Skip to content
Post-build

Post-build for Chore(deps): Bump the npm_and_yarn group across 8 directories with 13 updates #2394

Sign in to view logs

Post-build for Chore(deps): Bump the npm_and_yarn group across 8 directories with 13 updates

Post-build for Chore(deps): Bump the npm_and_yarn group across 8 directories with 13 updates #2394

Workflow file for this run

.github/workflows/postbuild.yml at 8a32afa
name: Post-build
run-name: Post-build for ${{ github.event.workflow_run.display_title || github.event.workflow_run.run_number }}
on:
# For security reasons, this workflow is separated from the test-and-build workflow and triggered by the `workflow_run` event following it.
# The deployment jobs need access to the repository secrets,
# however, workflows triggered by the `pull_request` event don't have access to the secrets for security reasons
# because those workflows check out the PR's branch that may have malicious external contributors' changes,
# so we can't use the `pull_request` event to trigger the deployment jobs.
# Then, we have to run the deployment jobs in this separated workflow that is allowed to access the secrets because it runs in the context of the default branch which can be considered as a trusted branch.
# It is a security good practice introduced in the GitHub's official blog, https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/
workflow_run:
workflows: ["Test and Build"]
types:
- completed
env:
node-version-file: ".nvmrc"
permissions: {}
jobs:
get-build-info:
if: github.event.workflow_run.conclusion == 'success'
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
branch: ${{ steps.build-info.outputs.branch }}
trigger-sha: ${{ steps.build-info.outputs.trigger-sha }}
head-sha: ${{ steps.build-info.outputs.head-sha }}
pr-number: ${{ steps.build-info.outputs.pr-number }}
steps:
- name: Download build info
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: build-info
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
- name: Read build info
id: build-info
run: |
echo "branch=$(cat branch)"
echo "branch=$(cat branch)" >> $GITHUB_OUTPUT
echo "trigger-sha=$(cat trigger-sha)"
echo "trigger-sha=$(cat trigger-sha)" >> $GITHUB_OUTPUT
echo "head-sha=$(cat head-sha)"
echo "head-sha=$(cat head-sha)" >> $GITHUB_OUTPUT
echo "pr-number=$(cat pr-number)"
echo "pr-number=$(cat pr-number)" >> $GITHUB_OUTPUT
get-changesets-publish-targets:
if: github.event.workflow_run.conclusion == 'success'
runs-on: ubuntu-latest
outputs:
browser: ${{ steps.parse-packages.outputs.browser }}
react: ${{ steps.parse-packages.outputs.react }}
desktop: ${{ steps.parse-packages.outputs.desktop }}
steps:
- name: Download published packages info
id: download-changesets-published-packages
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: changesets-published-packages
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
continue-on-error: true
- name: Parse published packages
if: steps.download-changesets-published-packages.outcome == 'success'
id: parse-packages
run: |
PACKAGES=$(cat changesets-published-packages)
if [ -z "$PACKAGES" ] || [ "$PACKAGES" = "[]" ]; then
echo "browser=" >> $GITHUB_OUTPUT
echo "react=" >> $GITHUB_OUTPUT
echo "desktop=" >> $GITHUB_OUTPUT
else
BROWSER_VERSION=$(echo "$PACKAGES" | jq -r '.[] | select(.name == "@stlite/browser") | .version // ""')
REACT_VERSION=$(echo "$PACKAGES" | jq -r '.[] | select(.name == "@stlite/react") | .version // ""')
DESKTOP_VERSION=$(echo "$PACKAGES" | jq -r '.[] | select(.name == "@stlite/desktop") | .version // ""')
echo "browser=$BROWSER_VERSION" >> $GITHUB_OUTPUT
echo "react=$REACT_VERSION" >> $GITHUB_OUTPUT
echo "desktop=$DESKTOP_VERSION" >> $GITHUB_OUTPUT
fi
inform-package-stats:
needs: get-build-info
if: ${{ needs.get-build-info.outputs.pr-number }}
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
# Checkout for local actions (`uses ./*`).
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
sparse-checkout: .github
sparse-checkout-cone-mode: false
- uses: ./.github/actions/inform-package-stats
with:
pr-number: ${{ needs.get-build-info.outputs.pr-number }}
sticky-id: ${{ needs.get-build-info.outputs.head-sha }}
deploy-visualizer-reports:
needs: get-build-info
if: ${{ needs.get-build-info.outputs.branch }}
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
deployments: write
outputs:
url: ${{ steps.deploy.outputs.deployment-url }}
has-reports: ${{ steps.check-artifacts.outputs.has-reports }}
report-links: ${{ steps.generate-links.outputs.links }}
steps:
- name: Check for visualizer artifacts
id: check-artifacts
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
env:
WORKFLOW_RUN_ID: ${{ github.event.workflow_run.id }}
with:
script: |
const runId = process.env.WORKFLOW_RUN_ID;
const artifacts = await github.paginate(
github.rest.actions.listWorkflowRunArtifacts,
{
owner: context.repo.owner,
repo: context.repo.repo,
run_id: runId,
}
);
const visualizers = artifacts.filter((artifact) =>
artifact.name.startsWith("visualizer-")
);
const hasReports = visualizers.length > 0;
core.setOutput("has-reports", hasReports ? "true" : "");
if (!hasReports) {
core.info("No visualizer artifacts found for this run.");
}
- name: Download visualizer-browser artifact
if: steps.check-artifacts.outputs.has-reports
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: visualizer-browser
path: ${{ runner.temp }}/visualizer-reports/browser
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
continue-on-error: true
- name: Download visualizer-sharing artifact
if: steps.check-artifacts.outputs.has-reports
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: visualizer-sharing
path: ${{ runner.temp }}/visualizer-reports/sharing
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
continue-on-error: true
- name: Download visualizer-sharing-editor artifact
if: steps.check-artifacts.outputs.has-reports
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: visualizer-sharing-editor
path: ${{ runner.temp }}/visualizer-reports/sharing-editor
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
continue-on-error: true
- name: Download visualizer-desktop artifact
if: steps.check-artifacts.outputs.has-reports
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: visualizer-desktop
path: ${{ runner.temp }}/visualizer-reports/desktop
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}
continue-on-error: true
- name: Check downloaded visualizer reports
id: check-downloaded-reports
if: steps.check-artifacts.outputs.has-reports
run: |
REPORTS_DIR="${{ runner.temp }}/visualizer-reports"
if find "$REPORTS_DIR" -type f -name '*.html' -print -quit | grep -q .; then
echo "has-downloaded-reports=true" >> "$GITHUB_OUTPUT"
echo "At least one visualizer report HTML file was found."
else
echo "has-downloaded-reports=" >> "$GITHUB_OUTPUT"
echo "No visualizer report HTML files were found after download steps. Skipping index generation."
fi
- name: Generate index.html
if: steps.check-artifacts.outputs.has-reports && steps.check-downloaded-reports.outputs.has-downloaded-reports
run: |
cd ${{ runner.temp }}/visualizer-reports
# Create index.html with links to all available reports
cat > index.html << 'EOF'
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Bundle Visualizer Reports</title>
<style>
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
max-width: 800px;
margin: 0 auto;
padding: 2rem;
background: #f5f5f5;
}
h1 { color: #333; }
.reports {
display: grid;
gap: 1rem;
margin-top: 2rem;
}
.report-link {
display: block;
padding: 1rem 1.5rem;
background: white;
border-radius: 8px;
text-decoration: none;
color: #0066cc;
box-shadow: 0 2px 4px rgba(0,0,0,0.1);
transition: transform 0.2s, box-shadow 0.2s;
}
.report-link:hover {
transform: translateY(-2px);
box-shadow: 0 4px 8px rgba(0,0,0,0.15);
}
.report-link .package { font-weight: bold; }
.report-link .file { color: #666; font-size: 0.9em; }
</style>
</head>
<body>
<h1>Bundle Visualizer Reports</h1>
<div class="reports">
EOF
# Add links for each available report
for dir in browser sharing sharing-editor desktop; do
if [ -d "$dir" ]; then
# Find the HTML file in the directory
html_file=$(find "$dir" -name "*.html" -type f | head -1)
if [ -n "$html_file" ]; then
package_name="@stlite/$dir"
echo " <a class=\"report-link\" href=\"$html_file\"><span class=\"package\">$package_name</span><br><span class=\"file\">$(basename "$html_file")</span></a>" >> index.html
fi
fi
done
cat >> index.html << 'EOF'
</div>
</body>
</html>
EOF
- name: Generate report links
if: steps.check-artifacts.outputs.has-reports
id: generate-links
run: |
cd ${{ runner.temp }}/visualizer-reports
links=""
for dir in browser sharing sharing-editor desktop; do
if [ -d "$dir" ]; then
html_file=$(find "$dir" -name "*.html" -type f | head -1)
if [ -n "$html_file" ]; then
links="${links}- [@stlite/${dir}](\${PREVIEW_URL}/${html_file})\n"
fi
fi
done
# Use EOF delimiter for multiline output
echo "links<<EOF" >> $GITHUB_OUTPUT
echo -e "$links" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Deploy to Cloudflare Pages
if: steps.check-artifacts.outputs.has-reports
uses: cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4.0.0
id: deploy
with:
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
command: |
pages deploy ${{ runner.temp }}/visualizer-reports --project-name=stlite-bundle-visualizer-reports --branch=${{ needs.get-build-info.outputs.branch }} --commit-hash=${{ needs.get-build-info.outputs.trigger-sha }}
gitHubToken: ${{ secrets.GITHUB_TOKEN }}
notify-visualizer-reports:
needs: [get-build-info, deploy-visualizer-reports]
if: ${{ needs.get-build-info.outputs.pr-number != '' && always() }}
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
sparse-checkout: .github
sparse-checkout-cone-mode: false
- name: Generate report links with URL
if: needs.deploy-visualizer-reports.result == 'success' && needs.deploy-visualizer-reports.outputs.has-reports
id: format-links
env:
PREVIEW_URL: ${{ needs.deploy-visualizer-reports.outputs.url }}
REPORT_LINKS: ${{ needs.deploy-visualizer-reports.outputs.report-links }}
run: |
# Substitute ${PREVIEW_URL} placeholder with actual URL
formatted=$(echo "$REPORT_LINKS" | sed "s|\${PREVIEW_URL}|${PREVIEW_URL}|g")
echo "formatted<<EOF" >> $GITHUB_OUTPUT
echo "$formatted" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
- name: Add visualizer section to sticky comment (success)
if: needs.deploy-visualizer-reports.result == 'success' && needs.deploy-visualizer-reports.outputs.has-reports
uses: ./.github/actions/sticky-comment-add-section
env:
PREVIEW_URL: ${{ needs.deploy-visualizer-reports.outputs.url }}
with:
pr-number: ${{ needs.get-build-info.outputs.pr-number }}
sticky-id: ${{ needs.get-build-info.outputs.head-sha }}
section-id: visualizer
section-title: "## Bundle Visualizer Reports"
order: "20"
section-content: |
Bundle visualizer reports are available at:
${{ env.PREVIEW_URL }}
${{ steps.format-links.outputs.formatted }}
- name: Add visualizer section to sticky comment (failure)
if: needs.deploy-visualizer-reports.result == 'failure'
uses: ./.github/actions/sticky-comment-add-section
env:
LOG_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
with:
pr-number: ${{ needs.get-build-info.outputs.pr-number }}
sticky-id: ${{ needs.get-build-info.outputs.head-sha }}
section-id: visualizer
section-title: "## Bundle Visualizer Reports"
order: "20"
section-content: |
⚠️ Bundle visualizer deployment failed. Check the [workflow logs](${{ env.LOG_URL }}) for details.
- name: Add visualizer section to sticky comment (no reports)
if: needs.deploy-visualizer-reports.result == 'success' && needs.deploy-visualizer-reports.outputs.has-reports == ''
uses: ./.github/actions/sticky-comment-add-section
with:
pr-number: ${{ needs.get-build-info.outputs.pr-number }}
sticky-id: ${{ needs.get-build-info.outputs.head-sha }}
section-id: visualizer
section-title: "## Bundle Visualizer Reports"
order: "20"
section-content: |
No bundle visualizer reports were generated for this build.
e2e-browser-browserstack:
needs: get-build-info
permissions:
contents: read
statuses: write
runs-on: ubuntu-latest
steps:
- name: "BrowserStack Env Setup"
uses: browserstack/github-actions/setup-env@93aebce225b754566349151c0676b26b005e591b # v1.0.4
with:
username: ${{ secrets.BROWSERSTACK_USERNAME }}
access-key: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
- name: "BrowserStack Local Tunnel Setup"
uses: browserstack/github-actions/setup-local@93aebce225b754566349151c0676b26b005e591b # v1.0.4
with:
local-testing: start
local-identifier: random
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Enable Corepack
run: corepack enable
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version-file: ${{ env.node-version-file }}
- name: Set up the e2e-tests environment
# See e2e-browser in .github/workflows/e2e.yml: cap to avoid a
# hung yarn install eating the full 6h job timeout.
timeout-minutes: 15
run: yarn install
working-directory: packages/browser/e2e-tests
- name: Build demos
run: yarn build:demo
working-directory: packages/browser/e2e-tests
env:
NODE_OPTIONS: "--max-old-space-size=6144"
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: stlite-browser
path: ${{ runner.temp }}/artifacts/browser
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- run: tar xzvf package.tgz
working-directory: ${{ runner.temp }}/artifacts/browser
- name: Run the e2e-tests
run: yarn test:browserstack
working-directory: packages/browser/e2e-tests
env:
BUILD_DIR: ${{ runner.temp }}/artifacts/browser/package/build
- name: "BrowserStackLocal Stop"
uses: browserstack/github-actions/setup-local@93aebce225b754566349151c0676b26b005e591b # v1.0.4
with:
local-testing: stop
- name: Update commit status
if: always()
run: |
if [ "${{ job.status }}" == "success" ]; then
STATE="success"
else
STATE="failure"
fi
gh api repos/${{ github.repository }}/statuses/${HEAD_SHA} \
-X POST \
-f state=${STATE} \
-f context=${{ github.job }} \
-f target_url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HEAD_SHA: ${{ needs.get-build-info.outputs.head-sha }}
deploy-browser-preview:
needs: [get-build-info, e2e-browser-browserstack]
if: ${{ needs.get-build-info.result == 'success' && ( needs.get-build-info.outputs.pr-number != '' || success() ) }}
runs-on: ubuntu-latest
permissions:
contents: read
deployments: write
name: Deploy @stlite/browser to Cloudflare Pages for preview
outputs:
url: ${{ steps.deploy.outputs.deployment-url }}
valid: ${{ needs.e2e-browser-browserstack.result == 'success' }}
steps:
# Checkout for local actions (`uses ./*`).
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
sparse-checkout: .github
sparse-checkout-cone-mode: false
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: stlite-browser
path: ${{ runner.temp }}/artifacts/browser
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Verify artifact contents
uses: ./.github/actions/verify-only-file
with:
directory: ${{ runner.temp }}/artifacts/browser
filename: package.tgz
- name: Verify artifact attestation
uses: ./.github/actions/verify-artifact-attestation
with:
filepath: ${{ runner.temp }}/artifacts/browser/package.tgz
expected-workflow-file: .github/workflows/test-build.yml
expected-ref: ${{ needs.get-build-info.outputs.pr-number && format('refs/pull/{0}/merge', needs.get-build-info.outputs.pr-number) || format('refs/heads/{0}', needs.get-build-info.outputs.branch) }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: tar xzvf package.tgz
working-directory: ${{ runner.temp }}/artifacts/browser
- name: Deploy
uses: cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4.0.0
id: deploy
with:
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
command: |
pages deploy ${{ runner.temp }}/artifacts/browser/package/build --project-name=stlite-browser-preview --branch=${{ needs.get-build-info.outputs.branch }} --commit-hash=${{ needs.get-build-info.outputs.trigger-sha }}
gitHubToken: ${{ secrets.GITHUB_TOKEN }}
notify-browser-preview-deployments:
needs: [get-build-info, deploy-browser-preview]
if: ${{ needs.get-build-info.outputs.pr-number != '' && always() }}
# always() is needed to notify even if e2e tests have failed.
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
sparse-checkout: .github
sparse-checkout-cone-mode: false
- name: Add browser preview section to sticky comment (success)
if: needs.deploy-browser-preview.result == 'success'
uses: ./.github/actions/sticky-comment-add-section
env:
PREVIEW_URL: ${{ needs.deploy-browser-preview.outputs.url }}
LOG_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
with:
pr-number: ${{ needs.get-build-info.outputs.pr-number }}
sticky-id: ${{ needs.get-build-info.outputs.head-sha }}
section-id: deploy-browser
section-title: "## @stlite/browser Preview"
order: "30"
section-content: |
Deployment completed successfully ([log](${{ env.LOG_URL }})).${{ needs.deploy-browser-preview.outputs.valid != 'true' && ' _**β›” However, the BrowserStack e2e tests have failed, so the preview build may be broken on some browsers. Please check the test results above.**_' || '' }}
- `${{ env.PREVIEW_URL }}/stlite.js`
- `${{ env.PREVIEW_URL }}/stlite.css`
<details>
<summary>Example HTML</summary>
```html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Stlite Browser preview</title>
<link rel="stylesheet" href="${{ env.PREVIEW_URL }}/stlite.css" />
</head>
<body>
<noscript>You need to enable JavaScript to run this app.</noscript>
<div id="root"></div>
<script type="module">
import { mount } from "${{ env.PREVIEW_URL }}/stlite.js"
mount(
{
entrypoint: "streamlit_app.py",
files: {
"streamlit_app.py": `
import streamlit as st
st.write("Hello world")
`,
},
requirements: [],
},
document.getElementById("root"),
);
</script>
</body>
</html>
```
</details>
- name: Add browser preview section to sticky comment (failure)
if: needs.deploy-browser-preview.result == 'failure'
uses: ./.github/actions/sticky-comment-add-section
env:
LOG_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
with:
pr-number: ${{ needs.get-build-info.outputs.pr-number }}
sticky-id: ${{ needs.get-build-info.outputs.head-sha }}
section-id: deploy-browser
section-title: "## @stlite/browser Preview"
order: "30"
section-content: |
⚠️ Deployment failed. Check the [workflow logs](${{ env.LOG_URL }}) for details.
deploy-react-preview:
needs: [get-build-info]
if: ${{ needs.get-build-info.result == 'success' && ( needs.get-build-info.outputs.pr-number != '' || success() ) }}
runs-on: ubuntu-latest
permissions:
contents: read
deployments: write
name: Deploy @stlite/react to Cloudflare Pages for preview
outputs:
url: ${{ steps.deploy.outputs.deployment-url }}
steps:
# Checkout for local actions (`uses ./*`).
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
sparse-checkout: .github
sparse-checkout-cone-mode: false
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: stlite-react
path: ${{ runner.temp }}/artifacts/react
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Verify artifact contents
uses: ./.github/actions/verify-only-file
with:
directory: ${{ runner.temp }}/artifacts/react
filename: package.tgz
- name: Verify artifact attestation
uses: ./.github/actions/verify-artifact-attestation
with:
filepath: ${{ runner.temp }}/artifacts/react/package.tgz
expected-workflow-file: .github/workflows/test-build.yml
expected-ref: ${{ needs.get-build-info.outputs.pr-number && format('refs/pull/{0}/merge', needs.get-build-info.outputs.pr-number) || format('refs/heads/{0}', needs.get-build-info.outputs.branch) }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: tar xzvf package.tgz
working-directory: ${{ runner.temp }}/artifacts/react
- name: Deploy
uses: cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4.0.0
id: deploy
with:
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
command: |
pages deploy ${{ runner.temp }}/artifacts/react/package/build --project-name=stlite-react-preview --branch=${{ needs.get-build-info.outputs.branch }} --commit-hash=${{ needs.get-build-info.outputs.trigger-sha }}
gitHubToken: ${{ secrets.GITHUB_TOKEN }}
notify-react-preview-deployments:
needs: [get-build-info, deploy-react-preview]
if: ${{ needs.get-build-info.outputs.pr-number != '' && always() }}
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
sparse-checkout: .github
sparse-checkout-cone-mode: false
- name: Add react preview section to sticky comment (success)
if: needs.deploy-react-preview.result == 'success'
uses: ./.github/actions/sticky-comment-add-section
env:
PREVIEW_URL: ${{ needs.deploy-react-preview.outputs.url }}
LOG_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
with:
pr-number: ${{ needs.get-build-info.outputs.pr-number }}
sticky-id: ${{ needs.get-build-info.outputs.head-sha }}
section-id: deploy-react
section-title: "## @stlite/react Preview"
order: "35"
section-content: |
Deployment completed successfully ([log](${{ env.LOG_URL }})).
Importable URLs:
- `${{ env.PREVIEW_URL }}/stlite.js`
- `${{ env.PREVIEW_URL }}/stlite.css`
```tsx
import { StliteApp, createKernel } from "${{ env.PREVIEW_URL }}/stlite.js";
import "${{ env.PREVIEW_URL }}/stlite.css";
```
- name: Add react preview section to sticky comment (failure)
if: needs.deploy-react-preview.result == 'failure'
uses: ./.github/actions/sticky-comment-add-section
env:
LOG_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
with:
pr-number: ${{ needs.get-build-info.outputs.pr-number }}
sticky-id: ${{ needs.get-build-info.outputs.head-sha }}
section-id: deploy-react
section-title: "## @stlite/react Preview"
order: "35"
section-content: |
⚠️ Deployment failed. Check the [workflow logs](${{ env.LOG_URL }}) for details.
deploy-docs-preview:
needs: [get-build-info]
if: ${{ needs.get-build-info.result == 'success' && ( needs.get-build-info.outputs.pr-number != '' || success() ) }}
runs-on: ubuntu-latest
permissions:
contents: read
deployments: write
name: Deploy @stlite/docs to Cloudflare Pages for preview
outputs:
url: ${{ steps.deploy.outputs.deployment-url }}
steps:
# Checkout for local actions (`uses ./*`).
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
sparse-checkout: .github
sparse-checkout-cone-mode: false
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: stlite-docs
path: ${{ runner.temp }}/artifacts/docs
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Verify artifact attestation
uses: ./.github/actions/verify-artifact-attestation
with:
filepath: "${{ runner.temp }}/artifacts/docs/index.html" # XXX: Only index.html is verified because the verification command only supports a single file input, while it may be better to verify all files, which takes a longer time though.
expected-workflow-file: .github/workflows/test-build.yml
expected-ref: ${{ needs.get-build-info.outputs.pr-number && format('refs/pull/{0}/merge', needs.get-build-info.outputs.pr-number) || format('refs/heads/{0}', needs.get-build-info.outputs.branch) }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Deploy
uses: cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4.0.0
id: deploy
with:
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
command: |
pages deploy ${{ runner.temp }}/artifacts/docs --project-name=stlite-docs --branch=${{ needs.get-build-info.outputs.branch }} --commit-hash=${{ needs.get-build-info.outputs.trigger-sha }}
gitHubToken: ${{ secrets.GITHUB_TOKEN }}
notify-docs-preview-deployments:
needs: [get-build-info, deploy-docs-preview]
if: ${{ needs.get-build-info.outputs.pr-number != '' && always() }}
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
sparse-checkout: .github
sparse-checkout-cone-mode: false
- name: Add docs preview section to sticky comment (success)
if: needs.deploy-docs-preview.result == 'success'
uses: ./.github/actions/sticky-comment-add-section
env:
PREVIEW_URL: ${{ needs.deploy-docs-preview.outputs.url }}
LOG_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
with:
pr-number: ${{ needs.get-build-info.outputs.pr-number }}
sticky-id: ${{ needs.get-build-info.outputs.head-sha }}
section-id: deploy-docs
section-title: "## Docs Preview"
order: "40"
section-content: |
Deployment completed successfully ([log](${{ env.LOG_URL }})).
${{ env.PREVIEW_URL }}
- name: Add docs preview section to sticky comment (failure)
if: needs.deploy-docs-preview.result == 'failure'
uses: ./.github/actions/sticky-comment-add-section
env:
LOG_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
with:
pr-number: ${{ needs.get-build-info.outputs.pr-number }}
sticky-id: ${{ needs.get-build-info.outputs.head-sha }}
section-id: deploy-docs
section-title: "## Docs Preview"
order: "40"
section-content: |
⚠️ Deployment failed. Check the [workflow logs](${{ env.LOG_URL }}) for details.
deploy-sharing:
needs: get-build-info
if: ${{ needs.get-build-info.outputs.branch }}
runs-on: ubuntu-latest
permissions:
contents: read
deployments: write
name: Deploy @stlite/sharing to Cloudflare Pages
outputs:
url: ${{ steps.deploy.outputs.deployment-url }}
steps:
- name: Download artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: stlite-sharing
path: ${{ runner.temp }}/artifacts/sharing
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Deploy
uses: cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4.0.0
id: deploy
with:
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
command: |
pages deploy ${{ runner.temp }}/artifacts/sharing --project-name=stlite-sharing --branch=${{ needs.get-build-info.outputs.branch }} --commit-hash=${{ needs.get-build-info.outputs.trigger-sha }}
gitHubToken: ${{ secrets.GITHUB_TOKEN }}
deploy-sharing-editor:
needs: [get-build-info, deploy-sharing]
if: ${{ needs.get-build-info.outputs.branch }}
runs-on: ubuntu-latest
permissions:
contents: read
deployments: write
name: Deploy @stlite/sharing-editor to Cloudflare Pages
outputs:
url: ${{ steps.deploy.outputs.deployment-url }}
steps:
- name: Download artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: stlite-sharing-editor
path: ${{ runner.temp }}/artifacts/sharing-editor
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Inject SHARING_APP_URL
run: |
echo '${{ needs.deploy-sharing.outputs.url }}' > ${{ runner.temp }}/artifacts/sharing-editor/SHARING_APP_URL
- name: Deploy
uses: cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4.0.0
id: deploy
with:
apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
command: pages deploy ${{ runner.temp }}/artifacts/sharing-editor --project-name=stlite-sharing-editor --branch=${{ needs.get-build-info.outputs.branch }} --commit-hash=${{ needs.get-build-info.outputs.trigger-sha }}
gitHubToken: ${{ secrets.GITHUB_TOKEN }}
notify-cloudflare-pages-deployments:
needs: [get-build-info, deploy-sharing, deploy-sharing-editor]
if: ${{ needs.get-build-info.outputs.pr-number != '' && always() }}
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
sparse-checkout: .github
sparse-checkout-cone-mode: false
- name: Add sharing preview section to sticky comment (success)
if: needs.deploy-sharing.result == 'success' && needs.deploy-sharing-editor.result == 'success'
uses: ./.github/actions/sticky-comment-add-section
env:
SHARING_URL: ${{ needs.deploy-sharing.outputs.url }}
SHARING_EDITOR_URL: ${{ needs.deploy-sharing-editor.outputs.url }}
LOG_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
with:
pr-number: ${{ needs.get-build-info.outputs.pr-number }}
sticky-id: ${{ needs.get-build-info.outputs.head-sha }}
section-id: deploy-sharing
section-title: "## Sharing Preview"
order: "45"
section-content: |
Deployment completed successfully ([log](${{ env.LOG_URL }})).
- Sharing App: ${{ env.SHARING_URL }}
- Sharing Editor: ${{ env.SHARING_EDITOR_URL }}
- name: Add sharing preview section to sticky comment (failure)
if: needs.deploy-sharing.result == 'failure' || needs.deploy-sharing-editor.result == 'failure'
uses: ./.github/actions/sticky-comment-add-section
env:
LOG_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
with:
pr-number: ${{ needs.get-build-info.outputs.pr-number }}
sticky-id: ${{ needs.get-build-info.outputs.head-sha }}
section-id: deploy-sharing
section-title: "## Sharing Preview"
order: "45"
section-content: |
⚠️ Deployment failed. Check the [workflow logs](${{ env.LOG_URL }}) for details.
publish-browser:
needs: [get-build-info, get-changesets-publish-targets]
if: ${{ needs.get-changesets-publish-targets.outputs.browser != '' }}
permissions:
contents: write # Necessary for creating releases: https://github.com/softprops/action-gh-release#permissions
id-token: write # Necessary for NPM trusted publishing: https://docs.npmjs.com/trusted-publishers#step-2-configure-your-cicd-workflow
attestations: read # Necessary for verifying artifact attestations
runs-on: ubuntu-latest
steps:
# Checkout for local actions (`uses ./*`).
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
sparse-checkout: .github
sparse-checkout-cone-mode: false
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 22
registry-url: "https://registry.npmjs.org"
scope: "@stlite"
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: stlite-browser
path: ${{ runner.temp }}/stlite-browser
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Verify artifact contents
uses: ./.github/actions/verify-only-file
with:
directory: ${{ runner.temp }}/stlite-browser
filename: package.tgz
- name: Verify artifact attestation
uses: ./.github/actions/verify-artifact-attestation
with:
filepath: ${{ runner.temp }}/stlite-browser/package.tgz
expected-workflow-file: .github/workflows/test-build.yml
expected-ref: refs/heads/main
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Ensure npm 11.5.1 or later is installed for trusted publishing
- name: Update npm
# Incremental upgrade of npm through 11.10.0 is needed
# to avoid the error occurring when directly installing a later version of npm,
# as reported in https://github.com/npm/cli/issues/9151
run: |
npm install -g npm@~11.10.0
npm install -g npm@latest
- name: Publish validated package
run: npm publish ${{ runner.temp }}/stlite-browser/package.tgz --access public
- name: Create a new release
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
with:
files: ${{ runner.temp }}/stlite-browser/package.tgz
generate_release_notes: true
tag_name: "@stlite/browser@${{ needs.get-changesets-publish-targets.outputs.browser }}"
publish-react:
needs: [get-build-info, get-changesets-publish-targets]
if: ${{ needs.get-changesets-publish-targets.outputs.react != '' }}
permissions:
contents: write # Necessary for creating releases: https://github.com/softprops/action-gh-release#permissions
id-token: write # Necessary for NPM trusted publishing: https://docs.npmjs.com/trusted-publishers#step-2-configure-your-cicd-workflow
attestations: read # Necessary for verifying artifact attestations
runs-on: ubuntu-latest
steps:
# Checkout for local actions (`uses ./*`).
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
sparse-checkout: .github
sparse-checkout-cone-mode: false
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 22
registry-url: "https://registry.npmjs.org"
scope: "@stlite"
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: stlite-react
path: ${{ runner.temp }}/stlite-react
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Verify artifact contents
uses: ./.github/actions/verify-only-file
with:
directory: ${{ runner.temp }}/stlite-react
filename: package.tgz
- name: Verify artifact attestation
uses: ./.github/actions/verify-artifact-attestation
with:
filepath: ${{ runner.temp }}/stlite-react/package.tgz
expected-workflow-file: .github/workflows/test-build.yml
expected-ref: refs/heads/main
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Ensure npm 11.5.1 or later is installed for trusted publishing
- name: Update npm
# Incremental upgrade of npm through 11.10.0 is needed
# to avoid the error occurring when directly installing a later version of npm,
# as reported in https://github.com/npm/cli/issues/9151
run: |
npm install -g npm@~11.10.0
npm install -g npm@latest
- name: Publish validated package
run: npm publish ${{ runner.temp }}/stlite-react/package.tgz --access public
- name: Create a new release
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
with:
files: ${{ runner.temp }}/stlite-react/package.tgz
generate_release_notes: true
tag_name: "@stlite/react@${{ needs.get-changesets-publish-targets.outputs.react }}"
publish-desktop:
needs: [get-build-info, get-changesets-publish-targets]
if: ${{ needs.get-changesets-publish-targets.outputs.desktop != '' }}
permissions:
contents: write # Necessary for creating releases: https://github.com/softprops/action-gh-release#permissions
id-token: write # Necessary for NPM trusted publishing: https://docs.npmjs.com/trusted-publishers#step-2-configure-your-cicd-workflow
attestations: read # Necessary for verifying artifact attestations
runs-on: ubuntu-latest
steps:
# Checkout for local actions (`uses ./*`).
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
sparse-checkout: .github
sparse-checkout-cone-mode: false
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 22
registry-url: "https://registry.npmjs.org"
scope: "@stlite"
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: stlite-desktop
path: ${{ runner.temp }}/stlite-desktop
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Verify artifact contents
uses: ./.github/actions/verify-only-file
with:
directory: ${{ runner.temp }}/stlite-desktop
filename: package.tgz
- name: Verify artifact attestation
uses: ./.github/actions/verify-artifact-attestation
with:
filepath: ${{ runner.temp }}/stlite-desktop/package.tgz
expected-workflow-file: .github/workflows/test-build.yml
expected-ref: refs/heads/main
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Ensure npm 11.5.1 or later is installed for trusted publishing
- name: Update npm
# Incremental upgrade of npm through 11.10.0 is needed
# to avoid the error occurring when directly installing a later version of npm,
# as reported in https://github.com/npm/cli/issues/9151
run: |
npm install -g npm@~11.10.0
npm install -g npm@latest
- name: Publish validated package
run: npm publish ${{ runner.temp }}/stlite-desktop/package.tgz --access public
- name: Create a new release
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
with:
files: ${{ runner.temp }}/stlite-desktop/package.tgz
generate_release_notes: true
tag_name: "@stlite/desktop@${{ needs.get-changesets-publish-targets.outputs.desktop }}"