release #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| check-author: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Check if user is in CODEOWNERS | |
| id: check_user | |
| run: | | |
| CODEOWNERS_PATH="CODEOWNERS" | |
| if [ ! -f "$CODEOWNERS_PATH" ]; then | |
| echo "CODEOWNERS file not found." | |
| exit 1 | |
| fi | |
| # Extract GitHub usernames from CODEOWNERS file (assumes usernames, not emails or teams) | |
| USERS=$(grep '@' $CODEOWNERS_PATH | sed -E 's/.*@([^ ]+).*/\1/' | tr '\n' ' ') | |
| # Check if the actor is in the list of users | |
| if [[ ! " $USERS " =~ " ${{ github.actor }} " ]]; then | |
| echo "Error: Actor ${{ github.actor }} is not listed in CODEOWNERS." | |
| exit 1 | |
| else | |
| echo "Actor ${{ github.actor }} is listed in CODEOWNERS." | |
| fi | |
| # we can add an approval stage with the environment so it can only be run when accepted by two authorized users. | |
| build: | |
| needs: check-author | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - uses: pnpm/action-setup@v3 | |
| with: | |
| version: 9 | |
| - run: pnpm add -g pnpm | |
| - name: 'Setup Node.js with pnpm cache' | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: 'pnpm' | |
| - run: pnpm install | |
| - run: pnpm build | |
| - name: 'Save build output' | |
| uses: actions/cache/save@v4 | |
| with: | |
| path: ${{ github.workspace }} | |
| key: ${{ runner.os }}-build-${{ github.sha }}-${{ github.run_id }} | |
| test: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: ['18.x', '20.x'] | |
| steps: | |
| - uses: pnpm/action-setup@v3 | |
| with: | |
| version: 9 | |
| - run: pnpm add -g pnpm | |
| - name: 'Restore build output' | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: ${{ github.workspace }} | |
| key: ${{ runner.os }}-build-${{ github.sha }}-${{ github.run_id }} | |
| restore-keys: ${{ runner.os }}-build-${{ github.sha }} | |
| fail-on-cache-miss: true | |
| - name: 'Setup Node.js with pnpm cache' | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'pnpm' | |
| - name: 'Run node' | |
| run: pnpm test | |
| - uses: actions/upload-artifact@v4 | |
| # we are only uploading the 20 coverage report so we do not have to merge them in the next step. | |
| if: matrix.node-version == '20.x' | |
| with: | |
| name: coverage-artifacts | |
| path: coverage/ | |
| report-coverage: | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: coverage-artifacts | |
| path: coverage | |
| - uses: codecov/codecov-action@v4 | |
| with: | |
| fail_ci_if_error: true | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| lint: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: pnpm/action-setup@v3 | |
| with: | |
| version: 9 | |
| - run: pnpm add -g pnpm | |
| - name: 'Restore build output' | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: ${{ github.workspace }} | |
| key: ${{ runner.os }}-build-${{ github.sha }}-${{ github.run_id }} | |
| restore-keys: ${{ runner.os }}-build-${{ github.sha }} | |
| fail-on-cache-miss: true | |
| - name: 'Setup Node.js with pnpm cache' | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: 'pnpm' | |
| # we are not using the github action for biome, but the package.json script. this makes sure we are using the same versions. | |
| - name: Run Biome | |
| run: pnpm run biome:ci | |
| publish: | |
| # needs permissions to write tags to the repository | |
| permissions: | |
| contents: write | |
| needs: | |
| - build | |
| - test | |
| - lint | |
| env: | |
| NPM_TOKEN: ${{secrets.NPM_TOKEN }} | |
| NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN }} | |
| GH_TOKEN: ${{secrets.GITHUB_TOKEN }} | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN }} | |
| GH_USER: github-actions | |
| GH_EMAIL: github-actions@github.com | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{secrets.GITHUB_TOKEN }} | |
| - uses: pnpm/action-setup@v3 | |
| with: | |
| version: 9 | |
| - run: pnpm add -g pnpm | |
| - name: 'Setup Node.js with pnpm cache' | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: 'pnpm' | |
| - name: 'Restore build output' | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: ${{ github.workspace }} | |
| key: ${{ runner.os }}-build-${{ github.sha }}-${{ github.run_id }} | |
| restore-keys: ${{ runner.os }}-build-${{ github.sha }} | |
| fail-on-cache-miss: true | |
| - name: 'Setup git coordinates' | |
| run: | | |
| git remote set-url origin https://${{github.actor}}:${{secrets.TOKEN}}@github.com/${{ github.repository }}.git | |
| git config user.name $GH_USER | |
| git config user.email $GH_EMAIL | |
| - name: 'Setup npm registry' | |
| run: | | |
| echo "@sd-jwt:registry=https://registry.npmjs.org/" > .npmrc | |
| echo "registry=https://registry.npmjs.org/" >> .npmrc | |
| echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> .npmrc | |
| npm whoami | |
| - name: 'Publish latest version' | |
| run: pnpm publish:latest |