* Configure build jobs to cancel previous builds when new changes
are pushed to a pull request branch, and serialize builds when
running in a branch from a push event
* Reduce privileges of GitHub token for scripts workflow
* feat: refactor npm workflows to use download-artifact
This refactors the npm workflows to use the download-artifact GitHub Action. We
had problems in the past with our download_artifact custom bash function. This
also fixes an issue where we weren't downloading the correct artifacts when
publishing beta and dev tags to npm.
* fixup: remove unused env var
* fixup! add download-artifcat to npm-brew"
* fixup! remove unnecessary code comment
* fixup! move NPM_ENVIRONMENT logic to script
This extracst the publish on npm workflow from ci.yaml and adds a new workflow
called `npm-beta.yaml`.
Now we have three workflows that publish to npm.
- `npm-beta.yaml` only runs on pushes and merges into `main`
- `npm-dev.yaml` only runs on PRs into `main` with approval from
code-server-reviewers team
- `npm-brew.yaml` only runs on releases
This should fix problems we had previously where anyone could open a PR and
publish under the code-server namespace. It also separates out the workflows
based on environment and when they should run.
* feat: add logic to publish beta/dev npm
This adds new log to publish the npm package both while working on PRs and when
PRs are merged into main, allowing us to easily test changes in a
production-like setting.
Co-authored-by: Asher <ash@coder.com>