-
Notifications
You must be signed in to change notification settings - Fork 3
134 lines (127 loc) · 4.48 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
---
name: CI
run-name: >-
${{
inputs.release && inputs.test && 'CI ➤ Test ➤ Release' ||
inputs.test && 'CI ➤ Test' ||
inputs.release && 'CI ➤ Release' ||
''
}}
on:
pull_request:
types: [opened, synchronize]
push:
branches: [main]
workflow_dispatch:
inputs:
test:
description: Test
required: true
default: true
type: boolean
release:
description: Release
required: true
default: false
type: boolean
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
permissions:
contents: read # for checkout
jobs:
build:
runs-on: ubuntu-latest
env:
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
TURBO_TEAM: ${{ vars.TURBO_TEAM }}
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
- uses: actions/setup-node@v4
with:
cache: pnpm
node-version: lts/*
- run: pnpm install
- run: pnpm lint
if: github.event.inputs.test != 'false'
- run: pnpm build --summarize -vvv
# if: github.event.inputs.test != 'false'
test:
needs: build
# The test matrix can be skipped, in case a new release needs to be fast-tracked and tests are already passing on main
if: github.event.inputs.test != 'false'
timeout-minutes: 15
strategy:
# A test failing on windows doesn't mean it'll fail on macos. It's useful to let all tests run to its completion to get the full picture
fail-fast: false
matrix:
# https://nodejs.org/en/about/releases/
# https://pnpm.io/installation#compatibility
# Includes the lowest version supported by preview-kit (defined in pkg.engines.node)
node: [lts/-1, lts/*]
os: [ubuntu-latest]
# Also test the LTS on mac and windows
include:
- os: macos-latest
node: lts/*
- os: windows-latest
node: lts/*
# We want to know ASAP if an upcoming breaking changes in the next LTS will affect us, but since "current" are unstable,
# it sometimes might fail until a new nightly comes out and we don't want to be blocked from merging PRs when this happens.
continue-on-error: ${{ matrix.node == 'current' }}
runs-on: ${{ matrix.os }}
env:
NODE_VERSION: ${{ matrix.node }}
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
TURBO_TEAM: ${{ vars.TURBO_TEAM }}
steps:
# It's only necessary to do this for windows, as mac and ubuntu are sane OS's that already use LF
- if: matrix.os == 'windows-latest'
run: |
git config --global core.autocrlf false
git config --global core.eol lf
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
- uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ matrix.node }}
- run: pnpm install --loglevel=error
- run: pnpm test
release:
permissions:
id-token: write # to enable use of OIDC for npm provenance
needs: [build, test]
# only run if opt-in during workflow_dispatch
if: always() && github.event.inputs.release == 'true' && needs.build.result != 'failure' && needs.test.result != 'failure' && needs.test.result != 'cancelled'
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.ECOSPARK_APP_ID }}
private-key: ${{ secrets.ECOSPARK_APP_PRIVATE_KEY }}
- uses: actions/checkout@v4
with:
# Need to fetch entire commit history to
# analyze every commit since last release
fetch-depth: 0
# Uses generated token to allow pushing commits back
token: ${{ steps.app-token.outputs.token }}
# Make sure the value of GITHUB_TOKEN will not be persisted in repo's config
persist-credentials: false
- uses: pnpm/action-setup@v4
- uses: actions/setup-node@v4
with:
cache: pnpm
node-version: lts/*
- run: pnpm install --loglevel=error
- run: pnpm run -r release
# Don't allow interrupting the release step if the job is cancelled, as it can lead to an inconsistent state
# e.g. git tags were pushed but it exited before `npm publish`
if: always()
env:
NPM_CONFIG_PROVENANCE: true
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}