diff --git a/.github/actions/setup-publish/action.yml b/.github/actions/setup-publish/action.yml index fa15024c..3f96b10b 100644 --- a/.github/actions/setup-publish/action.yml +++ b/.github/actions/setup-publish/action.yml @@ -1,6 +1,11 @@ name: Setup publish description: Setup steps for publishing packages +inputs: + CODECOV_TOKEN: + description: 'Codecov token for uploading coverage reports' + required: true + runs: using: 'composite' steps: @@ -11,26 +16,28 @@ runs: - name: Install Node.js uses: actions/setup-node@v4 - id: cache with: - node-version: '.node-version' + node-version-file: '.node-version' cache: 'pnpm' # package manager for caching registry-url: 'https://registry.npmjs.org' # Update npm to latest for provenance - name: Update npm run: npm install -g npm@latest + shell: bash - name: Install dependencies from lockfile run: pnpm install --frozen-lockfile + shell: bash # Allocate nx tasks across multiple machines/agents in the cloud # The "--stop-agents-after" is optional, but allows idle agents to shut down once the "e2e-ci" targets have been requested # https://nx.dev/docs/features/ci-features/distribute-task-execution - name: Enable distribution of nx tasks to cloud agents run: pnpm dlx nx-cloud start-ci-run --distribute-on="5 linux-medium-js" --stop-agents-after="e2e-ci" --with-env-vars="CODECOV_TOKEN" + shell: bash env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + CODECOV_TOKEN: ${{ inputs.CODECOV_TOKEN }} # https://github.com/microsoft/playwright/issues/7249#issuecomment-1256878540 - name: Cache Playwright browsers @@ -43,6 +50,7 @@ runs: - name: Install Playwright browsers run: pnpm exec playwright install + shell: bash - name: Derive SHAs for `nx affected` uses: nrwl/nx-set-shas@v4 @@ -51,6 +59,7 @@ runs: - name: Run build, lint, test, and e2e for projects changed run: pnpm exec nx affected -t build lint test e2e-ci --agents + shell: bash - name: Save Playwright test results uses: actions/upload-artifact@v4 @@ -58,9 +67,11 @@ runs: with: name: playwright-report path: | + ./**/.playwright/** ./dist/.playwright/** ./dist/** retention-days: 30 - name: Ensure builds for all packages before publishing run: pnpm exec nx run-many -t build --no-agents # --no-agents to run in CI without distributing to agents + shell: bash diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index aea9b908..39939e4a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -27,6 +27,10 @@ on: env: NX_CLOUD_ENCRYPTION_KEY: ${{ secrets.NX_CLOUD_ENCRYPTION_KEY }} NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_URL_BETA: ${{ secrets.SLACK_WEBHOOK_URL_BETA }} HUSKY: 0 CI: true @@ -42,6 +46,10 @@ jobs: id-token: write # OIDC for provenance if npm publish happens here runs-on: ubuntu-latest steps: + - name: Branch name + run: | + echo "Checking out branch: ${{ github.ref_name }}" + - name: Checkout repository uses: actions/checkout@v4 with: @@ -49,6 +57,8 @@ jobs: - name: Setup publish uses: ./.github/actions/setup-publish + with: + CODECOV_TOKEN: ${{ env.CODECOV_TOKEN }} # This action creates a release pull request with all of # the package versions and changelogs updated. When there @@ -67,9 +77,8 @@ jobs: setupGitUser: true env: HOME: ${{ github.workspace }} # See https://github.com/changesets/action/issues/147 - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }} NPM_CONFIG_PROVENANCE: 'true' - NPM_TOKEN: ${{ secrets.NPM_ACCESS_TOKEN }} - name: Publish previews to Stackblitz on PR if: steps.changesets.outputs.published == 'false' @@ -88,23 +97,23 @@ jobs: git rebase master git push -f env: - GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }} - name: Send GitHub Action data to a Slack workflow if: steps.changesets.outputs.published == 'true' uses: slackapi/slack-github-action@v2.1.1 with: payload-delimiter: '_' - webhook: ${{ secrets.SLACK_WEBHOOK_URL }} + webhook: ${{ env.SLACK_WEBHOOK_URL }} webhook-type: webhook-trigger payload: | - text: ${{ steps.changesets.outputs.publishedPackages }} + publishedPackages: steps.changesets.outputs.publishedPackages - name: Run code coverage uses: codecov/codecov-action@v5 with: files: ./packages/**/coverage/*.xml - token: ${{ secrets.CODECOV_TOKEN }} + token: ${{ env.CODECOV_TOKEN }} snapshot: # On manual trigger of GH action, publish a snapshot release to npm @@ -115,6 +124,10 @@ jobs: id-token: write # OIDC for provenance when npm publish happens runs-on: ubuntu-latest steps: + - name: Branch name + run: | + echo "Checking out branch: ${{ github.ref_name }}" + # Checkout the branch selected when triggering the workflow - name: Checkout repository uses: actions/checkout@v4 @@ -123,21 +136,25 @@ jobs: - name: Setup publish uses: ./.github/actions/setup-publish + with: + CODECOV_TOKEN: ${{ env.CODECOV_TOKEN }} - name: Version packages for snapshot run: pnpm changeset version --snapshot ${{ inputs.snapshot_tag }} env: - GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }} - name: Publish packages snapshot with npm_tag + id: npmpublish run: pnpm publish -r --tag ${{ inputs.npm_tag }} --no-git-checks --access ${{ inputs.npm_access }} - name: Send GitHub Action data to a Slack workflow - if: steps.changesets.outputs.published == 'true' + if: steps.npmpublish.outcome == 'success' uses: slackapi/slack-github-action@v2.1.1 with: payload-delimiter: '_' - webhook: ${{ secrets.SLACK_WEBHOOK_URL }} + webhook: ${{ env.SLACK_WEBHOOK_URL_BETA }} webhook-type: webhook-trigger payload: | - text: ${{ steps.changesets.outputs.publishedPackages }} + npmTag: "${{ inputs.npm_tag }}" + publishedPackages: ""