inteligr8/alfresco-ng2-components
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-ng2-components.git synced 2026-04-23 22:30:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ACS-10765] Switch to NPM trusted publishing (#11388)

Browse Source 
* [ACS-10765] Switch to NPM trusted publishing

* [ACS-10765] CR fixes

* [ACS-10765] Set NPM_TAG without github env usage

* [ACS-10765] CR fixes

* [ACS-10765] CR fix
This commit is contained in:
Michal Kinas
2025-11-27 13:27:16 +01:00
committed by GitHub
parent 533bf89b18
commit 91447f8646
8 changed files with 52 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/actions/npm-check-bundle/action.yml vendored
View File

@@ -12,12 +12,15 @@ runs:
steps:
- name: load "NPM TAG"
id: set-npm-tag
uses: ./.github/actions/set-npm-tag
with:
branch_name: ${{ inputs.branch_name }}
- name: check npm bundle
shell: bash
id: sha_out
env:
TAG_NPM: ${{ steps.set-npm-tag.outputs.npm-tag }}
run: |
if [[ -z $TAG_NPM ]]; then
echo "TAG_NPM not set, aborting"

46
.github/actions/set-npm-tag/action.yml vendored
View File

@@ -2,38 +2,44 @@ name: "set npm tag"
description: "se NPM tag"
inputs:
event_name:
description: "override github.event_name"
required: false
default: ${{ github.event_name }}
branch_name:
description: "override GITHUB_REF_NAME"
required: false
default: ${{ github.ref_name }}
outputs:
npm-tag:
description: "NPM tag"
value: ${{ steps.set-npm-tag.outputs.npm-tag }}
runs:
using: "composite"
steps:
- name: set TAG_NPM
id: set-npm-tag
shell: bash
env:
BRANCH_NAME: ${{ inputs.branch_name }}
run: |
TAG_NPM="alpha"
VERSION_IN_PACKAGE_JSON=$(node -p "require('./package.json')".version)
echo "version in package.json=${VERSION_IN_PACKAGE_JSON}"
if [[ $BRANCH_NAME =~ ^master(-patch.*)?$ ]]; then
# Pre-release versions
if [[ $VERSION_IN_PACKAGE_JSON =~ ^[0-9]*\.[0-9]*\.[0-9]*-A\.[0-9]*$ ]];
then
TAG_NPM=next
# Stable major versions
else
TAG_NPM=latest
fi
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
TAG_NPM="branch"
else
TAG_NPM="alpha"
VERSION_IN_PACKAGE_JSON=$(node -p "require('./package.json')".version)
echo "version in package.json=${VERSION_IN_PACKAGE_JSON}"
if [[ $BRANCH_NAME =~ ^master(-patch.*)?$ ]]; then
# Pre-release versions
if [[ $VERSION_IN_PACKAGE_JSON =~ ^[0-9]*\.[0-9]*\.[0-9]*-A\.[0-9]*$ ]]; then
TAG_NPM=next
# Stable major versions
else
TAG_NPM=latest
fi
fi
if [[ $BRANCH_NAME =~ ^develop(-patch.*)?$ ]]; then
TAG_NPM=alpha
fi
fi
if [[ $BRANCH_NAME =~ ^develop(-patch.*)?$ ]]; then
TAG_NPM=alpha
fi
echo "TAG_NPM=${TAG_NPM}" >> $GITHUB_ENV
echo "npm-tag=$TAG_NPM" >> $GITHUB_OUTPUT
echo "Computed tag: $TAG_NPM"

5
.github/actions/setup/action.yml vendored
View File

@@ -11,6 +11,10 @@ inputs:
required: false
type: boolean
default: 'false'
outputs:
npm-tag:
description: 'NPM tag'
value: ${{ steps.set-npm-tag.outputs.npm-tag }}
runs:
using: "composite"
steps:
@@ -38,6 +42,7 @@ runs:
node_modules-${{ runner.os }}-build-
node_modules-${{ runner.os }}-
- name: load "NPM TAG"
id: set-npm-tag
uses: ./.github/actions/set-npm-tag
- name: before install script
uses: ./.github/actions/before-install

108
.github/workflows/release-branch.yml vendored
View File

@@ -1,108 +0,0 @@
name: Release lib on branch
run-name: Release lib on branch ${{ github.ref_name }}
on:
workflow_dispatch:
inputs:
dry-run-flag:
description: 'enable dry-run on artifact push'
required: false
type: boolean
default: true
env:
BASE_REF: ${{ github.base_ref }}
HEAD_REF: ${{ github.head_ref }}
GH_COMMIT: ${{ github.sha }}
GH_BUILD_NUMBER: ${{ github.run_id }}
LOG_LEVEL: "ERROR"
NODE_OPTIONS: "--max-old-space-size=5120"
GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
jobs:
setup:
timeout-minutes: 20
name: "Setup"
runs-on: ubuntu-latest
steps:
- name: set TAG_NPM BRANCH
shell: bash
run: |
TAG_NPM="branch"
echo "Set TAG with name: ${TAG_NPM}"
echo "TAG_NPM=${TAG_NPM}" >> $GITHUB_ENV
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with:
fetch-depth: 0
- uses: ./.github/actions/setup
with:
enable-node-modules-cache: false
- name: install
run: |
npm ci
npm run bundle:js-api
npm run bundle:cli
- uses: ./.github/actions/upload-node-modules-and-artifacts
release-npm:
needs: [setup]
timeout-minutes: 30
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with:
fetch-depth: 0
- uses: ./.github/actions/setup
with:
enable-node-modules-cache: false
- id: set-dryrun
uses: ./.github/actions/enable-dryrun
with:
dry-run-flag: ${{ inputs.dry-run-flag }}
- uses: ./.github/actions/download-node-modules-and-artifacts
- name: Set libraries versions
run: |
set -u;
./scripts/update-version.sh -gnu || exit 1;
- name: Set migrations
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const setMigrations = require('./scripts/github/release/set-migrations.js');
setMigrations();
- name: Build libraries
run: |
npm run build:libs
npm run build:schematics
- uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
name: release libraries GH registry
with:
node-version-file: '.nvmrc'
registry-url: 'https://npm.pkg.github.com'
scope: '@alfresco'
- run: npm run publish -- --tag=branch || exit 1
env:
NODE_AUTH_TOKEN: ${{ secrets.PAT_WRITE_PKG }}
- uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
name: release libraries Npm registry
with:
node-version-file: '.nvmrc'
registry-url: 'https://${{ vars.NPM_REGISTRY_ADDRESS }}'
scope: '@alfresco'
- run: npm run publish -- --tag=branch || exit 1
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_REGISTRY_TOKEN }}
npm-check-bundle:
needs: [release-npm]
timeout-minutes: 15
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
- uses: ./.github/actions/npm-check-bundle

26
.github/workflows/release.yml vendored
View File

@@ -23,6 +23,10 @@ on:
- develop-patch*
- master-patch*
permissions:
id-token: write # Required for OIDC
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
@@ -34,12 +38,11 @@ env:
GH_BUILD_NUMBER: ${{ github.run_id }}
LOG_LEVEL: "ERROR"
NODE_OPTIONS: "--max-old-space-size=5120"
GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
jobs:
setup:
timeout-minutes: 20
if: github.event.pull_request.merged == true || github.ref_name == 'master' || github.ref_name == 'master-patch-*'
if: github.event.pull_request.merged == true || github.ref_name == 'master' || github.ref_name == 'master-patch-*' || github.event_name == 'workflow_dispatch'
name: "Setup"
runs-on: ubuntu-latest
steps:
@@ -62,9 +65,10 @@ jobs:
outputs:
release_version: ${{ steps.set-version.outputs.release_version }}
timeout-minutes: 30
if: github.event.pull_request.merged == true || github.ref_name == 'master' || github.ref_name == 'master-patch-*'
if: github.event.pull_request.merged == true || github.ref_name == 'master' || github.ref_name == 'master-patch-*' || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
permissions:
id-token: write # Required for OIDC
contents: read
packages: write
steps:
@@ -72,7 +76,8 @@ jobs:
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with:
fetch-depth: 0
- uses: ./.github/actions/setup
- id: setup
uses: ./.github/actions/setup
with:
enable-node-modules-cache: false
- id: set-dryrun
@@ -101,22 +106,21 @@ jobs:
node-version-file: '.nvmrc'
registry-url: 'https://npm.pkg.github.com'
scope: '@alfresco'
- run: npm run publish -- --tag=$TAG_NPM || exit 1
- run: npm run publish -- --tag=${{ steps.setup.outputs.npm-tag }}
env:
NODE_AUTH_TOKEN: ${{ secrets.PAT_WRITE_PKG }}
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
name: release libraries Npm registry
with:
node-version-file: '.nvmrc'
registry-url: 'https://${{ vars.NPM_REGISTRY_ADDRESS }}'
scope: '@alfresco'
- run: npm run publish -- --tag=$TAG_NPM || exit 1
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_REGISTRY_TOKEN }}
- run: npm run publish -- --tag=${{ steps.setup.outputs.npm-tag }}
create-git-tag:
runs-on: ubuntu-latest
needs: [setup, release-npm]
if: github.event_name != 'workflow_dispatch'
name: Create github tag
permissions:
contents: write
@@ -152,7 +156,7 @@ jobs:
npm-check-bundle:
needs: [release-npm]
timeout-minutes: 15
if: github.event.pull_request.merged == true || github.ref_name == 'master' || github.ref_name == 'master-patch-*'
if: github.event.pull_request.merged == true || github.ref_name == 'master' || github.ref_name == 'master-patch-*' || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
@@ -161,7 +165,7 @@ jobs:
push-translation-keys-to-crowdin:
name: Push translations keys to Crowdin
if: ${{ github.ref == 'refs/heads/develop' }}
if: github.ref_name == 'develop' && github.event_name != 'workflow_dispatch'
runs-on: ubuntu-latest
needs: [setup]
permissions:

2
.nvmrc
View File

@@ -1 +1 @@
22.14.0
24.11.1

2
lib/process-services-cloud/.nvmrc
View File

@@ -1 +1 @@
22.14.0
24.11.1

2
scripts/github/build/bumpversion.sh
View File

@@ -4,7 +4,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $DIR/../../../
BRANCH=${GITHUB_REF##*/}
if [[ $BRANCH =~ ^develop(-patch.*)?$ ]]
if [[ ! $BRANCH =~ ^master(-patch.*)?$ ]]
then
echo "Replace NPM version with new Alpha tag"
./scripts/update-version.sh -gnu || exit 1;