forked from graphql/graphql-js
-
Notifications
You must be signed in to change notification settings - Fork 0
119 lines (101 loc) · 3.89 KB
/
cmd-publish-pr-on-npm.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
name: publish-pr-on-npm
on:
workflow_call:
inputs:
pull_request_json:
description: String that contain JSON payload for `pull_request` event.
required: true
type: string
secrets:
npm_canary_pr_publish_token:
description: NPM token to publish canary release.
required: true
permissions: {}
jobs:
build-npm-dist:
runs-on: ubuntu-latest
permissions:
contents: read # for actions/checkout
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
persist-credentials: false
ref: ${{ fromJSON(inputs.pull_request_json).merge_commit_sha }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: npm
node-version-file: '.node-version'
- name: Install Dependencies
run: npm ci --ignore-scripts
- name: Build NPM package
run: npm run build:npm
- name: Upload npmDist package
uses: actions/upload-artifact@v4
with:
name: npmDist
path: ./npmDist
publish-canary:
runs-on: ubuntu-latest
name: Publish Canary
environment: canary-pr-npm
needs: [build-npm-dist]
permissions:
contents: read # for actions/checkout
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: npm
node-version-file: '.node-version'
# 'registry-url' is required for 'npm publish'
registry-url: 'https://registry.npmjs.org'
- uses: actions/download-artifact@v4
with:
name: npmDist
path: npmDist
- name: Modify NPM package to be canary release
env:
PULL_REQUEST_JSON: ${{ inputs.pull_request_json }}
uses: actions/github-script@v7
with:
script: |
const fs = require('node:fs');
const assert = require('node:assert');
const pull_request = JSON.parse(process.env.PULL_REQUEST_JSON);
const packageJSONPath = './npmDist/package.json';
const packageJSON = JSON.parse(fs.readFileSync(packageJSONPath, 'utf-8'));
// Override entire 'publishConfig' since it can contain untrusted data.
packageJSON.publishConfig = { tag: `canary-pr-${pull_request.number}` };
assert(!packageJSON.version.includes('+'), 'Can not append after metadata');
packageJSON.version += packageJSON.version.includes('-') ? '.' : '-';
packageJSON.version += `canary.pr.${pull_request.number}.${pull_request.merge_commit_sha}`;
packageJSON.deprecated =
`You are using canary version build from ${pull_request.html_url}, no gurantees provided so please use your own discretion.`;
assert(
packageJSON.scripts == null,
'No scripts allowed for security reasons!',
);
fs.writeFileSync(packageJSONPath, JSON.stringify(packageJSON, null, 2));
const replyMessage = `
The latest changes of this PR are available on NPM as
[graphql@${packageJSON.version}](https://www.npmjs.com/package/graphql/v/${packageJSON.version})
**Note: no gurantees provided so please use your own discretion.**
Also you can depend on latest version built from this PR:
\`npm install --save graphql@${packageJSON.publishConfig.tag}\`
`;
fs.writeFileSync('./replyMessage.txt', replyMessage.trim());
- name: Publish NPM package
run: npm publish --ignore-scripts ./npmDist
env:
NODE_AUTH_TOKEN: ${{ secrets.npm_canary_pr_publish_token }}
- name: Upload replyMessage
uses: actions/upload-artifact@v4
with:
name: replyMessage
path: ./replyMessage.txt