dot/.github/workflows/release.yml at master · shellscape/dot · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
name: Release Packages

on:
  push:
    branches:
      - master

permissions:
  contents: read

jobs:
  publish:
    if: |
      !startsWith(github.event.head_commit.message, 'chore(release):') &&
      !startsWith(github.event.head_commit.message, 'chore(repo):')

    runs-on: ubuntu-latest

    name: release

    permissions:
      contents: write
      id-token: write

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          fetch-tags: true

      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          node-version: 20

      - name: Install PNPM
        uses: pnpm/action-setup@v4

      - name: Sanity Check
        run: |
          echo branch `git branch --show-current`;
          echo node `node -v`;
          echo pnpm `pnpm -v`

      - name: Set Git Config
        run: |
          git config pull.rebase false
          git config --global user.email "release-workflow@shellscape.org"
          git config --global user.name "Release Workflow"
          git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}

      - name: pnpm install
        run: pnpm install --frozen-lockfile

      - name: Build All Packages
        run: pnpm -r build

      - name: Install Workspace Deps
        run: pnpm install

      - name: Lint Repo
        run: pnpm lint

      - name: Run Tests
        # we're running into some test timeouts for many package updates at once
        # this should keep the process memory usage reasonable
        run: pnpm --filter [HEAD^] --workspace-concurrency=1 test
        env:
          # Note: this satisfies aws sdk for @dot/config tests
          AWS_REGION: 'us-east-1'

      - name: OIDC Preflight
        shell: bash
        run: |
          if [ -z "${ACTIONS_ID_TOKEN_REQUEST_URL:-}" ] || [ -z "${ACTIONS_ID_TOKEN_REQUEST_TOKEN:-}" ]; then
            echo "Missing GitHub Actions OIDC env vars (ACTIONS_ID_TOKEN_REQUEST_URL/TOKEN)." >&2
            echo "Ensure the job requests permissions: id-token: write." >&2
            exit 1
          fi

          echo "OIDC env vars detected."

      - name: Release and Publish Changed Packages
        run: pnpm --filter [HEAD^] --workspace-concurrency=1 release