Merge pull request #720 from Expensify/snyk-upgrade-e0ae8d5404ffc777f… #25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish package to npmjs | |
# This workflow runs when code is pushed to `main` (i.e: when a pull request is merged) | |
on: | |
push: | |
branches: [main] | |
# Ensure that only once instance of this workflow executes at a time. | |
# If multiple PRs are merged in quick succession, there will only ever be one publish workflow running and one pending. | |
concurrency: ${{ github.workflow }} | |
jobs: | |
version: | |
runs-on: ubuntu-latest | |
# OSBotify will update the version on `main`, so this check is important to prevent an infinite loop | |
if: ${{ github.actor != 'OSBotify' }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: main | |
# The OS_BOTIFY_COMMIT_TOKEN is a personal access token tied to osbotify, which allows him to push to protected branches | |
token: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }} | |
- name: Decrypt & Import OSBotify GPG key | |
run: | | |
cd .github | |
gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output OSBotify-private-key.asc OSBotify-private-key.asc.gpg | |
gpg --import OSBotify-private-key.asc | |
env: | |
LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} | |
- name: Set up git for OSBotify | |
run: | | |
git config --global user.signingkey 367811D53E34168C | |
git config --global commit.gpgsign true | |
git config --global user.name OSBotify | |
git config --global user.email [email protected] | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.nvmrc' | |
registry-url: 'https://registry.npmjs.org' | |
- name: Install npm packages | |
run: npm ci | |
- name: Update npm version | |
run: npm version patch | |
- name: Set new version in GitHub ENV | |
run: echo "NEW_VERSION=$(jq '.version' package.json)" >> $GITHUB_ENV | |
- name: Push branch and publish tags | |
run: git push origin main && git push --tags | |
- name: Build package | |
run: npm run build | |
- name: Publish to npm | |
run: npm publish | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
- name: Get merged pull request | |
id: getMergedPullRequest | |
run: | | |
read -r number < <(gh pr list --search ${{ github.sha }} --state merged --json 'number' | jq -r '.[0] | [.number] | join(" ")') | |
echo "number=$number" >> "$GITHUB_OUTPUT" | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
- name: Comment on merged pull request | |
run: gh pr comment ${{ steps.getMergedPullRequest.outputs.number }} --body "🚀Published to npm in v${{ env.NEW_VERSION }}" | |
env: | |
GITHUB_TOKEN: ${{ github.token }} |