-
Notifications
You must be signed in to change notification settings - Fork 9
177 lines (147 loc) · 6.21 KB
/
pr-build-deploy.yml
File metadata and controls
177 lines (147 loc) · 6.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
name: PR Build and Deploy
permissions:
contents: read
packages: write
pull-requests: write
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
get-node-version:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.read-nvmrc.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Read .nvmrc
id: read-nvmrc
run: echo "version=$(cat .nvmrc)" >> $GITHUB_OUTPUT
validation:
needs: get-node-version
uses: ./.github/workflows/validation.yml
with:
node-version: ${{ needs.get-node-version.outputs.version }}
build-and-publish-snapshot:
name: '🚀 Build and publish snapshot'
needs: [validation, get-node-version]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ needs.get-node-version.outputs.version }}
# Use repo .npmrc to route @securityscorecard to GitHub Packages
- name: Setup Yarn
run: |
corepack enable
corepack prepare yarn@stable --activate
- name: Cache yarn files
uses: actions/cache@v4
id: cache
with:
path: |
.yarn/install-state.gz
node_modules
key: node-modules-${{ needs.get-node-version.outputs.version }}-${{ hashFiles('**/yarn.lock', '**/package.json') }}
- name: Install Packages
if: steps.cache.outputs.cache-hit != 'true'
run: yarn install --immutable
- name: Get current version
id: current-version
run: |
CURRENT_VERSION=$(node -p "require('./package.json').version")
echo "current-version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
- name: Get actual current version
id: actual-version
run: |
echo "Getting actual current version from project versioning strategy..."
# Try to get version from GitHub Packages first
NPM_VERSION=$(npm view @securityscorecard/design-system version --registry=https://npm.pkg.github.com 2>/dev/null || echo "")
if [ -n "$NPM_VERSION" ]; then
echo "Found version from npm registry: $NPM_VERSION"
echo "actual-version=$NPM_VERSION" >> $GITHUB_OUTPUT
else
# Fallback to latest git tag
LATEST_TAG=$(git tag --sort=-version:refname | head -1 | sed 's/^v//')
if [ -n "$LATEST_TAG" ]; then
echo "Found version from git tag: $LATEST_TAG"
echo "actual-version=$LATEST_TAG" >> $GITHUB_OUTPUT
else
# Final fallback to package.json
echo "Using package.json version as fallback: $CURRENT_VERSION"
echo "actual-version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
fi
fi
- name: Generate snapshot version
id: snapshot-version
run: |
SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-8)
# Use actual version from project versioning strategy
BASE_VERSION="${{ steps.actual-version.outputs.actual-version }}"
SNAPSHOT_VERSION="${BASE_VERSION}-snapshot-${SHORT_SHA}"
echo "snapshot-version=$SNAPSHOT_VERSION" >> $GITHUB_OUTPUT
echo "Generated snapshot version: $SNAPSHOT_VERSION"
echo "Base version used: $BASE_VERSION (from project versioning strategy)"
- name: Update package.json version
run: |
npm version ${{ steps.snapshot-version.outputs.snapshot-version }} --no-git-tag-version
- name: Cache build
id: library-build-cache
uses: actions/cache@v4
with:
path: build
key: build-pr-${{ github.event.number }}-${{ github.sha }}-${{ hashFiles('**/yarn.lock', '**/package.json', 'src/**') }}
- name: Build Step
if: steps.library-build-cache.outputs.cache-hit != 'true'
run: yarn build
- name: Publish to GitHub Packages
run: npm publish --tag pr-${{ github.event.number }}
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Comment on PR
uses: actions/github-script@v7
with:
script: |
const version = '${{ steps.snapshot-version.outputs.snapshot-version }}';
const actualVersion = '${{ steps.actual-version.outputs.actual-version }}';
const prNumber = ${{ github.event.number }};
const comment = `## 🚀 Snapshot Build Published
A snapshot version has been published to GitHub Packages for testing:
**Snapshot Version:** \`${version}\`
**Current Version:** \`${actualVersion}\` (from registry/git tags)
**Tag:** \`pr-${prNumber}\`
You can install this version in your project using (with \`.npmrc\` configured for \`@securityscorecard:registry=https://npm.pkg.github.com\` and auth):
\`\`\`bash
yarn add @securityscorecard/design-system@pr-${prNumber}
\`\`\`
Published to GitHub Packages; snapshot versions are not unpublished when the PR is closed.`;
github.rest.issues.createComment({
issue_number: prNumber,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
});
cleanup-on-pr-close:
name: '🧹 Cleanup on PR close'
if: github.event.action == 'closed'
needs: get-node-version
runs-on: ubuntu-latest
steps:
- name: Comment on PR
uses: actions/github-script@v7
with:
script: |
const prNumber = ${{ github.event.number }};
const comment = `## 🧹 PR closed
Snapshot versions are published to GitHub Packages and are not unpublished when the PR is closed. The snapshot \`pr-${prNumber}\` remains available for install if needed.`;
github.rest.issues.createComment({
issue_number: prNumber,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
});