inteligr8/alfresco-content-app
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-content-app.git synced 2025-05-12 17:04:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ACA-4653] fix release actions (#3029)

Browse Source 
* fix publish libs action

* push tags only for master

* fix publishing only for master

* fix leaking sensitive info in the echo

* fix publish script and passing branch name to action

* fix incorrect travis branch

* consistent input naming

* npm tag as input

* Update .github/workflows/release.yml

Co-authored-by: Giovanni Toraldo <me@gionn.net>

* Update .github/workflows/release.yml

Co-authored-by: Giovanni Toraldo <me@gionn.net>

* remove not really necessary workflow_call triggers

* fixup job conditionals with ref_name

* setup job is not really doing anything useful

* add setup node to npm publish step

* add missing npm install to publish libs

* Update scripts/travis/deploy/publish.sh

Co-authored-by: Alex Chapellon <alxgomz@gmail.com>

* Update scripts/travis/deploy/publish.sh

Co-authored-by: Alex Chapellon <alxgomz@gmail.com>

* Update .github/actions/git-tag/action.yml

Co-authored-by: Alex Chapellon <alxgomz@gmail.com>

---------

Co-authored-by: Giovanni Toraldo <me@gionn.net>
Co-authored-by: Giovanni Toraldo <giovanni.toraldo@hyland.com>
Co-authored-by: Alex Chapellon <alxgomz@gmail.com>
This commit is contained in:
Denys Vuika 2023-03-06 08:05:14 -05:00 committed by GitHub
parent b3b9a2dc09
commit 3fb91eeafc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 73 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
.github/actions/git-tag/action.yml vendored
View File

@ -22,14 +22,16 @@ runs:
shell: bash shell: bash
run: | run: |
if [[ ${{ inputs.branch_name }} == "master" ]]; then if [[ ${{ inputs.branch_name }} == "master" ]]; then
VERSION=$(grep -m1 version package.json | awk '{ print $2 }' | sed 's/[", ]//g') VERSION=$(jq -cr '.version' < package.json)
echo "git tag -a ${VERSION} -m ${VERSION}"
if [[ ${{ inputs.dry-run }} == false ]]; then
git tag -a ${VERSION} -m "${VERSION} [ci skip] "
git remote rm origin
GITHUB_REPO=https://${{ inputs.github_token }}:x-oauth-basic@github.com/Alfresco/alfresco-content-app.git
git remote add origin $GITHUB_REPO
git push origin --tags
fi;
fi; fi;
echo "git tag -a ${VERSION} -m ${VERSION}"
if [[ ${{ inputs.dry-run }} == false ]]; then
git tag -a ${VERSION} -m "${VERSION} [ci skip] "
git remote rm origin
GITHUB_REPO=https://${{ inputs.github_token }}:x-oauth-basic@github.com/Alfresco/alfresco-content-app.git
git remote add origin $GITHUB_REPO
git push origin --tags
fi;

10
.github/actions/publish-image/action.yml vendored
View File

@ -14,6 +14,10 @@ inputs:
description: 'login password' description: 'login password'
required: true required: true
type: string type: string
branch_name:
description: 'Name of the branch the workflow runs on'
required: true
type: string
dry-run: dry-run:
description: dry run flag description: dry run flag
required: true required: true
@ -25,12 +29,12 @@ runs:
- name: Get docker image tag name - name: Get docker image tag name
shell: bash shell: bash
run: | run: |
if [[ $BRANCH_NAME == "master" ]]; then if [[ ${{ inputs.branch_name }} == "master" ]]; then
TAG_VERSION=$(grep -m1 version package.json | awk '{ print $2 }' | sed 's/[", ]//g') TAG_VERSION=$(grep -m1 version package.json | awk '{ print $2 }' | sed 's/[", ]//g')
else else
TAG_VERSION=$BRANCH_NAME-${{ github.run_id }} TAG_VERSION=${{ inputs.branch_name }}-${{ github.run_id }}
fi fi
echo "TAG_VERSION=$TAG_VERSION" >> $GITHUB_ENV echo "TAG_VERSION=$TAG_VERSION" >> $GITHUB_ENV
- name: Publish image - name: Publish image
shell: bash shell: bash
run: ./scripts/travis/deploy/publish.sh ${{ inputs.domain }} ${{ inputs.username }} ${{ inputs.password }} $TAG_VERSION $BRANCH_NAME ${{ inputs.dry-run }} run: ./scripts/travis/deploy/publish.sh ${{ inputs.domain }} ${{ inputs.username }} ${{ inputs.password }} $TAG_VERSION ${{ inputs.branch_name }} ${{ inputs.dry-run }}

46
.github/actions/publish-libs/action.yml vendored
View File

@ -2,18 +2,26 @@ name: "Publish ACA libs to NPM and GH registry"
description: "Publish ACA libs to NPM and GH registry" description: "Publish ACA libs to NPM and GH registry"
inputs: inputs:
branch_name:
description: 'Name of the branch the workflow runs on'
required: true
type: string
github_token: github_token:
description: 'Github token' description: 'Github token'
required: true required: true
type: string type: string
npm-registry-address: npm_registry_address:
description: 'NPM registry address' description: 'NPM registry address'
required: true required: true
type: string type: string
npm-registry-token: npm_registry_token:
description: 'NPM registry token' description: 'NPM registry token'
required: true required: true
type: string type: string
npm_tag:
description: 'NPM tag'
required: true
type: string
dry-run: dry-run:
description: dry run flag description: dry run flag
required: true required: true
@ -22,21 +30,22 @@ inputs:
runs: runs:
using: "composite" using: "composite"
steps: steps:
- run: npm ci
shell: bash
- name: update libs version - name: update libs version
shell: bash shell: bash
run: | run: |
ROOT_DIR=./../../..
export DIST_DIR=./dist/@alfresco export DIST_DIR=./dist/@alfresco
PROJECTS_DIR=./projects PROJECTS_DIR=./projects
VERSION_IN_PACKAGE_JSON=$(node -p "require('$ROOT_DIR/package.json').version;") VERSION_IN_PACKAGE_JSON=$(node -p "require('./package.json').version;")
if [[ $TRAVIS_BRANCH =~ ^master.*?$ ]] ; then if [[ ${{ inputs.branch_name }} =~ ^master.*?$ ]] ; then
NEW_LIBRARY_VERSION=VERSION_IN_PACKAGE_JSON NEW_LIBRARY_VERSION=VERSION_IN_PACKAGE_JSON
else else
NEW_LIBRARY_VERSION="${VERSION_IN_PACKAGE_JSON}-${{ github.run_id }}" NEW_LIBRARY_VERSION="${VERSION_IN_PACKAGE_JSON}-${{ github.run_id }}"
fi fi
echo -e "Branch is '$BRANCH_NAME', therefore publish with '$TAG_NPM' tag\n" echo -e "Branch is '${{ inputs.branch_name }}, therefore publish with '${{ inputs.npm_tag }}' tag\n"
export PROJECTS=( export PROJECTS=(
'aca-shared' 'aca-shared'
@ -50,15 +59,12 @@ runs:
for PROJECT in "${PROJECTS[@]}"; do for PROJECT in "${PROJECTS[@]}"; do
echo "Update ${PROJECT} version to ${NEW_LIBRARY_VERSION}" echo "Update ${PROJECT} version to ${NEW_LIBRARY_VERSION}"
cd $PROJECTS_DIR/${PROJECT}
if [[ ${{ inputs.dry-run }} == false ]]; then if [[ ${{ inputs.dry-run }} == false ]]; then
npm version ${NEW_LIBRARY_VERSION} (cd cd $PROJECTS_DIR/${PROJECT} && npm version --allow-same-version --no-git-tag-version --force ${NEW_LIBRARY_VERSION})
fi fi
done done
echo -e "\n\nBuild projects" echo -e "\n\nBuild projects"
cd ${ROOT_DIR}
npm run build-libs npm run build-libs
- uses: actions/setup-node@v3 - uses: actions/setup-node@v3
name: setup GH registry name: setup GH registry
@ -75,12 +81,12 @@ runs:
if [[ ${{ inputs.dry-run }} == false ]]; then if [[ ${{ inputs.dry-run }} == false ]]; then
echo -e "Publish with dry mode for project to GH registry: $PROJECT\n" echo -e "Publish with dry mode for project to GH registry: $PROJECT\n"
echo -e "npm publish --dry-run --tag $TAG_NPM \n" echo -e "npm publish --dry-run --tag ${{ inputs.npm_tag }} \n"
npm publish --dry-run --tag $TAG_NPM npm publish --dry-run --tag ${{ inputs.npm_tag }}
else else
echo -e "======== Publishing project to GH registry: $PROJECT ========\n" echo -e "======== Publishing project to GH registry: $PROJECT ========\n"
echo -e "npm publish --tag $TAG_NPM\n" echo -e "npm publish --tag ${{ inputs.npm_tag }}\n"
npm publish --tag $TAG_NPM npm publish --tag ${{ inputs.npm_tag }}
fi fi
done done
env: env:
@ -89,7 +95,7 @@ runs:
name: setup NPM registry name: setup NPM registry
with: with:
node-version-file: '.nvmrc' node-version-file: '.nvmrc'
registry-url: ${{ inputs.npm-registry-address }} registry-url: ${{ inputs.npm_registry_address }}
scope: '@alfresco' scope: '@alfresco'
- name: publish tag to NPM registry - name: publish tag to NPM registry
shell: bash shell: bash
@ -100,13 +106,13 @@ runs:
if [[ ${{ inputs.dry-run }} == false ]]; then if [[ ${{ inputs.dry-run }} == false ]]; then
echo -e "Publish with dry mode for project to NPM registry: $PROJECT\n" echo -e "Publish with dry mode for project to NPM registry: $PROJECT\n"
echo -e "npm publish --dry-run --tag $TAG_NPM \n" echo -e "npm publish --dry-run --tag ${{ inputs.npm_tag }} \n"
npm publish --dry-run --tag $TAG_NPM npm publish --dry-run --tag ${{ inputs.npm_tag }}
else else
echo -e "======== Publishing project to NPM registry: $PROJECT ========\n" echo -e "======== Publishing project to NPM registry: $PROJECT ========\n"
echo -e "npm publish --tag $TAG_NPM\n" echo -e "npm publish --tag ${{ inputs.npm_tag }}\n"
npm publish --tag $TAG_NPM npm publish --tag ${{ inputs.npm_tag }}
fi fi
done done
env: env:
NODE_AUTH_TOKEN: ${{ inputs.npm-registry-token }} NODE_AUTH_TOKEN: ${{ inputs.npm_registry_token }}

1
.github/workflows/aca-upstream.yml vendored
View File

@ -3,7 +3,6 @@ name: "ACA upstream"
on: on:
schedule: schedule:
- cron: "0 12 * * *" - cron: "0 12 * * *"
workflow_call:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
repo_to_update: repo_to_update:

52
.github/workflows/release.yml vendored
View File

@ -2,7 +2,6 @@ name: "Release"
on: on:
workflow_dispatch: workflow_dispatch:
workflow_call:
inputs: inputs:
dry-run-release: dry-run-release:
description: 'enable dry-run' description: 'enable dry-run'
@ -40,32 +39,16 @@ env:
APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/assets/silent-refresh.html" APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/assets/silent-refresh.html"
jobs: jobs:
setup:
if: github.event.pull_request.merged || ${{ inputs.dry-run-release }}
name: "Setup"
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 2
- name: node
uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: 'npm'
- uses: ./.github/actions/setup
publish-docker-registry: publish-docker-registry:
needs: [setup] if: github.event.pull_request.merged || inputs.dry-run-release
if: github.event.pull_request.merged || ${{ inputs.dry-run-release }} name: "Publish to registry"
name: "Publish to registry"
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
with: with:
fetch-depth: 2 fetch-depth: 2
- name: node - name: Setup node
uses: actions/setup-node@v3 uses: actions/setup-node@v3
with: with:
node-version-file: '.nvmrc' node-version-file: '.nvmrc'
@ -74,13 +57,14 @@ jobs:
- name: publish - name: publish
uses: ./.github/actions/publish-image uses: ./.github/actions/publish-image
with: with:
branch_name: ${{ env.BRANCH_NAME }}
domain: quay.io domain: quay.io
username: ${{ secrets.QUAY_USERNAME }} username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }} password: ${{ secrets.QUAY_PASSWORD }}
dry-run: ${{ inputs.dry-run-release }} dry-run: ${{ inputs.dry-run-release }}
publish-to-dockerhub: publish-to-dockerhub:
needs: [setup] if: github.event.pull_request.merged || inputs.dry-run-release
if: github.event.pull_request.merged || ${{ inputs.dry-run-release }}
name: "Publish to Dockerhub" name: "Publish to Dockerhub"
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -88,7 +72,7 @@ jobs:
uses: actions/checkout@v3 uses: actions/checkout@v3
with: with:
fetch-depth: 2 fetch-depth: 2
- name: node - name: Setup node
uses: actions/setup-node@v3 uses: actions/setup-node@v3
with: with:
node-version-file: '.nvmrc' node-version-file: '.nvmrc'
@ -97,13 +81,14 @@ jobs:
- name: publish - name: publish
uses: ./.github/actions/publish-image uses: ./.github/actions/publish-image
with: with:
branch_name: ${{ env.BRANCH_NAME }}
domain: docker.io domain: docker.io
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
dry-run: ${{ inputs.dry-run-release }} dry-run: ${{ inputs.dry-run-release }}
publish-git-tag: publish-git-tag:
needs: [setup] if: (github.event.pull_request.merged && github.ref_name == 'master') || inputs.dry-run-release
if: (github.event.pull_request.merged && $BRANCH_NAME == "master")|| ${{ inputs.dry-run-release }}
name: "Publish git tag" name: "Publish git tag"
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -111,7 +96,7 @@ jobs:
uses: actions/checkout@v3 uses: actions/checkout@v3
with: with:
fetch-depth: 2 fetch-depth: 2
- name: node - name: Setup node
uses: actions/setup-node@v3 uses: actions/setup-node@v3
with: with:
node-version-file: '.nvmrc' node-version-file: '.nvmrc'
@ -128,9 +113,9 @@ jobs:
github_token: ${{ secrets.GITHUB_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}
branch_name: ${{ env.BRANCH_NAME }} branch_name: ${{ env.BRANCH_NAME }}
dry-run: ${{ inputs.dry-run-release }} dry-run: ${{ inputs.dry-run-release }}
publish-libs: publish-libs:
needs: [setup] if: (github.event.pull_request.merged && github.ref_name == 'master') || inputs.dry-run-release
if: github.event.pull_request.merged || ${{ inputs.dry-run-release }}
name: "Publish libs to npm and gh registry" name: "Publish libs to npm and gh registry"
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -138,11 +123,18 @@ jobs:
uses: actions/checkout@v3 uses: actions/checkout@v3
with: with:
fetch-depth: 2 fetch-depth: 2
- name: Setup node
uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: 'npm'
- uses: ./.github/actions/setup - uses: ./.github/actions/setup
- name: publish - name: publish
uses: ./.github/actions/publish-libs uses: ./.github/actions/publish-libs
with: with:
branch_name: ${{ env.BRANCH_NAME }}
github_token: ${{ secrets.GITHUB_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}
npm-registry-address: ${{ vars.NPM_REGISTRY_ADDRESS }} npm_registry_address: ${{ vars.NPM_REGISTRY_ADDRESS }}
npm-registry-token: ${{ secrets.NPM_REGISTRY_TOKEN }} npm_registry_token: ${{ secrets.NPM_REGISTRY_TOKEN }}
npm_tag: ${{ env.TAG_NPM }}
dry-run: ${{ inputs.dry-run-release }} dry-run: ${{ inputs.dry-run-release }}

16
scripts/travis/deploy/publish.sh
View File

@ -14,14 +14,12 @@ DOCKER_PROJECT_ARGS="PROJECT_NAME=content-ce"
DOCKER_REPOSITORY="$DOMAIN/$REPO_SLUG" DOCKER_REPOSITORY="$DOMAIN/$REPO_SLUG"
# Publish Image to quay.io or dockerhub or another domain - only publish the version on master - elsewhere version and branch # Publish Image to quay.io or dockerhub or another domain - only publish the version on master - elsewhere version and branch
if [[ $TRAVIS_BRANCH == "master" ]]; then if [[ "$BRANCH_NAME" == "master" ]]; then
echo "npx @alfresco/adf-cli docker-publish --loginCheck --loginUsername '$USERNAME' --loginPassword '$PASSWORD' --loginRepo '$DOMAIN' --dockerRepo '$DOCKER_REPOSITORY' --buildArgs $DOCKER_PROJECT_ARGS --dockerTags '$TAG_VERSION' " if [[ "$DRY_RUN" == "false" ]]; then
if [[ $DRY_RUN == false ]]; then npx @alfresco/adf-cli docker-publish --loginCheck --loginUsername "$USERNAME" --loginPassword "$PASSWORD" --loginRepo "$DOMAIN" --dockerRepo "$DOCKER_REPOSITORY" --buildArgs "$DOCKER_PROJECT_ARGS" --dockerTags "$TAG_VERSION" --pathProject "$(pwd)"
npx @alfresco/adf-cli docker-publish --loginCheck --loginUsername "$USERNAME" --loginPassword "$PASSWORD" --loginRepo "$DOMAIN" --dockerRepo "$DOCKER_REPOSITORY" --buildArgs "$DOCKER_PROJECT_ARGS" --dockerTags "$TAG_VERSION" --pathProject "$(pwd)" fi;
fi;
else else
echo "npx @alfresco/adf-cli docker-publish --loginCheck --loginUsername '$USERNAME' --loginPassword '$PASSWORD' --loginRepo '$DOMAIN' --dockerRepo '$DOCKER_REPOSITORY' --buildArgs $DOCKER_PROJECT_ARGS --dockerTags '$TAG_VERSION,$BRANCH_NAME' " if [[ "$DRY_RUN "== "false" ]]; then
if [[ $DRY_RUN == false ]]; then npx @alfresco/adf-cli docker-publish --loginCheck --loginUsername "$USERNAME" --loginPassword "$PASSWORD" --loginRepo "$DOMAIN" --dockerRepo "$DOCKER_REPOSITORY" --buildArgs "$DOCKER_PROJECT_ARGS" --dockerTags "$TAG_VERSION,$BRANCH_NAME" --pathProject "$(pwd)"
npx @alfresco/adf-cli docker-publish --loginCheck --loginUsername "$USERNAME" --loginPassword "$PASSWORD" --loginRepo "$DOMAIN" --dockerRepo "$DOCKER_REPOSITORY" --buildArgs "$DOCKER_PROJECT_ARGS" --dockerTags "$TAG_VERSION,$BRANCH_NAME" --pathProject "$(pwd)" fi;
fi;
fi; fi;