forked from epam/ai-dial-ci
-
Notifications
You must be signed in to change notification settings - Fork 1
159 lines (154 loc) · 6.04 KB
/
node_release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
name: NodeJS Release workflow
on:
workflow_call:
inputs:
bypass_checks:
type: boolean
default: false
description: Do not fail pipeline if checks failed
enable_format_checks:
type: boolean
default: true
description: Enable format_checks
bypass_format_checks:
type: boolean
default: false
description: Do not fail pipeline if format_checks failed
enable_style_checks:
type: boolean
default: true
description: Enable style_checks
bypass_style_checks:
type: boolean
default: false
description: Do not fail pipeline if style_checks failed
enable_code_checks:
type: boolean
default: true
description: Enable code_checks
bypass_code_checks:
type: boolean
default: false
description: Do not fail pipeline if code_checks failed
enable_ort:
type: boolean
default: true
description: Enable ORT scanning
bypass_ort:
type: boolean
default: false
description: Do not fail pipeline if ORT scan failed
enable_trivy:
type: boolean
default: true
description: Enable Trivy scanning
bypass_trivy:
type: boolean
default: false
description: Do not fail pipeline if Trivy failed
enable_publish:
type: boolean
default: true
description: Enable publish to npmjs
node_version:
type: string
default: "20"
description: NodeJS version to use
env:
IMAGE_NAME: ${{ github.repository }}
jobs:
test:
uses: ./.github/workflows/node_test.yml
with:
bypass_checks: ${{ inputs.bypass_checks }}
enable_format_checks: ${{ inputs.enable_format_checks }}
bypass_format_checks: ${{ inputs.bypass_format_checks }}
enable_style_checks: ${{ inputs.enable_style_checks }}
bypass_style_checks: ${{ inputs.bypass_style_checks }}
enable_code_checks: ${{ inputs.enable_code_checks }}
bypass_code_checks: ${{ inputs.bypass_code_checks }}
enable_ort: ${{ inputs.enable_ort }}
bypass_ort: ${{ inputs.bypass_ort }}
node_version: ${{ inputs.node_version }}
calculate_version:
runs-on: ubuntu-latest
outputs:
next_version: ${{ steps.semantic_versioning.outputs.next_version }}
is_latest: ${{ steps.semantic_versioning.outputs.is_latest }}
latest_tag: ${{ steps.semantic_versioning.outputs.latest_tag }}
steps:
- uses: alexey-ban/ai-dial-ci/actions/semantic_versioning@main
id: semantic_versioning
release:
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
security-events: write
needs:
- calculate_version
- test
steps:
- uses: alexey-ban/ai-dial-ci/actions/generate_release_notes@main
with:
latest_tag: ${{ needs.calculate_version.outputs.latest_tag }}
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
lfs: true
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
- uses: alexey-ban/ai-dial-ci/actions/node_prepare@main
with:
node_version: ${{ inputs.node_version }}
clean_install: true
registry_url: "https://registry.npmjs.org"
- name: Set version
shell: bash
run: |
npm version ${{ needs.calculate_version.outputs.next_version }} --no-git-tag-version || true # upstream branch may already be updated
- uses: alexey-ban/ai-dial-ci/actions/build_docker@main
with:
ghcr_username: ${{ github.actor }}
ghcr_password: ${{ secrets.ACTIONS_BOT_TOKEN }}
dockerhub_username: ${{ secrets.DOCKERHUB_LOGIN }}
dockerhub_password: ${{ secrets.DOCKERHUB_TOKEN }}
image_name: ghcr.io/${{ env.IMAGE_NAME }}
image_tag: ${{ needs.calculate_version.outputs.next_version }}
push: true
scan: ${{ inputs.enable_trivy }}
bypass_checks: ${{ inputs.bypass_trivy }}
image_extra_aliases: |
${{ env.IMAGE_NAME }}:${{ needs.calculate_version.outputs.next_version }}
${{ github.ref == 'refs/heads/development' && format('{0}:{1}', env.IMAGE_NAME, 'development') || ''}}
${{ github.ref == 'refs/heads/development' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'development') || ''}}
${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}:{1}', env.IMAGE_NAME, 'latest') || ''}}
${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'latest') || ''}}
- name: Publish packages to npmjs
if: ${{ inputs.enable_publish }}
shell: bash
run: |
#!/bin/bash
npm run build
PUBLISH_COMMAND="npm run publish"
ARGS=""
if [ "$IS_DEVELOPMENT_BRANCH" == "true" ]; then
ARGS+=" --development"
fi
if [ "$IS_RELEASE_BRANCH" == "true" ] && [ "$IS_LATEST" == "true" ]; then
ARGS+=" --tag latest"
fi
if [ -n "$ARGS" ]; then
PUBLISH_COMMAND+=" --"$ARGS
fi
$PUBLISH_COMMAND
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
IS_LATEST: ${{ needs.calculate_version.outputs.is_latest == 'true' }}
IS_DEVELOPMENT_BRANCH: ${{ github.ref == 'refs/heads/development' }}
IS_RELEASE_BRANCH: ${{ startsWith(github.ref, 'refs/heads/release-') }}
- uses: alexey-ban/ai-dial-ci/actions/publish_tag_release@main
with:
tag_version: ${{ needs.calculate_version.outputs.next_version }}
changelog_file: "/tmp/my_changelog" # comes from generate_release_notes step; TODO: beautify
extra_commit_command: |
git add package.json package-lock.json
git commit -m '[skip ci] Update version' || true # upstream branch may already be updated