From eaabc2af48cbd76ad1170b01b4bd9f328b229533 Mon Sep 17 00:00:00 2001 From: Alec Gibson <12036746+alecgibson@users.noreply.github.com> Date: Thu, 18 Jan 2024 11:33:21 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=91=B7=E2=80=8D=E2=99=80=EF=B8=8F=20Move?= =?UTF-8?q?=20publishing=20inside=20single=20workflow?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit At the moment, we have two Github Action workflows: - `test.yml`: runs build and test, then tags when bumping the version in `main` - `publish.yml`: releases the package when a new tag is published The issue with this setup is that the built-in `GITHUB_TOKEN` [will not trigger another workflow][1], so we had to add a separate PAT with write permissions to our repos, which was a bit of a security concern. In order to avoid the need for this extra token, with its associated risks and administrative overheads (like rotating), this change combines our workflows into a single workflow. We tweak the `tag.sh` to `release.sh`, and it's now also in charge of publishing (since it knows when we've pushed a new tag). [1]: https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow --- .github/workflows/{test.yml => ci.yml} | 18 +++++++----------- .github/workflows/publish.yml | 24 ------------------------ tag.sh => release.sh | 2 ++ 3 files changed, 9 insertions(+), 35 deletions(-) rename .github/workflows/{test.yml => ci.yml} (51%) delete mode 100644 .github/workflows/publish.yml rename tag.sh => release.sh (94%) diff --git a/.github/workflows/test.yml b/.github/workflows/ci.yml similarity index 51% rename from .github/workflows/test.yml rename to .github/workflows/ci.yml index 557455c9..31d1fd1b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,4 @@ -name: Test +name: CI on: push: @@ -13,14 +13,10 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 with: - # Use PAT instead of default Github token, because the default - # token deliberately will not trigger another workflow run - token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} - - uses: actions/setup-node@v3 - with: - node-version: '18.x' + node-version: '20.x' registry-url: 'https://npm.pkg.github.com' - uses: pnpm/action-setup@v2 - name: Install @@ -31,6 +27,6 @@ jobs: run: pnpm build - name: Test run: pnpm test - - name: Tag - if: ${{ github.ref == 'refs/heads/main' }} - run: ./tag.sh + - name: Release + if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} + run: ./release.sh diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml deleted file mode 100644 index 0035b11e..00000000 --- a/.github/workflows/publish.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Publish - -on: - push: - tags: - - '*' - -jobs: - build: - runs-on: ubuntu-latest - timeout-minutes: 10 - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 - with: - node-version: '18.x' - registry-url: 'https://npm.pkg.github.com' - - uses: pnpm/action-setup@v2 - - name: Install - run: pnpm install - - name: Publish - run: cd packages/floating-vue && npm publish - env: - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/tag.sh b/release.sh similarity index 94% rename from tag.sh rename to release.sh index 97e23364..c2c98ce4 100755 --- a/tag.sh +++ b/release.sh @@ -24,3 +24,5 @@ git add --all packages/floating-vue/dist/ git commit --message "Release version $VERSION" git tag $VERSION git push origin refs/tags/$VERSION + +npm publish -w packages/floating-vue