ secrets.NR_API_KEY_PRODUCTION }} | ||
| # Raise the release notes pr on the docs website repo | ||
| raise-release-notes-pr: | ||
| needs: [publish-prod-to-s3] | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 30 | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 22.11.0 # See package.json for the stable node version that works with our testing. Do not change this unless you know what you are doing as some node versions do not play nicely with our testing server. | ||
| - name: Get version number | ||
| id: agent-loader-version | ||
| run: echo "results=$(cat package.json | jq -r '.version')" >> $GITHUB_OUTPUT | ||
| - name: Raise release notes pr | ||
| uses: ./.github/actions/docs-pr | ||
| with: | ||
| tag: v${{ steps.agent-loader-version.outputs.results }} | ||
| github_login: ${{ secrets.BROWSER_GITHUB_BOT_NAME }} | ||
| github_email: ${{ secrets.BROWSER_GITHUB_BOT_EMAIL }} | ||
| nr_docs_github_token: ${{ secrets.BROWSER_GITHUB_BOT_DOCS_PAT }} | ||
| # Notify the release repo of the new release | ||
| notify-release-repo: | ||
| needs: [publish-to-nr-prod, publish-npm] | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 30 | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 22.11.0 # See package.json for the stable node version that works with our testing. Do not change this unless you know what you are doing as some node versions do not play nicely with our testing server. | ||
| - name: Notify Release Repo | ||
| uses: ./.github/actions/notify-repository | ||
| with: | ||
| token: ${{ secrets.BROWSER_GITHUB_BOT_INTERNAL_PAT }} | ||
| repo_owner: newrelic | ||
| repo_name: newrelic-browser-agent-release | ||
| event_type: new_release | ||
| track-build-size: | ||
| needs: [notify-release-repo] | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 30 | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 22.11.0 # See package.json for the stable node version that works with our testing. Do not change this unless you know what you are doing as some node versions do not play nicely with our testing server. | ||
| - name: Install project dependencies | ||
| run: npm ci | ||
| - name: Build prod | ||
| run: npm run cdn:build:prod | ||
| - name: Get version number | ||
| id: agent-loader-version | ||
| run: echo "results=$(cat package.json | jq -r '.version')" >> $GITHUB_OUTPUT | ||
| - name: Get local stats | ||
| id: get-stats | ||
| shell: bash | ||
| run: | | ||
| rum=$(cat ./build/nr-rum-standard-${{ steps.agent-loader-version.outputs.results }}.stats.json); echo "rum=$rum" >> $GITHUB_OUTPUT; | ||
| full=$(cat ./build/nr-full-standard-${{ steps.agent-loader-version.outputs.results }}.stats.json); echo "full=$full" >> $GITHUB_OUTPUT; | ||
| spa=$(cat ./build/nr-spa-standard-${{ steps.agent-loader-version.outputs.results }}.stats.json); echo "spa=$spa" >> $GITHUB_OUTPUT; | ||
| - name: Report lite size to NR | ||
| uses: newrelic-apps/capture-build-size@v1.0.1 | ||
| with: | ||
| nr-api-key: ${{ secrets.INTERNAL_STAGING_INGEST_LICENSE_KEY }} | ||
| nr-account-id: ${{ secrets.INTERNAL_STAGING_INGEST_ACCOUNT_ID }} | ||
| nr-env: 'staging' | ||
| analysis-file-contents: ${{ steps.get-stats.outputs.rum }} | ||
| file-name-filter: '.min.js' | ||
| trigger: 'publish-release' | ||
| version: v${{ steps.agent-loader-version.outputs.results }} | ||
| - name: Report pro size to NR | ||
| uses: newrelic-apps/capture-build-size@v1.0.1 | ||
| with: | ||
| nr-api-key: ${{ secrets.INTERNAL_STAGING_INGEST_LICENSE_KEY }} | ||
| nr-account-id: ${{ secrets.INTERNAL_STAGING_INGEST_ACCOUNT_ID }} | ||
| nr-env: 'staging' | ||
| analysis-file-contents: ${{ steps.get-stats.outputs.full }} | ||
| file-name-filter: '.min.js' | ||
| trigger: 'publish-release' | ||
| version: v${{ steps.agent-loader-version.outputs.results }} | ||
| - name: Report spa size to NR | ||
| uses: newrelic-apps/capture-build-size@v1.0.1 | ||
| with: | ||
| nr-api-key: ${{ secrets.INTERNAL_STAGING_INGEST_LICENSE_KEY }} | ||
| nr-account-id: ${{ secrets.INTERNAL_STAGING_INGEST_ACCOUNT_ID }} | ||
| nr-env: 'staging' | ||
| analysis-file-contents: ${{ steps.get-stats.outputs.spa }} | ||
| file-name-filter: '.min.js' | ||
| trigger: 'publish-release' | ||
| version: v${{ steps.agent-loader-version.outputs.results }} | ||
