chore(deps): replace dependency npm-run-all with npm-run-all2 ^5.0.0 #289

Workflow file for this run

	name: CI/CD
	on:
	push:

	env:
	FORCE_COLOR: 3

	# Cancel in-progress runs on new updates,
	# except for deployment runs which could
	# leave the app in an inconsistent state.
	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: ${{ github.ref_name != 'main' && github.ref_name != 'beta' }}

	jobs:
	ci:
	name: Integration
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- uses: pnpm/action-setup@v2
	with:
	version: 8

	- name: Set up Node.js
	uses: actions/setup-node@v3
	with:
	node-version: lts/*
	cache: pnpm

	- name: Turbo Cache
	id: turbo-cache
	uses: actions/cache@v3
	with:
	path: node_modules/.cache/turbo
	key: turbo-${{ github.sha }}

	- name: Install dependencies
	run: pnpm install

	- name: Install & setup mkcert
	run: \|
	sudo apt install libnss3-tools
	curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64"
	chmod +x mkcert-v*-linux-amd64
	sudo cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert
	echo "mkcert version: $(mkcert -version)"
	mkcert -install
	- name: Generate TLS certificates
	run: pnpm mkcert

	- name: Lint
	run: pnpm lint

	- name: Unit tests
	run: pnpm test

	- name: Type checking
	run: pnpm typecheck

	- name: Build (NPM)
	run: pnpm build:npm

	- name: Build (Docker)
	uses: docker/build-push-action@v4
	with:
	context: .
	file: packages/server/Dockerfile
	push: false

	- name: Build docs
	run: pnpm build:docs

	# ----------------------------------------------------------------------------

	cd-npm:
	name: Release (NPM)
	runs-on: ubuntu-latest
	needs: [ci]
	# todo: Enable main release channel once v1 is ready
	# if: ${{ github.ref_name == 'main' \|\| github.ref_name == 'beta' }}
	if: ${{ github.ref_name == 'beta' }}
	steps:
	- uses: actions/checkout@v3
	- uses: pnpm/action-setup@v2
	with:
	version: 7

	- name: Set up Node.js
	uses: actions/setup-node@v3
	with:
	node-version: lts/*
	cache: pnpm

	# Note: we do not use an external Turbo cache for publishing
	# to prevent against possible cache collision attacks.

	- name: Install dependencies
	run: pnpm install

	# NPM publish --

	- name: Build (NPM)
	run: pnpm build:npm

	- name: Publish (NPM)
	run: \|
	npx multi-semantic-release \
	--ignore-packages="config/,docs,examples/" \
	--deps.bump=satisfy
	env:
	SCEAU_PRIVATE_KEY: ${{ secrets.SCEAU_PRIVATE_KEY }}
	GITHUB_TOKEN: ${{ github.token }}
	NPM_TOKEN: ${{ secrets.SOCIALGROOVYBOT_NPM_TOKEN }}
	GIT_AUTHOR_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }}
	GIT_AUTHOR_EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}
	GIT_COMMITTER_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }}
	GIT_COMMITTER_EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}

	- name: Generate step summary
	run: \|
	if test -f GITHUB_STEP_SUMMARY_PACKAGES;
	then
	echo "## 📦  Published NPM packages" >> $GITHUB_STEP_SUMMARY;
	cat GITHUB_STEP_SUMMARY_PACKAGES >> $GITHUB_STEP_SUMMARY;
	fi
	if test -f GITHUB_STEP_SUMMARY_SERVER;
	then
	echo "## Server" >> $GITHUB_STEP_SUMMARY;
	cat GITHUB_STEP_SUMMARY_SERVER >> $GITHUB_STEP_SUMMARY;
	fi
	if ! test -f GITHUB_STEP_SUMMARY_SERVER && ! test -f GITHUB_STEP_SUMMARY_PACKAGES;
	then
	echo "No packages were published." >> $GITHUB_STEP_SUMMARY;
	fi

	# When the server package needs to be published,
	# the internal @socialgouv/e2esdk-semantic-release plugin
	# will store the new version number into the
	# `server-needs-publishing` file at the repo root.
	# We detect its presence and store the version
	# in a step output, which will determine whether
	# the Docker build+push step occurs or not.
	- name: Check if server needs publishing
	id: server-needs-publishing
	run: \|
	if test -f server-needs-publishing;
	then
	echo "version=$(cat server-needs-publishing)" >> $GITHUB_OUTPUT;
	fi

	outputs:
	server-version: ${{ steps.server-needs-publishing.outputs.version }}

	# ----------------------------------------------------------------------------

	cd-docker:
	name: Release (Docker)
	runs-on: ubuntu-latest
	needs: [cd-npm]
	if: ${{ needs.cd-npm.outputs.server-version }}
	steps:
	- name: Generate timestamp
	id: timestamp
	run: echo "timestamp=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_OUTPUT

	- uses: actions/checkout@v3
	- uses: pnpm/action-setup@v2
	with:
	version: 7

	- name: Set up Node.js
	uses: actions/setup-node@v3
	with:
	node-version: lts/*
	cache: pnpm

	# Note: we do not use an external Turbo cache for publishing
	# to prevent against possible cache collision attacks.

	- name: Install dependencies
	run: pnpm install

	- name: Build & sign server
	run: \|
	pnpm build:server
	cd packages/server
	pnpm version ${{ needs.cd-npm.outputs.server-version }} --no-commit-hooks --no-git-tag-version
	pnpm sign
	env:
	SCEAU_PRIVATE_KEY: ${{ secrets.SCEAU_PRIVATE_KEY }}

	- name: Collect Docker labels & tags
	id: docker-labels-tags
	run: \|
	echo 'labels<<__LABELS_EOF__' >> $GITHUB_OUTPUT
	echo "org.opencontainers.image.title=@socialgouv/e2esdk-server" >> $GITHUB_OUTPUT
	echo "org.opencontainers.image.description=End-to-end encryption server" >> $GITHUB_OUTPUT
	echo "org.opencontainers.image.version=${{ needs.cd-npm.outputs.server-version }}" >> $GITHUB_OUTPUT
	echo "org.opencontainers.image.revision=${{ github.sha }}" >> $GITHUB_OUTPUT
	echo "org.opencontainers.image.created=${{ steps.timestamp.outputs.timestamp }}" >> $GITHUB_OUTPUT
	echo "org.opencontainers.image.licenses=Apache-2.0" >> $GITHUB_OUTPUT
	echo "org.opencontainers.image.source=https//github.com/${{github.repository}}/tree/${{ github.sha }}" >> $GITHUB_OUTPUT
	echo "org.opencontainers.image.documentation=https://github.com/${{github.repository}}/blob/main/packages/server/README.md" >> $GITHUB_OUTPUT
	echo "org.opencontainers.image.url=https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}" >> $GITHUB_OUTPUT
	echo '__LABELS_EOF__' >> $GITHUB_OUTPUT
	echo 'tags<<__TAGS_EOF__' >> $GITHUB_OUTPUT
	echo "ghcr.io/socialgouv/e2esdk/server:${{ github.ref_name == 'main' && 'latest' \|\| 'beta' }}" >> $GITHUB_OUTPUT
	echo "ghcr.io/socialgouv/e2esdk/server:${{ needs.cd-npm.outputs.server-version }}" >> $GITHUB_OUTPUT
	echo "ghcr.io/socialgouv/e2esdk/server:git-${{ github.ref_name }}-${{ github.sha }}" >> $GITHUB_OUTPUT
	echo '__TAGS_EOF__' >> $GITHUB_OUTPUT

	- name: Docker registry authentication
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ github.token }}

	- name: Build & Publish (Docker)
	uses: docker/build-push-action@v4
	id: docker-build-push
	with:
	context: .
	file: packages/server/Dockerfile
	build-args: \|
	SCEAU_VERIFICATION_MODE=--strict
	labels: '${{ steps.docker-labels-tags.outputs.labels }}'
	tags: '${{ steps.docker-labels-tags.outputs.tags }}'
	push: true

	- name: Generate step summary
	run: \|
	echo "## 🐳  Docker image" >> $GITHUB_STEP_SUMMARY
	echo "Digest: \`${{ steps.docker-build-push.outputs.digest }}\`" >> $GITHUB_STEP_SUMMARY
	echo "### 📌  Tags" >> $GITHUB_STEP_SUMMARY
	echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
	echo "${{ steps.docker-labels-tags.outputs.tags }}" >> $GITHUB_STEP_SUMMARY
	echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
	echo "### 🏷  Labels" >> $GITHUB_STEP_SUMMARY
	echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
	echo "${{ steps.docker-labels-tags.outputs.labels }}" >> $GITHUB_STEP_SUMMARY
	echo "\`\`\`" >> $GITHUB_STEP_SUMMARY

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): replace dependency npm-run-all with npm-run-all2 ^5.0.0 #289

Workflow file

chore(deps): replace dependency npm-run-all with npm-run-all2 ^5.0.0 #289

Jobs

Run details

Workflow file for this run