diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4bde6eb63c..5dadbe4292 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -91,3 +91,4 @@ jobs: RELEASER_CLIENT_ID: ${{ secrets.RELEASER_CLIENT_ID }} RELEASER_CLIENT_SECRET: ${{ secrets.RELEASER_CLIENT_SECRET }} RELEASER_INSTALLATION_ID: ${{ secrets.RELEASER_INSTALLATION_ID }} + DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }} diff --git a/package-lock.json b/package-lock.json index 644c185650..c12aba5ac3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2684,6 +2684,7 @@ "version": "1.6.1", "resolved": "https://registry.npmjs.org/@coveo/semantic-monorepo-tools/-/semantic-monorepo-tools-1.6.1.tgz", "integrity": "sha512-U3vxcO6gUR3zFepT4Zrgs3dAzXk7HSpJyI9DumY+dpleYx4jrjw7B0nWR9Y347Epzu11ZSs+mEiZuStMZVbu6Q==", + "dev": true, "dependencies": { "conventional-changelog-writer": "^5.0.1", "conventional-commits-parser": "^3.2.4", @@ -30687,6 +30688,7 @@ }, "devDependencies": { "@coveo/cli-commons-dev": "6.0.5", + "@coveo/semantic-monorepo-tools": "1.7.0", "@oclif/test": "2.2.21", "@types/jest": "29.4.0", "@types/node": "18.15.1", @@ -30706,6 +30708,20 @@ "node": "16.x || 18.x" } }, + "packages/cli/source/node_modules/@coveo/semantic-monorepo-tools": { + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/@coveo/semantic-monorepo-tools/-/semantic-monorepo-tools-1.7.0.tgz", + "integrity": "sha512-ed0ktBjAZVB/R1N9pUbL1c3d9Hd1copWfo6thhBF3vDM+vBH5nOE8NOkgMZOTyc+HdrPxNHjDTmGcCLoAFZPkQ==", + "dev": true, + "dependencies": { + "conventional-changelog-writer": "^5.0.1", + "conventional-commits-parser": "^3.2.4", + "debug": "^4.3.3", + "git-raw-commits": "^2.0.11", + "semver": "^7.3.7", + "tempfile": "^5.0.0" + } + }, "packages/cli/source/node_modules/strip-bom": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz", @@ -31477,7 +31493,7 @@ "name": "@coveord/release", "version": "1.0.0", "dependencies": { - "@coveo/semantic-monorepo-tools": "1.6.1", + "@coveo/semantic-monorepo-tools": "1.7.0", "@octokit/auth-app": "^4.0.9", "async-retry": "1.3.3", "conventional-changelog-angular": "5.0.13", @@ -31496,6 +31512,19 @@ "typescript": "4.9.5" } }, + "utils/release/node_modules/@coveo/semantic-monorepo-tools": { + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/@coveo/semantic-monorepo-tools/-/semantic-monorepo-tools-1.7.0.tgz", + "integrity": "sha512-ed0ktBjAZVB/R1N9pUbL1c3d9Hd1copWfo6thhBF3vDM+vBH5nOE8NOkgMZOTyc+HdrPxNHjDTmGcCLoAFZPkQ==", + "dependencies": { + "conventional-changelog-writer": "^5.0.1", + "conventional-commits-parser": "^3.2.4", + "debug": "^4.3.3", + "git-raw-commits": "^2.0.11", + "semver": "^7.3.7", + "tempfile": "^5.0.0" + } + }, "utils/verdaccio-starter": { "name": "@coveo/verdaccio-starter", "version": "1.0.0", diff --git a/packages/cli/source/package.json b/packages/cli/source/package.json index c5cd9e93fc..2f568fdc3d 100644 --- a/packages/cli/source/package.json +++ b/packages/cli/source/package.json @@ -26,6 +26,7 @@ }, "devDependencies": { "@coveo/cli-commons-dev": "6.0.5", + "@coveo/semantic-monorepo-tools": "1.7.0", "@oclif/test": "2.2.21", "@types/jest": "29.4.0", "@types/node": "18.15.1", diff --git a/utils/release/git-lock.mjs b/utils/release/git-lock.mjs index cfbe33897f..ee59420d05 100644 --- a/utils/release/git-lock.mjs +++ b/utils/release/git-lock.mjs @@ -6,6 +6,7 @@ import { gitCommit, gitPush, gitAdd, + gitSetupSshRemote, } from '@coveo/semantic-monorepo-tools'; import {dedent} from 'ts-dedent'; @@ -19,6 +20,9 @@ import {spawnSync} from 'node:child_process'; const isPrerelease = process.env.IS_PRERELEASE === 'true'; const noLockRequired = Boolean(process.env.NO_LOCK); const PATH = '.'; +const REPO_OWNER = 'coveo'; +const REPO_NAME = 'cli'; +const GIT_SSH_REMOTE = 'deploy'; const ensureUpToDateBranch = async () => { // Lock-out master @@ -42,10 +46,15 @@ const ensureUpToDateBranch = async () => { * This will make .github\workflows\git-lock-fail.yml run and thus fail the associated check. */ const lockBranch = async () => { + const DEPLOY_KEY = process.env.DEPLOY_KEY; + if (DEPLOY_KEY === undefined) { + throw new Error('Deploy key is undefined'); + } + await gitSetupSshRemote(REPO_OWNER, REPO_NAME, DEPLOY_KEY, GIT_SSH_REMOTE); writeFileSync('.git-lock', ''); await gitAdd('.git-lock'); await gitCommit('lock master', PATH); - await gitPush(); + await gitPush(GIT_SSH_REMOTE); spawnSync('git', ['reset', '--hard', 'HEAD~1']); }; diff --git a/utils/release/git-publish-all.mjs b/utils/release/git-publish-all.mjs index e9d34c7250..61b31a047d 100755 --- a/utils/release/git-publish-all.mjs +++ b/utils/release/git-publish-all.mjs @@ -21,6 +21,7 @@ import { gitCommitTree, gitUpdateRef, gitPublishBranch, + gitSetRefOnCommit, } from '@coveo/semantic-monorepo-tools'; import {Octokit} from 'octokit'; import {createAppAuth} from '@octokit/auth-app'; @@ -32,6 +33,7 @@ import {removeWriteAccessRestrictions} from './lock-master.mjs'; const CLI_PKG_MATCHER = /^@coveo\/cli@(?\d+\.\d+\.\d+)$/gm; const REPO_OWNER = 'coveo'; const REPO_NAME = 'cli'; +const GIT_SSH_REMOTE = 'deploy'; const getCliChangelog = () => { const changelog = readFileSync('packages/cli/core/CHANGELOG.md', { @@ -199,13 +201,12 @@ async function commitChanges(releaseNumber, commitMessage, octokit) { /** * We then update the mainBranch to this new verified commit. */ - await octokit.rest.git.updateRef({ - owner: REPO_OWNER, - repo: REPO_NAME, - ref: `refs/heads/${mainBranchName}`, - sha: commit.data.sha, - force: true, - }); + await gitSetRefOnCommit( + GIT_SSH_REMOTE, + `refs/heads/${mainBranchName}`, + commit.data.sha, + true + ); // Delete the temp branch await gitDeleteRemoteBranch('origin', tempBranchName); diff --git a/utils/release/package.json b/utils/release/package.json index dee354de40..f0c3886dc9 100644 --- a/utils/release/package.json +++ b/utils/release/package.json @@ -5,7 +5,7 @@ "version": "1.0.0", "type": "module", "dependencies": { - "@coveo/semantic-monorepo-tools": "1.6.1", + "@coveo/semantic-monorepo-tools": "1.7.0", "@octokit/auth-app": "^4.0.9", "async-retry": "1.3.3", "conventional-changelog-angular": "5.0.13",