-
Notifications
You must be signed in to change notification settings - Fork 85
78 lines (69 loc) · 3.14 KB
/
Copy pathrelease.yml
File metadata and controls
78 lines (69 loc) · 3.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
name: Publish SDK to NPM and GitHub Package Registry
on:
release:
types: [published, edited]
workflow_dispatch: {}
jobs:
publish:
name: Publish to NPM and GitHub Package Registry
runs-on: ubuntu-latest
if: ${{ github.event_name == 'workflow_dispatch' || !github.event.release.draft }}
permissions:
contents: read
packages: write
steps:
- name: Checkout branch
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: 18
registry-url: "https://registry.npmjs.org/"
always-auth: "true"
# Add auth for the GitHub Package Registry publish. npm expands
# ${NODE_AUTH_TOKEN} at runtime per-step, so each publish step uses the
# right token for its registry. We do NOT route the @optimizely scope to
# GHR, so `npm ci` still resolves dependencies from npm; publish.sh passes
# --registry explicitly to target GHR.
- name: Configure GitHub Package Registry auth
run: echo "//npm.pkg.github.com/:_authToken=\${NODE_AUTH_TOKEN}" >> ~/.npmrc
# Deps only. --ignore-scripts stops `prepare` from building here; we build
# exactly once in the pack step below.
- name: Install dependencies
run: npm ci --ignore-scripts
# Test, build, and pack a single tarball. Both registries publish this
# same artifact, so npm and GHR receive byte-identical bytes and the test
# suite runs only once. --ignore-scripts on pack avoids a rebuild.
- id: pack
name: Test, build, and pack
run: |
npm test
npm run build
tarball=$(npm pack --ignore-scripts | tail -n1)
echo "tarball=$tarball" >> "$GITHUB_OUTPUT"
# publish.sh derives name/version from the tarball and computes the
# dist-tag itself: `latest` only when strictly newer than the registry's
# current latest, otherwise v<major>-last-published; beta/alpha/rc for
# pre-releases. npm publishes first; if it fails the job stops before GHR,
# keeping the registries in sync.
- id: release
name: Publish to NPM
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
TARBALL: ${{ steps.pack.outputs.tarball }}
DRY_RUN: ${{ github.event_name == 'workflow_dispatch' }}
run: scripts/publish.sh "https://registry.npmjs.org" "$TARBALL"
- name: Publish to GitHub Package Registry
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TARBALL: ${{ steps.pack.outputs.tarball }}
DRY_RUN: ${{ github.event_name == 'workflow_dispatch' }}
run: scripts/publish.sh "https://npm.pkg.github.com" "$TARBALL"
# - name: Report results to Jellyfish
# uses: optimizely/jellyfish-deployment-reporter-action@main
# if: ${{ always() && github.event_name == 'release' && (steps.release.outcome == 'success' || steps.release.outcome == 'failure') }}
# with:
# jellyfish_api_token: ${{ secrets.JELLYFISH_API_TOKEN }}
# is_successful: ${{ steps.release.outcome == 'success' }}