feat: automagic version & publish when go-ipfs released

[olizilla]

The motivation here is to remove any friction around testing out new and upcoming go-ipfs releases against our js based apps, to catch an compatibility issues as soon as possible. The other side of this effort is #34 which will let projects manually override the go-ipfs version to use. If we automated the publishing of this module so that all releases and release-candidates of go-ipfs have an equivalent version of go-ipfs-dep on npm, the we could drop the manual override feature, and just tell folks us the dependancy version number.

This is a proof of concept to show that we can automate the process of keeping this module up to date with go-ipfs.

• It pulls the lates go-ipfs release version from https://dist.ipfs.io/go-ipfs/versions and compares it to the local package.version every hour (configurable)
• when dist.ipfs.io updates with a new release it installs the deps, runs the tests, as a sanity check
• It'll then run npm version $LATEST using the new release number from go-ipfs to keep them in sync, and then npm publish.
• It needs a github token (provided by the action) to commit the version incrment in package.json back to the repo
• needs an npm token to publish with, and the account that it comes from can have 2fa enabled but not only on login, not on publish.

of note, in it's current form this will publish whatever version go-ipfs publish, including release candidates. I'm all in favour or publishing release candidates here though.

also of note, it could be collapsed into a single github action, but it's kinda nice to see green checks in the github UI for each step:

• check for new version
• build
• test
• version & publish

fixes #32

[olizilla]

Sensible next steps

• create an npm deploy account with acess to just this project, and create an auth token
• test that the version we find from dist is valid semver, bail if not
• detect rc releases and other semver prerelease labels, and publish to npm with next as the dist tag

[olizilla]

Oooh the robot just did it's first release!

https://www.npmjs.com/package/@olizilla/go-ipfs-dep

I am so proud 🤖✨

[daviddias]

@olizilla awesome work! 👏🏽👏🏽👏🏽

[Stebalien]

👍 ❌ 💯

detect rc releases and other semver prerelease labels, and publish to npm with next as the dist tag

I'd do this before merging. RCs frequently contain pretty nasty bugs.

[olizilla]

Agreed! and DONE!

It'll publish pre-releases (any semver string with a - in) under go-ipfs-dep@next while stable releases are published under go-ipfs-dep@latest, so running npm install go-ipfs-dep will always get you a stable release.

[olizilla]

Ok this now has

• strict semver checking - to ensure that the value we scrape from dist.ipfs.io is a real semver string
• Set the npm dist tag to next where the new semver string contains a - and denotes a pre-release.

Only thing we need now is to

• create an npm deploy account,
• add that user to the list of users who can publish to this module
• create an npm auth token and add it to the publish action in the workflow that this PR adds.

@daviddias do we have an npm release bot already? or should I create one?

[daviddias]

@daviddias do we have an npm release bot already? or should I create one?

AFAIK, we never had one nor there was ever work towards it, so please be my guest :) Thank you!