From 253959c6919eb485e8115186fa248351a8f495c7 Mon Sep 17 00:00:00 2001 From: ymc9 <104139426+ymc9@users.noreply.github.com> Date: Tue, 20 Feb 2024 19:37:47 -0800 Subject: [PATCH] chore: try out release flow --- .github/workflows/codeql.yml | 122 ++++++++++----------- .github/workflows/management-changelog.yml | 110 +++++++++---------- package.json | 3 +- 3 files changed, 114 insertions(+), 121 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0a2173708..2452a7ca3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,77 +1,75 @@ - name: Security - CodeQL on: - merge_group: - push: - branches: - - main - - dev - - release/* - - v2 - pull_request: - branches: - - main - - dev - - release/* - - v2 - schedule: - - cron: "0 0 * * 1" + merge_group: + push: + branches: + - main + - dev + - release/* + - v2 + pull_request: + branches: + - main + - dev + - release/* + - v2 + schedule: + - cron: '0 0 * * 1' permissions: - contents: read - + contents: read jobs: - analyze: - permissions: - actions: read - contents: read - security-events: write - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - language: ["javascript", "typescript"] - # CodeQL supports [ $supported-codeql-languages ] - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + analyze: + permissions: + actions: read + contents: read + security-events: write + name: Analyze + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + language: ['javascript', 'typescript'] + # CodeQL supports [ $supported-codeql-languages ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - steps: - - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 - with: - egress-policy: audit + steps: + - name: Harden Runner + uses: step-security/harden-runner@v2.6.1 + with: + egress-policy: audit - - name: Checkout repository - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - name: Checkout repository + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2.22.12 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2.22.12 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@1500a131381b66de0c52ac28abb13cd79f4b7ecc # v2.22.12 + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2.22.12 - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@1500a131381b66de0c52ac28abb13cd79f4b7ecc # v2.22.12 - with: - category: "/language:${{matrix.language}}" + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2.22.12 + with: + category: '/language:${{matrix.language}}' diff --git a/.github/workflows/management-changelog.yml b/.github/workflows/management-changelog.yml index 12a968f46..6db4bf970 100644 --- a/.github/workflows/management-changelog.yml +++ b/.github/workflows/management-changelog.yml @@ -1,66 +1,60 @@ - - - on: - push: - branches: - - main # Your main branch - - dev # Your development branch - - release/* # Your releases branch - # - v2 # Your current v2 branch - disabled for now because I don't know if you want to have this tag on this branch or not -_- - # TODO: Rename your V2 brach to release/v2 for proper versioning if you intend to use a Release branch method + push: + branches: + - main # Your main branch + - dev # Your development branch + - release/* # Your releases branch + - v2 # Temp V2 integration branch permissions: - contents: read + contents: read name: Management - Release Workflow jobs: - release: - permissions: - contents: write - pull-requests: write - env: - GITHUB_TOKEN: ${{ secrets.BOT_TOKEN || github.token }} # Bot Token is a PAT for a automation account. - runs-on: ubuntu-latest - steps: - # Harden-Runner provides runtime security for GitHub-hosted and self-hosted environments. - - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 - with: - egress-policy: audit - - # This tells you useful infomation about the workflow, but it's not required (hence commented out) - it's just nice to have - # - name: Workflow Telemetry - # uses: catchpoint/workflow-telemetry-action@6705383eabd01833acfe8412ec697384830e1455 # v1.8.7 - # with: - # comment_on_pr: false - # theme: dark - # proc_trace_sys_enable: true - - - uses: google-github-actions/release-please-action@v4 - id: release - with: - config-file: '.github/release/release-main-config.json' - manifest-file: '.github/release/.release-manifest.json' - target-branch: ${{ github.ref_name == 'dev' && 'main' || github.ref_name }} - include-component-in-tag: true - - - uses: actions/checkout@v4 - if: ${{ steps.release.outputs.release_created }} - - - uses: actions/setup-node@v4 - if: ${{ steps.release.outputs.release_created }} - with: - node-version: 12 - registry-url: 'https://registry.npmjs.org' - - - run: pnpm i # Install using pnpm - if: ${{ steps.release.outputs.release_created }} - - - run: pnpm publish-all # Publish using pre-defined pnpm script - if: ${{ steps.release.outputs.release_created }} + release: + permissions: + contents: write + pull-requests: write env: - NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} - - \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.BOT_TOKEN || github.token }} # Bot Token is a PAT for a automation account. + runs-on: ubuntu-latest + steps: + # Harden-Runner provides runtime security for GitHub-hosted and self-hosted environments. + - name: Harden Runner + uses: step-security/harden-runner@v2.6.1 + with: + egress-policy: audit + + # This tells you useful infomation about the workflow, but it's not required (hence commented out) - it's just nice to have + # - name: Workflow Telemetry + # uses: catchpoint/workflow-telemetry-action@v1.8.7 + # with: + # comment_on_pr: false + # theme: dark + # proc_trace_sys_enable: true + + - uses: google-github-actions/release-please-action@v4 + id: release + with: + config-file: '.github/release/release-main-config.json' + manifest-file: '.github/release/.release-manifest.json' + target-branch: ${{ github.ref_name == 'dev' && 'main' || github.ref_name }} + include-component-in-tag: true + + - uses: actions/checkout@v4 + if: ${{ steps.release.outputs.release_created }} + + - uses: actions/setup-node@v4 + if: ${{ steps.release.outputs.release_created }} + with: + node-version: 12 + registry-url: 'https://registry.npmjs.org' + + - run: pnpm i # Install using pnpm + if: ${{ steps.release.outputs.release_created }} + + - run: pnpm publish-test # Publish using pre-defined pnpm script + if: ${{ steps.release.outputs.release_created }} + env: + NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} diff --git a/package.json b/package.json index f372eb616..a4d1c41b7 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,8 @@ "unpublish-preview": "pnpm --recursive --shell-mode exec -- npm unpublish -f --registry https://preview.registry.zenstack.dev/ \"\\$PNPM_PACKAGE_NAME\"", "publish-next": "pnpm --filter \"./packages/**\" -r publish --access public --tag next", "publish-preview-next": "pnpm --filter \"./packages/**\" -r publish --force --registry https://preview.registry.zenstack.dev/ --tag next", - "unpublish-preview-next": "pnpm --recursive --shell-mode exec -- npm unpublish -f --registry https://preview.registry.zenstack.dev/ --tag next \"\\$PNPM_PACKAGE_NAME\"" + "unpublish-preview-next": "pnpm --recursive --shell-mode exec -- npm unpublish -f --registry https://preview.registry.zenstack.dev/ --tag next \"\\$PNPM_PACKAGE_NAME\"", + "publish-test": "pnpm --filter \"./packages/**\" -r publish --access public --tag test" }, "keywords": [], "author": "",