refactor(ci): clean up npm workflows (#4786)
This extracst the publish on npm workflow from ci.yaml and adds a new workflow called `npm-beta.yaml`. Now we have three workflows that publish to npm. - `npm-beta.yaml` only runs on pushes and merges into `main` - `npm-dev.yaml` only runs on PRs into `main` with approval from code-server-reviewers team - `npm-brew.yaml` only runs on releases This should fix problems we had previously where anyone could open a PR and publish under the code-server namespace. It also separates out the workflows based on environment and when they should run.
This commit is contained in:
parent
48bbbd6c37
commit
9954a88d3a
9
.github/workflows/ci.yaml
vendored
9
.github/workflows/ci.yaml
vendored
@ -177,15 +177,6 @@ jobs:
|
|||||||
name: npm-package
|
name: npm-package
|
||||||
path: ./package.tar.gz
|
path: ./package.tar.gz
|
||||||
|
|
||||||
- name: Publish npm package with PR number and commit SHA
|
|
||||||
run: yarn publish:npm
|
|
||||||
env:
|
|
||||||
ENVIRONMENT: "development"
|
|
||||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
||||||
NPM_TAG: ${{ github.event.number }}
|
|
||||||
PR_NUMBER_AND_COMMIT_SHA: ${{ github.event.number }}-${{ github.event.pull_request.head.sha }}
|
|
||||||
|
|
||||||
# TODO: cache building yarn --production
|
# TODO: cache building yarn --production
|
||||||
# possibly 2m30s of savings(?)
|
# possibly 2m30s of savings(?)
|
||||||
# this requires refactoring our release scripts
|
# this requires refactoring our release scripts
|
||||||
|
29
.github/workflows/npm-beta.yaml
vendored
Normal file
29
.github/workflows/npm-beta.yaml
vendored
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
name: Publish on npm and tag with "beta"
|
||||||
|
|
||||||
|
on:
|
||||||
|
# Shows the manual trigger in GitHub UI
|
||||||
|
# helpful as a back-up in case the GitHub Actions Workflow fails
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
# NOTE: this job requires curl, jq and yarn
|
||||||
|
# All of them are included in ubuntu-latest.
|
||||||
|
npm:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
|
- name: Publish npm package and tag "beta"
|
||||||
|
run: yarn publish:npm
|
||||||
|
env:
|
||||||
|
ENVIRONMENT: "staging"
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
||||||
|
NPM_TAG: "beta"
|
||||||
|
# Since this only runs on a merge into main, we can't use github.event.number
|
||||||
|
# so we instead use the word "beta" and the PR merge commit SHA
|
||||||
|
PR_NUMBER_AND_COMMIT_SHA: beta-${{ github.sha }}
|
2
.github/workflows/npm-brew.yaml
vendored
2
.github/workflows/npm-brew.yaml
vendored
@ -16,7 +16,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: Publish npm package with PR number and commit SHA
|
- name: Publish npm package and tag with "latest"
|
||||||
run: yarn publish:npm
|
run: yarn publish:npm
|
||||||
env:
|
env:
|
||||||
ENVIRONMENT: "production"
|
ENVIRONMENT: "production"
|
||||||
|
15
.github/workflows/npm-dev.yaml
vendored
15
.github/workflows/npm-dev.yaml
vendored
@ -1,11 +1,11 @@
|
|||||||
name: Publish on npm and tag with "beta"
|
name: Publish on npm and tag with PR number
|
||||||
|
|
||||||
on:
|
on:
|
||||||
# Shows the manual trigger in GitHub UI
|
# Shows the manual trigger in GitHub UI
|
||||||
# helpful as a back-up in case the GitHub Actions Workflow fails
|
# helpful as a back-up in case the GitHub Actions Workflow fails
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
push:
|
pull_request:
|
||||||
branches:
|
branches:
|
||||||
- main
|
- main
|
||||||
|
|
||||||
@ -13,6 +13,9 @@ jobs:
|
|||||||
# NOTE: this job requires curl, jq and yarn
|
# NOTE: this job requires curl, jq and yarn
|
||||||
# All of them are included in ubuntu-latest.
|
# All of them are included in ubuntu-latest.
|
||||||
npm:
|
npm:
|
||||||
|
# This environment "npm" requires someone from
|
||||||
|
# coder/code-server-reviewers to approve the PR before this job runs.
|
||||||
|
environment: npm
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
@ -20,10 +23,8 @@ jobs:
|
|||||||
- name: Run ./ci/steps/publish-npm.sh
|
- name: Run ./ci/steps/publish-npm.sh
|
||||||
run: yarn publish:npm
|
run: yarn publish:npm
|
||||||
env:
|
env:
|
||||||
ENVIRONMENT: "staging"
|
ENVIRONMENT: "development"
|
||||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
||||||
NPM_TAG: "beta"
|
NPM_TAG: ${{ github.event.number }}
|
||||||
# Since this only runs on a merge into main, we can't use github.event.number
|
PR_NUMBER_AND_COMMIT_SHA: ${{ github.event.number }}-${{ github.event.pull_request.head.sha }}
|
||||||
# so we instead use the word "beta" and the PR merge commit SHA
|
|
||||||
PR_NUMBER_AND_COMMIT_SHA: beta-${{ github.sha }}
|
|
||||||
|
Reference in New Issue
Block a user