refactor(ci): clean up npm workflows (#4786)
This extracst the publish on npm workflow from ci.yaml and adds a new workflow called `npm-beta.yaml`. Now we have three workflows that publish to npm. - `npm-beta.yaml` only runs on pushes and merges into `main` - `npm-dev.yaml` only runs on PRs into `main` with approval from code-server-reviewers team - `npm-brew.yaml` only runs on releases This should fix problems we had previously where anyone could open a PR and publish under the code-server namespace. It also separates out the workflows based on environment and when they should run.
This commit is contained in:
parent
48bbbd6c37
commit
9954a88d3a
|
@ -177,15 +177,6 @@ jobs:
|
|||
name: npm-package
|
||||
path: ./package.tar.gz
|
||||
|
||||
- name: Publish npm package with PR number and commit SHA
|
||||
run: yarn publish:npm
|
||||
env:
|
||||
ENVIRONMENT: "development"
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
||||
NPM_TAG: ${{ github.event.number }}
|
||||
PR_NUMBER_AND_COMMIT_SHA: ${{ github.event.number }}-${{ github.event.pull_request.head.sha }}
|
||||
|
||||
# TODO: cache building yarn --production
|
||||
# possibly 2m30s of savings(?)
|
||||
# this requires refactoring our release scripts
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
name: Publish on npm and tag with "beta"
|
||||
|
||||
on:
|
||||
# Shows the manual trigger in GitHub UI
|
||||
# helpful as a back-up in case the GitHub Actions Workflow fails
|
||||
workflow_dispatch:
|
||||
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
|
||||
jobs:
|
||||
# NOTE: this job requires curl, jq and yarn
|
||||
# All of them are included in ubuntu-latest.
|
||||
npm:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Publish npm package and tag "beta"
|
||||
run: yarn publish:npm
|
||||
env:
|
||||
ENVIRONMENT: "staging"
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
||||
NPM_TAG: "beta"
|
||||
# Since this only runs on a merge into main, we can't use github.event.number
|
||||
# so we instead use the word "beta" and the PR merge commit SHA
|
||||
PR_NUMBER_AND_COMMIT_SHA: beta-${{ github.sha }}
|
|
@ -16,7 +16,7 @@ jobs:
|
|||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
- name: Publish npm package with PR number and commit SHA
|
||||
- name: Publish npm package and tag with "latest"
|
||||
run: yarn publish:npm
|
||||
env:
|
||||
ENVIRONMENT: "production"
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
name: Publish on npm and tag with "beta"
|
||||
name: Publish on npm and tag with PR number
|
||||
|
||||
on:
|
||||
# Shows the manual trigger in GitHub UI
|
||||
# helpful as a back-up in case the GitHub Actions Workflow fails
|
||||
workflow_dispatch:
|
||||
|
||||
push:
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
|
||||
|
@ -13,6 +13,9 @@ jobs:
|
|||
# NOTE: this job requires curl, jq and yarn
|
||||
# All of them are included in ubuntu-latest.
|
||||
npm:
|
||||
# This environment "npm" requires someone from
|
||||
# coder/code-server-reviewers to approve the PR before this job runs.
|
||||
environment: npm
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
@ -20,10 +23,8 @@ jobs:
|
|||
- name: Run ./ci/steps/publish-npm.sh
|
||||
run: yarn publish:npm
|
||||
env:
|
||||
ENVIRONMENT: "staging"
|
||||
ENVIRONMENT: "development"
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
||||
NPM_TAG: "beta"
|
||||
# Since this only runs on a merge into main, we can't use github.event.number
|
||||
# so we instead use the word "beta" and the PR merge commit SHA
|
||||
PR_NUMBER_AND_COMMIT_SHA: beta-${{ github.sha }}
|
||||
NPM_TAG: ${{ github.event.number }}
|
||||
PR_NUMBER_AND_COMMIT_SHA: ${{ github.event.number }}-${{ github.event.pull_request.head.sha }}
|
||||
|
|
Loading…
Reference in New Issue