fix: Forbid usage of instanceof ArrayBuffer (#7653) #2555
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
branches: | |
- main | |
- v[0-9]* | |
jobs: | |
release: | |
runs-on: ubuntu-latest | |
outputs: | |
release_created: ${{ steps.release.outputs.release_created }} | |
tag_name: ${{ steps.release.outputs.tag_name }} | |
patch: ${{ steps.release.outputs.patch }} | |
steps: | |
# Create/update release PR | |
- uses: google-github-actions/release-please-action@v4 | |
id: release | |
with: | |
# Make sure we create the PR against the correct branch. | |
target-branch: ${{ github.ref_name }} | |
# Use a special shaka-bot access token for releases. | |
token: ${{ secrets.RELEASE_PLEASE_TOKEN }} | |
# See also settings in these files: | |
manifest-file: .release-please-manifest.json | |
config-file: .release-please-config.json | |
# The jobs below are all conditional on a release having been created by | |
# someone merging the release PR. They all run in parallel. | |
tag-main: | |
runs-on: ubuntu-latest | |
needs: release | |
if: needs.release.outputs.release_created && needs.release.outputs.patch != '0' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Check out the origin repo, and do it at main, not the PR branch. | |
ref: main | |
# Use a special shaka-bot access token for releases. | |
token: ${{ secrets.RELEASE_PLEASE_TOKEN }} | |
- name: Tag the main branch | |
run: | | |
# Set missing git config for the tag. | |
git config user.name "shaka-bot" | |
git config user.email "[email protected]" | |
# Tag the main branch. | |
VERSION=${{ needs.release.outputs.tag_name }} | |
git tag -m "$VERSION-main" "$VERSION-main" | |
git push origin "$VERSION-main" | |
npm: | |
runs-on: ubuntu-latest | |
needs: release | |
if: needs.release.outputs.release_created | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: refs/tags/${{ needs.release.outputs.tag_name }} | |
fetch-depth: 0 | |
persist-credentials: false | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 16 | |
registry-url: 'https://registry.npmjs.org' | |
- name: Compute NPM tags | |
run: | | |
# NPM publish always sets a tag. If you don't provide an explicit | |
# tag, you get the "latest" tag by default, but we want "latest" to | |
# always point to the highest version number. So we set an explicit | |
# tag on every "publish" command, then follow up with a command to | |
# set "latest" only if this release was the highest version yet. | |
# The explicit tag is based on the branch. If the git tag is v4.4.1, | |
# the branch was v4.4.x, and the explicit NPM tag should be | |
# v4.4-latest. | |
GIT_TAG_NAME=${{ needs.release.outputs.tag_name }} | |
NPM_TAG=$(echo "$GIT_TAG_NAME" | cut -f 1-2 -d .)-latest | |
echo "NPM_TAG=$NPM_TAG" >> $GITHUB_ENV | |
# We only tag the NPM package as "latest" if this release is the | |
# highest version to date. | |
RELEASE_TAGS=$(git tag | grep ^v[0-9] | grep -Ev -- '-(master|main)') | |
LATEST_RELEASE=$(echo "$RELEASE_TAGS" | sort --version-sort | tail -1) | |
if [[ "$GIT_TAG_NAME" == "$LATEST_RELEASE" ]]; then | |
NPM_LATEST=true | |
else | |
NPM_LATEST=false | |
fi | |
echo NPM_LATEST=$NPM_LATEST >> $GITHUB_ENV | |
# Debug the decisions made here. | |
echo "Latest release: $LATEST_RELEASE" | |
echo "This release: $GIT_TAG_NAME" | |
echo "NPM tag: $NPM_TAG" | |
echo "NPM latest: $NPM_LATEST" | |
- run: npm ci | |
- name: Publish | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
run: | | |
# Publish with an explicit tag. | |
npm publish --tag "$NPM_TAG" | |
# Add the "latest" tag if needed. | |
if [[ "$NPM_LATEST" == "true" ]]; then | |
NPM_VERSION=$(npm version --json | jq -r '."shaka-player"') | |
npm dist-tag add "shaka-player@$NPM_VERSION" latest | |
fi | |
- run: npm pack | |
- name: Attach to release | |
env: | |
GITHUB_TOKEN: ${{ secrets.RELEASE_PLEASE_TOKEN }} | |
run: | | |
gh release upload \ | |
${{ needs.release.outputs.tag_name }} shaka-player-*.tgz \ | |
--clobber | |
appspot: | |
runs-on: ubuntu-latest | |
needs: release | |
if: needs.release.outputs.release_created | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: refs/tags/${{ needs.release.outputs.tag_name }} | |
fetch-depth: 0 | |
persist-credentials: false | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 16 | |
registry-url: 'https://registry.npmjs.org' | |
- name: Compute appspot subdomain and promotion | |
run: | | |
# This is the same as the version tag, but with dots replaced by | |
# dashes. For example, v3.2.2 would have the subdomain v3-2-2. | |
APPSPOT_SUBDOMAIN=$( echo ${{ needs.release.outputs.tag_name }} | sed -e 's/\./-/g' ) | |
echo APPSPOT_SUBDOMAIN=$APPSPOT_SUBDOMAIN >> $GITHUB_ENV | |
# "Promoting" an appspot deployment makes it the default which shows | |
# up on shaka-player-demo.appspot.com (no subdomain). This should be | |
# done for the latest release version from the latest release branch. | |
RELEASE_TAGS=$(git tag | grep ^v[0-9] | grep -Ev -- '-(master|main)') | |
LATEST_RELEASE=$(echo "$RELEASE_TAGS" | sort --version-sort | tail -1) | |
TAG_NAME=${{ needs.release.outputs.tag_name }} | |
if [[ "$TAG_NAME" == "$LATEST_RELEASE" ]]; then | |
APPSPOT_PROMOTE=true | |
else | |
APPSPOT_PROMOTE=false | |
fi | |
echo APPSPOT_PROMOTE=$APPSPOT_PROMOTE >> $GITHUB_ENV | |
# Debug the decisions made here. | |
echo "Subdomain: $APPSPOT_SUBDOMAIN" | |
echo "Latest release: $LATEST_RELEASE" | |
echo "This release: $TAG_NAME" | |
echo "Promote: $APPSPOT_PROMOTE" | |
- uses: ./.github/workflows/custom-actions/prep-for-appspot | |
- uses: google-github-actions/auth@v2 | |
with: | |
credentials_json: '${{ secrets.APPENGINE_DEPLOY_KEY }}' | |
- uses: google-github-actions/deploy-appengine@v2 | |
with: | |
project_id: shaka-player-demo | |
version: ${{ env.APPSPOT_SUBDOMAIN }} | |
promote: ${{ env.APPSPOT_PROMOTE }} | |
auto-branch: | |
runs-on: ubuntu-latest | |
needs: release | |
if: needs.release.outputs.release_created && needs.release.outputs.patch == '0' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: refs/tags/${{ needs.release.outputs.tag_name }} | |
fetch-depth: 0 | |
# Use a special shaka-bot access token for releases. | |
token: ${{ secrets.RELEASE_PLEASE_TOKEN }} | |
- name: Create release branch | |
run: | | |
TAG=${{ needs.release.outputs.tag_name }} | |
BRANCH=$(echo "$TAG" | sed -e 's/\.0$/.x/') | |
git push origin refs/tags/"$TAG"^{commit}:refs/heads/"$BRANCH" |