135 lines
4.0 KiB
YAML
135 lines
4.0 KiB
YAML
name: Release NPM packages
|
|
run-name: Publish NPM ${{ inputs.version_type }} ${{ inputs.version }}
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
grafana_commit:
|
|
description: 'Grafana commit SHA to build against'
|
|
required: true
|
|
type: string
|
|
version:
|
|
description: 'Version to publish as'
|
|
required: true
|
|
type: string
|
|
build_id:
|
|
description: 'Run ID from the original release-build workflow'
|
|
required: true
|
|
type: string
|
|
version_type:
|
|
description: 'Version type (canary, nightly, stable)'
|
|
required: true
|
|
type: string
|
|
|
|
workflow_dispatch:
|
|
inputs:
|
|
grafana_commit:
|
|
description: 'Grafana commit SHA to build against'
|
|
required: true
|
|
version:
|
|
description: 'Version to publish as'
|
|
required: true
|
|
build_id:
|
|
description: 'Run ID from the original release-build workflow'
|
|
required: true
|
|
version_type:
|
|
description: 'Version type (canary, nightly, stable)'
|
|
required: true
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
# If called with version_type 'canary' or 'stable', build + publish to NPM
|
|
# If called with version_type 'nightly', do nothing (we're not yet tagging them with the nightly tag)
|
|
|
|
publish:
|
|
name: Publish NPM packages
|
|
runs-on: github-hosted-ubuntu-x64-small
|
|
if: inputs.version_type == 'canary' || inputs.version_type == 'stable'
|
|
# Required for this workflow to have permission to publish NPM packages
|
|
environment: npm-publish
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
steps:
|
|
- name: Info
|
|
env:
|
|
GITHUB_REF: ${{ github.ref }}
|
|
GRAFANA_COMMIT: ${{ inputs.grafana_commit }}
|
|
run: |
|
|
echo "GRAFANA_COMMIT: $GRAFANA_COMMIT"
|
|
echo "github.ref: $GITHUB_REF"
|
|
|
|
- name: Checkout workflow ref
|
|
uses: actions/checkout@v4
|
|
with:
|
|
persist-credentials: false
|
|
fetch-depth: 100
|
|
fetch-tags: false
|
|
|
|
# this will fail with "{commit} is not a valid commit" if the commit is valid but
|
|
# not in the last 100 commits.
|
|
- name: Verify commit is in workflow HEAD
|
|
env:
|
|
GIT_COMMIT: ${{ inputs.grafana_commit }}
|
|
run: ./.github/workflows/scripts/validate-commit-in-head.sh
|
|
shell: bash
|
|
|
|
- name: Map version type to NPM tag
|
|
id: npm-tag
|
|
env:
|
|
VERSION: ${{ inputs.version }}
|
|
VERSION_TYPE: ${{ inputs.version_type }}
|
|
REFERENCE_PKG: "@grafana/runtime"
|
|
run: |
|
|
TAG=$(./.github/workflows/scripts/determine-npm-tag.sh)
|
|
echo "NPM_TAG=$TAG" >> "$GITHUB_OUTPUT"
|
|
shell: bash
|
|
|
|
- name: Checkout build commit
|
|
uses: actions/checkout@v4
|
|
with:
|
|
persist-credentials: false
|
|
ref: ${{ inputs.grafana_commit }}
|
|
|
|
- name: Setup Node
|
|
uses: ./.github/actions/setup-node
|
|
|
|
# Trusted Publishing is only available in npm v11.5.1 and later
|
|
- name: Update npm
|
|
run: npm install -g npm@^11.5.1
|
|
|
|
- name: Install dependencies
|
|
run: yarn install --immutable
|
|
|
|
- name: Typecheck packages
|
|
run: yarn run packages:typecheck
|
|
|
|
- name: Version, build, and pack packages
|
|
env:
|
|
VERSION: ${{ inputs.version }}
|
|
run: |
|
|
yarn run packages:build
|
|
yarn lerna version "$VERSION" \
|
|
--exact \
|
|
--no-git-tag-version \
|
|
--no-push \
|
|
--force-publish \
|
|
--yes
|
|
yarn run packages:pack
|
|
|
|
- name: Debug packed files
|
|
run: tree -a ./npm-artifacts
|
|
|
|
- name: Validate packages
|
|
run: ./scripts/validate-npm-packages.sh
|
|
|
|
- name: Debug OIDC Claims
|
|
uses: github/actions-oidc-debugger@2e9ba5d3f4bebaad1f91a2cede055115738b7ae8
|
|
with:
|
|
audience: '${{ github.server_url }}/${{ github.repository_owner }}'
|
|
|
|
- name: Publish packages
|
|
env:
|
|
NPM_TAG: ${{ steps.npm-tag.outputs.NPM_TAG }}
|
|
run: ./scripts/publish-npm-packages.sh --dist-tag "$NPM_TAG" --registry 'https://registry.npmjs.org/'
|