refactor(ci): clean up npm workflows (#4786)

This extracst the publish on npm workflow from ci.yaml and adds a new workflow
called `npm-beta.yaml`.

Now we have three workflows that publish to npm.
- `npm-beta.yaml` only runs on pushes and merges into `main`
- `npm-dev.yaml` only runs on PRs into `main` with approval from
  code-server-reviewers team
- `npm-brew.yaml` only runs on releases

This should fix problems we had previously where anyone could open a PR and
publish under the code-server namespace. It also separates out the workflows
based on environment and when they should run.
This commit is contained in:
Joe Previte 2022-01-24 15:33:42 -07:00 committed by GitHub
parent 48bbbd6c37
commit 9954a88d3a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 38 additions and 17 deletions

View File

@ -177,15 +177,6 @@ jobs:
name: npm-package
path: ./package.tar.gz
- name: Publish npm package with PR number and commit SHA
run: yarn publish:npm
env:
ENVIRONMENT: "development"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TAG: ${{ github.event.number }}
PR_NUMBER_AND_COMMIT_SHA: ${{ github.event.number }}-${{ github.event.pull_request.head.sha }}
# TODO: cache building yarn --production
# possibly 2m30s of savings(?)
# this requires refactoring our release scripts

29
.github/workflows/npm-beta.yaml vendored Normal file
View File

@ -0,0 +1,29 @@
name: Publish on npm and tag with "beta"
on:
# Shows the manual trigger in GitHub UI
# helpful as a back-up in case the GitHub Actions Workflow fails
workflow_dispatch:
push:
branches:
- main
jobs:
# NOTE: this job requires curl, jq and yarn
# All of them are included in ubuntu-latest.
npm:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Publish npm package and tag "beta"
run: yarn publish:npm
env:
ENVIRONMENT: "staging"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TAG: "beta"
# Since this only runs on a merge into main, we can't use github.event.number
# so we instead use the word "beta" and the PR merge commit SHA
PR_NUMBER_AND_COMMIT_SHA: beta-${{ github.sha }}

View File

@ -16,7 +16,7 @@ jobs:
steps:
- uses: actions/checkout@v2
- name: Publish npm package with PR number and commit SHA
- name: Publish npm package and tag with "latest"
run: yarn publish:npm
env:
ENVIRONMENT: "production"

View File

@ -1,11 +1,11 @@
name: Publish on npm and tag with "beta"
name: Publish on npm and tag with PR number
on:
# Shows the manual trigger in GitHub UI
# helpful as a back-up in case the GitHub Actions Workflow fails
workflow_dispatch:
push:
pull_request:
branches:
- main
@ -13,6 +13,9 @@ jobs:
# NOTE: this job requires curl, jq and yarn
# All of them are included in ubuntu-latest.
npm:
# This environment "npm" requires someone from
# coder/code-server-reviewers to approve the PR before this job runs.
environment: npm
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
@ -20,10 +23,8 @@ jobs:
- name: Run ./ci/steps/publish-npm.sh
run: yarn publish:npm
env:
ENVIRONMENT: "staging"
ENVIRONMENT: "development"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TAG: "beta"
# Since this only runs on a merge into main, we can't use github.event.number
# so we instead use the word "beta" and the PR merge commit SHA
PR_NUMBER_AND_COMMIT_SHA: beta-${{ github.sha }}
NPM_TAG: ${{ github.event.number }}
PR_NUMBER_AND_COMMIT_SHA: ${{ github.event.number }}-${{ github.event.pull_request.head.sha }}