From 2238af3d6d10348453347a1181e6f5e3d0286ae1 Mon Sep 17 00:00:00 2001 From: Carlos Martins Date: Tue, 27 Aug 2024 10:43:08 -0600 Subject: [PATCH 1/5] create workflow --- .github/OSBotify-private-key.asc.gpg | Bin 0 -> 5132 bytes .github/workflows/npmpublish.yml | 31 ---------- .github/workflows/publish.yml | 86 +++++++++++++++++++++++++++ 3 files changed, 86 insertions(+), 31 deletions(-) create mode 100644 .github/OSBotify-private-key.asc.gpg delete mode 100644 .github/workflows/npmpublish.yml create mode 100644 .github/workflows/publish.yml diff --git a/.github/OSBotify-private-key.asc.gpg b/.github/OSBotify-private-key.asc.gpg new file mode 100644 index 0000000000000000000000000000000000000000..58cab0b25bb8ca9011daff84112c14a738b2f4ca GIT binary patch literal 5132 zcmV+n6!Yth4Fm}T0>4sLAE@D}(Du^o0nQivvRz;CW*oqJe60k)G10!5@y2J4^}VWU zU|Fd`136p2lhAT?tAtljSS4djw)^{6NUAPh)U)J9(u@QMbyj+HIA1so(9j1=5Tj|r zY5lM!%i9RH3?bNJ9!BWNJoI)oyHq!cm&=jsFi#ARy+e_*Ms`)GIeKdly-TYDIda1* ztC{E{PiA5*sWaI4N9t$1R2op`R81mZ&i zd%QZ@?>g7fvvdzf%vg>Cw#))aJVj))(mk{q!0|~l|@g-g8+!5S`zefl3Rv~IBPzb%o0PtBme|^{ z1&CA=Cn4Kbp$b<+UD`(lK4=uhN0E}X&v5yC|IU@f7S1Gg1C3REVbQH*~NG*a|p`_!P^Z?`z~Y*g(s{LL#f7(FIBOH z>0@eE2_UwRZY{8G_jo!_mmnW)o*$l($@H39ksml7O7`Y0<7`IJG`qi9CM%PT5DVPx zKDCQXz}K22-dF*l3=ndAvaf6ymG+UjeXN2+<< zV*J7yx%S##&YA_=9;}nHG8U;vS2?3rZPE_)!<8NBej{Iwh$=rV94;B~=n-0PD9%RY zgZ|!pzgaJc`rT)ab;Yj+_B1F}@}P;9n|w{47(O$wS#J#6gIfJ$LS`ry(%hwDA6m_g zxh=-tRWJ9FSN<5?zThOdQPp&=C-T-GWJZ%QH8$7Kfd5M#9MiIs69nVRDzn}+L%31d zSKXuYtk`OIN(beWfEl3*Zh$8h)n=uhm;mUxLl{+&b8eux-XuQfO6Q?#*IG@w8aqK^ zzeli^uMjfJrPQzcsJ^<6d)ogf!bcez0oRodoGkQH^o}{b4zAIgM&hOx8klOT`~!>8 zEq9Wm2nwuHi-yavEUD52d^#P>s@%wUdxBnWjugC4&?kkt-VQdEhLO94?2$XO)mj_| z)i9j2Ze%e?b1Hs|KzdAv&O#4+KbOqD;g^C8*n>>||KP85?z-qgjY$XfXd0r@ng_)k z!7<*goV7Dh>F8g7<_x1sqXNP9i@L4wZSZcrk2B3fFG`982(rbD1bx9zyQrd8_TEq^F3A)I+cbI56@=tgdN#08i!Zsb^rYGZiVuv zF!9_XhVO^pOBfKaX4JWT)132RNx_Bs!bxC|f`pJjkX5LE=!|>iV?#@Zd=k+aNB|vf z9(qS;D`9#k0!jR1v0}vd{eS?QadWJA?6S;np~n7aT#*;*U;eyO&Jc2!ekD z+}vJv@2B<~&KG7`H*QVC4E;`DvU4N>tKP+loJt`^UJF>RsUiv^r+X3LWZ^)*DcW0X z;rm2Uw=!$bG=M~1%N-A2|LEs2xvVZN=+I=?@#^HZchXYV6cBJesbDq@k# z+(O0gtS5MdCedqbk&%eB>RYi|`-(%wV!V7PHn7PA2m8MQ*XJ#abd0Q?PU#Kkhpdj8 zp%3|JPN|`H_15Qrzw|Koetp;UCxdBHz(-;Y zF8--$fjJjoWPh*?>MdH7LawhHdW>Diho$-9*U*f!;jov30!4Rb zu`_N7ESe_`qi~x0V5PDScz?&Xj{#!IKBqd|uoaL;#7zsa)nq9-S3S#?GKhYe+uVyzrqYN z^&{GT((U`cpV2<~+}cpOl1WMiIU6&peWPvRb40#XBuJNH2B%(rrlRJ?^DH7i>pG0;SUDy!|6G{vS`OkDGjm;SEnjUGJke{_1>Wq#1dG)O1IkbHG zHmN5^zXD=M139-xPomKN<*?D+F`=6AC92p(M9-DJaf0>{2nt#u@v~y0L~sFjjN?95 zz_7dufil@{B$hZ_X+%S}mnzHk0mYGF;gJq}Kn4=EfO_S4K3bV{L>E{$jZ!bX6{$d76oH7`;PB!5W2l)$MFl%9DOV+B24MfH6Zj*V<^yX&3t~><8IEL zFqVWhpRM*)2&~*;EH@|wcEnkQjR1Z(#EXc@-VQ9bt?*~_Jq%qAo@cTgU_7wKbJ_L- zTS)9JoLO(G+q1kx2 z>&MHF$`_`)Ckzo%05j$wS(JD|HKL^`OoI@`@KG|}3sZsypb|Jx9k_y^eqth|30zs) zKuYxjum*Z7M&L^o3zK?Z`K# z?`p}lmlsT-a)13!OaVGhzQT4?VbeQjFCb#o5x>K4rZYMA=ls%&`+b~jnMwD>%u*WE z@|nWm;;f10$eCoOxh6HlX#h9XZtKBCxk*2yjz_o584MATGd;1v5BMYw2XijbE*s#r zD^%udif;Q>>)m0g&oM7h5eA^ISFZcFO_oKkj0 z4Y||Cs^0XYkqCzr7!#VZHm?wVo1LqTgr$qJ+G@|4R29d~U;Siv;ivG*5$WX7axEhM zBHHukF?74GKIF~Hy#y?X{()zI1d7vo89xuWM<1;5V(kG0&XSbRTTdBQIn)0FV4 zY1JKZq5j)vas`%$RH1fFby4d(Xn0NYy~(%akGP4GxB!envE=dQoHrdTn-Czi4ZPjT!o zQdd0*0>5%^t?oPDEI%cpT{#J~Jf`&+9D*TkiW|sFytgd)3sz9Cv5sTG==u7(9#Ytr zZ);*7NzoG$)ENGqm}g+#j%Rb$uLN^RJA1 z>5%`H8)3W8FaNT$5LvTo(5P|KqfzO2f|1*u*8<!m+cbGGXGBXN(n7_08I>}{2{-SBNdSd0aS*~be1ybO+opXsjGs?N8{)NP_#^u_9{ z&JuD{2Rj}1R>#D7tknkeeQ-iYvrwO79O*mZ#0lM2?B?yKgI?b&hk0(Alm%%z%eW;O z**-Vhp!6ihJSGoSdR(%((d_4Q=d?4UA<8shNYtjqWZp8I7~gIT=@oj~YVoX$MN%xE zz&IooAc2~{`dINYG6Vbls;cC5SZR{}@)k@hXB)v1GPd4{jTVTx0Au<@2Pz8rIaz+T zLpPcS4Q)I?MSX@E#m|Fbs8Qe0$l@darc7EWZ>@zc|#esO+3Aw|I&f-Fjwy1h(>bSrJ-_85jE%h`EE|-r%{4tUmP-gV2FcOuHYJ)m@7cD1sx8MZ-`f5h7QkmS z^_)3gnJURAKNbzn z8PLW@MI7)V^f|FyvL9WY*d|DRp$o6C_)2fDkt$@)0Eyk05oFyjhSdmq&!wF!n90ig zRfDnCYaK!uGI5LN*Wcnk5@<&~<;Nx~B}b~1l1w$(5LOkB2{F)g9eL-graXrDgbA;K z6@B*(XIip{Wng#9VqaFp{KT_I?@t;dA)qrJ1T1EJO1;o-!T#`Nii#v24>^~IA`3`1fUeGXvjX6cjsNKe(FCxt2hzLd-eO2)e;=G7)+2RAYvez@4 z-qjhajlL6C2+1jZ40YtpWSJ|%e2R;=WG_$eaB^e>#Mm)0j)%#~Kvm@`fqkE`@_wki z)c2IhjyxZOj};m`8^VqkK?8lvZ$4mg$A{!cY%2eV!{C0fcj6EW^roTlQtG#RiE(ks z-gvr#tW*eZm1bC6XvPh~QYz6^gLCw@*koJ4W7WO>lYae|SB%c?jyR-(u-*hDu`1ul zfWBjei_&K+QuND!C1}6k2N-WsCKg2*Odb8W?dxKaB$=AA?RG%}S!#TvyT`Mg*KJRQ$ z`tbIt4(nReQHu_UI{>Df&=*K*C!fb>mKF)0R_&rpe-aA3GUqYp29qt*?@*}4ywVEo zJ-p?_v7Rs1K$V5&m>P4rkwGXbsk-#(XmF&$jz_2(w|J@JBmV0`8D|t`>ETKo3l3O{ zSFVAMLa8o70npVOAk>*!C@DmgKRHpT&arc?Ie6AY>GZxrgw`!wp zW&r4$<-s@stg671$cjt2*Ns>zmG8g8=mKHmvA#_W=x~f@+)M<72@OTcdx>}8U0W^1 zA1iroiVKo8P45U%jaiKlgvQk_IE{mgJUvp?=y?@<7D9Y&6s@R;3?L4J_n-##YnJ+J zIThSOOgk|6t=GJ!_7Z63_c&vs;Fmb;A_Q%dUhp9;pw$urzsJUmxyslm6G!}!N0&9z z*14Pu$n9y1RXE_yD_WRd!EAj_xaA0eD*xxBEK(VHbRj-F5_;PXpWa=+r~X?ugZr>uNB+bFj9 z?xcM3`k>HY>zxRwy&Qk)Y&GGNO^eOcPdVc1A6Lk1H~PtY_Ls;plULSh#O$zQrvdWo z?f!LjanPhlY|wp?6J!~GNRQDQoe!$>9RiVAz;~)jOms9Uf@YT4ekRc8 ubbWx7MJu1rvRQt1-oJZMM%QM$i_{l|_s#-?;b;4>SxmjpRy!PKUT{*OxB;^O literal 0 HcmV?d00001 diff --git a/.github/workflows/npmpublish.yml b/.github/workflows/npmpublish.yml deleted file mode 100644 index 43480a0..0000000 --- a/.github/workflows/npmpublish.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: Node.js Package - -on: - push: - branches: - - master - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - uses: actions/setup-node@v1 - with: - node-version: 12 - - run: npm ci - - run: npm test - - publish-npm: - needs: build - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - uses: actions/setup-node@v1 - with: - node-version: 12 - registry-url: https://registry.npmjs.org/ - - run: npm ci - - run: npm publish - env: - NODE_AUTH_TOKEN: ${{secrets.npm_token}} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..65e0bae --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,86 @@ +name: Publish package to npmjs + +# This workflow runs when code is pushed to `main` (i.e: when a pull request is merged) +on: + push: + branches: [main] + +# Ensure that only one instance of this workflow executes at a time. +# If multiple PRs are merged in quick succession, there will only ever be one publish workflow running and one pending. +concurrency: ${{ github.workflow }} + +jobs: + version: + runs-on: ubuntu-latest + + # OSBotify will update the version on `main`, so this check is important to prevent an infinite loop + if: ${{ github.actor != 'OSBotify' }} + + steps: + - uses: actions/checkout@v3 + with: + ref: main + + - name: Decrypt & Import OSBotify GPG key + run: | + cd .github + gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output OSBotify-private-key.asc OSBotify-private-key.asc.gpg + gpg --import OSBotify-private-key.asc + env: + LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} + + - name: Set up git for OSBotify + run: | + git config --global user.signingkey 367811D53E34168C + git config --global commit.gpgsign true + git config --global user.name OSBotify + git config --global user.email infra+osbotify@expensify.com + - uses: actions/setup-node@v3 + with: + node-version: '16.x' + registry-url: 'https://registry.npmjs.org' + + - name: Generate branch name + run: echo "BRANCH_NAME=OSBotify-bump-version-$(uuidgen)" >> $GITHUB_ENV + + - name: Create branch for version-bump pull request + run: git checkout -b ${{ env.BRANCH_NAME }} + + - name: Install npm packages + run: npm ci + + - name: Update npm version + run: npm version patch + + - name: Set new version in GitHub ENV + run: echo "NEW_VERSION=$(jq '.version' package.json)" >> $GITHUB_ENV + + - name: Push branch and publish tags + run: git push --set-upstream origin ${{ env.BRANCH_NAME }} && git push --tags + + - name: Create pull request + run: | + gh pr create \ + --title "Update version to ${{ env.NEW_VERSION }}" \ + --body "Update version to ${{ env.NEW_VERSION }}" + sleep 5 + env: + GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} + + - name: Auto-approve pull request + run: gh pr review --approve ${{ env.BRANCH_NAME }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Auto-merge pull request + run: gh pr merge --merge --delete-branch ${{ env.BRANCH_NAME }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Build package + run: npm run build + + - name: Publish to npm + run: npm publish + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} From b6622783a68acaa7eb59050b299b49caaae6ea35 Mon Sep 17 00:00:00 2001 From: Carlos Martins Date: Tue, 27 Aug 2024 12:46:52 -0600 Subject: [PATCH 2/5] update workflow --- .github/workflows/publish.yml | 50 ++++++++++++++--------------------- .nvmrc | 1 + 2 files changed, 21 insertions(+), 30 deletions(-) create mode 100644 .nvmrc diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 65e0bae..2387a5e 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -17,9 +17,11 @@ jobs: if: ${{ github.actor != 'OSBotify' }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: ref: main + # The OS_BOTIFY_COMMIT_TOKEN is a personal access token tied to osbotify, which allows him to push to protected branches + token: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }} - name: Decrypt & Import OSBotify GPG key run: | @@ -35,16 +37,10 @@ jobs: git config --global commit.gpgsign true git config --global user.name OSBotify git config --global user.email infra+osbotify@expensify.com - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: '16.x' - registry-url: 'https://registry.npmjs.org' - - - name: Generate branch name - run: echo "BRANCH_NAME=OSBotify-bump-version-$(uuidgen)" >> $GITHUB_ENV - - - name: Create branch for version-bump pull request - run: git checkout -b ${{ env.BRANCH_NAME }} + node-version-file: ".nvmrc" + registry-url: "https://registry.npmjs.org" - name: Install npm packages run: npm ci @@ -56,26 +52,7 @@ jobs: run: echo "NEW_VERSION=$(jq '.version' package.json)" >> $GITHUB_ENV - name: Push branch and publish tags - run: git push --set-upstream origin ${{ env.BRANCH_NAME }} && git push --tags - - - name: Create pull request - run: | - gh pr create \ - --title "Update version to ${{ env.NEW_VERSION }}" \ - --body "Update version to ${{ env.NEW_VERSION }}" - sleep 5 - env: - GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - - - name: Auto-approve pull request - run: gh pr review --approve ${{ env.BRANCH_NAME }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Auto-merge pull request - run: gh pr merge --merge --delete-branch ${{ env.BRANCH_NAME }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: git push origin main && git push --tags - name: Build package run: npm run build @@ -84,3 +61,16 @@ jobs: run: npm publish env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + + - name: Get merged pull request + id: getMergedPullRequest + run: | + read -r number < <(gh pr list --search ${{ github.sha }} --state merged --json 'number' | jq -r '.[0] | [.number] | join(" ")') + echo "number=$number" >> "$GITHUB_OUTPUT" + env: + GITHUB_TOKEN: ${{ github.token }} + + - name: Comment on merged pull request + run: gh pr comment ${{ steps.getMergedPullRequest.outputs.number }} --body "🚀Published to npm in v${{ env.NEW_VERSION }}" + env: + GITHUB_TOKEN: ${{ github.token }} diff --git a/.nvmrc b/.nvmrc new file mode 100644 index 0000000..48b14e6 --- /dev/null +++ b/.nvmrc @@ -0,0 +1 @@ +20.14.0 From 11e11cc3f58ca9c80bd5a364eb8ece387cf2c2a6 Mon Sep 17 00:00:00 2001 From: Carlos Martins Date: Tue, 27 Aug 2024 13:39:19 -0600 Subject: [PATCH 3/5] Update .nvmrc Co-authored-by: Justin Persaud --- .nvmrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.nvmrc b/.nvmrc index 48b14e6..b8e593f 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -20.14.0 +20.15.1 From b4b732ccc9b216996e796c5c2b59ea5395263a51 Mon Sep 17 00:00:00 2001 From: Carlos Martins Date: Tue, 27 Aug 2024 14:28:00 -0600 Subject: [PATCH 4/5] Update .github/workflows/publish.yml Co-authored-by: Rory Abraham <47436092+roryabraham@users.noreply.github.com> --- .github/workflows/publish.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2387a5e..1b04f8f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -37,6 +37,7 @@ jobs: git config --global commit.gpgsign true git config --global user.name OSBotify git config --global user.email infra+osbotify@expensify.com + - uses: actions/setup-node@v4 with: node-version-file: ".nvmrc" From f3b1ec2fb71bd4e98183ba76c443caf89fb8743b Mon Sep 17 00:00:00 2001 From: Carlos Martins Date: Tue, 27 Aug 2024 14:31:26 -0600 Subject: [PATCH 5/5] rm registry --- .github/workflows/publish.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 1b04f8f..d6c5774 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -41,7 +41,6 @@ jobs: - uses: actions/setup-node@v4 with: node-version-file: ".nvmrc" - registry-url: "https://registry.npmjs.org" - name: Install npm packages run: npm ci