Release #70
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: "Version" | |
required: true | |
type: string | |
jobs: | |
release: | |
environment: | |
name: npm-production | |
permissions: | |
contents: write | |
id-token: write | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NPM_CONFIG_PROVENANCE: true | |
PKG_VERSION: ${{ inputs.version }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Fetches all history for all branches and tags | |
- name: Setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
registry-url: "https://registry.npmjs.org" | |
- name: Setup pnpm and install dependencies | |
uses: pnpm/action-setup@v4 | |
with: | |
run_install: false | |
- name: Get pnpm store directory | |
id: pnpm-cache | |
shell: bash | |
run: | | |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT | |
- name: Cache dependencies | |
uses: actions/cache@v4 | |
env: | |
cache-name: cache-node-modules | |
with: | |
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} | |
key: ${{ runner.os }}-pnpm-store-${{ env.cache-name }}-${{ hashFiles('**/pnpm-lock.yaml') }} | |
restore-keys: | | |
v1-${{ runner.os }}-pnpm-store-${{ env.cache-name }}- | |
v1-${{ runner.os }}-pnpm-store- | |
v1-${{ runner.os }}- | |
- name: Install dependencies | |
run: pnpm install | |
- name: Pre-flight | |
run: | | |
# Check if the incoming version exactly matches the format xx.xx.xx e.g. no `v` prefix | |
[[ "$PKG_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] \ | |
|| { echo "PKG_VERSION must be an explicit semver version with no `v` prefix"; exit 1; } | |
# Check incoming version is at or above the currently published version on NPM | |
# Note: we allow the current version in the even that a publish partially fails | |
npx semver ${{ inputs.version }} -r ">=$(npm show sanity version) 3.x" | |
# Check if `NODE_AUTH_TOKEN` is working | |
npm whoami | |
# Configure git | |
# https://github.com/actions/checkout/pull/1184 | |
git config --global user.name 'github-actions[bot]' | |
git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com' | |
git config --global advice.skippedCherryPicks false | |
# Fetch all branches (-u allows fetching the current branch) | |
git fetch origin current:current -u | |
git fetch origin next:next -u | |
git fetch origin ${{ github.ref }}:${{ github.ref }} -u | |
# Check for unexpected commits in 'next' | |
git log next..current --oneline | grep -q '.' && { \ | |
echo "Error: 'current' has commits that 'next' does not. Aborting."; \ | |
exit 1; } || true | |
# Check for unexpected commits in selected branch | |
git log ${{ github.ref }}..current --oneline | grep -q '.' && { \ | |
echo "Error: 'current' has commits that '${{ github.ref }}' does not. Aborting."; \ | |
exit 1; } || true | |
- name: Rebase 'current' | |
run: | | |
git checkout current | |
git rebase ${{ github.ref }} | |
- name: Build | |
run: pnpm build --output-logs=full --log-order=grouped | |
- name: Publish | |
run: | | |
# Re-run lerna version and push since the build was successful | |
lerna version \ | |
--force-git-tag \ | |
--force-publish \ | |
--exact \ | |
--yes \ | |
${{ inputs.version }} | |
# https://github.com/lerna/lerna/tree/v8.1.2/libs/commands/publish#bump-from-package | |
lerna publish \ | |
--force-publish \ | |
--exact \ | |
--yes \ | |
from-package |