-
Notifications
You must be signed in to change notification settings - Fork 365
157 lines (127 loc) · 5.77 KB
/
release-insiders.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: Release insiders
# This workflow is triggered when a comment is created on a PR that contains the string "/release insiders".
# The comment must be created by a user with write access to the repo.
on:
# only run when a comment is created under a pr
issue_comment:
types: [created]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
insiders:
# run if the comment contains "/release insiders" and if the comment is created under a PR
if:
${{ github.event.issue.pull_request && contains(github.event.comment.body,
'/release insiders') }}
runs-on: ubuntu-latest
permissions:
issues: write
# allow writing comments on the PR
contents: write
pull-requests: write
steps:
# check if the user is an owner of the repo
- name: Has write access
id: has-write-access
uses: actions/github-script@v6
with:
script: |
const res = await github.rest.repos.getCollaboratorPermissionLevel({
...context.repo,
username: context.payload.comment.user.login,
});
const hasPermission = ['admin', 'write', 'maintain'].includes(res.data.permission)
if (!hasPermission) {
// if the user doesn't have write access, comment on the PR
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `🚫 Cannot publish because user @${context.payload.comment.user.login} doesn't have write access.`
})
}
return hasPermission
# stop the workflow if the user doesn't have write access
- name: Stop if user doesn't have write access
if: ${{ !steps.has-write-access.outputs.result }}
run: |
echo "User doesn't have write access. Stopping the workflow."
exit 1
- name: Start the comment
id: start-comment
uses: actions/github-script@v6
with:
result-encoding: string
script: |
const result = await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `
⏳ Okay @${context.payload.comment.user.login}, I'm releasing an insiders build to npm. I will update this comment when done.
<details><summary>More detail</summary>
In case this fails, follow the workflow run [here](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) to debug.
</details>
`
})
const commentId = result.data.id
return commentId
- name: Get the pull request's ref
id: pr-ref
uses: actions/github-script@v6
with:
result-encoding: string
script: |
const {data: pullRequest} = await github.rest.pulls.get({
...context.repo,
pull_number: context.issue.number
})
return pullRequest.head.sha
# checkout the repo at the latest commit of the PR
- uses: actions/checkout@v2
with:
ref: ${{ steps.pr-ref.outputs.result }}
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 18.x
- uses: ./.github/actions/yarn-nm-install
- name: Build the Theatre.js packages
run: yarn cli build
- name: Update .yarnrc.yml with the auth config for the npmPublishRegistry
run: cat .github/.yarnrc.publish.yml >> .yarnrc.yml
- name: Publish the Theatre.js packages
id: publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: yarn zx scripts/prerelease.mjs
- name: Update the comment
id: update-comment
uses: actions/github-script@v6
with:
script: |
const published = JSON.parse(${{ toJSON( steps.publish.outputs.data ) }})
const result = await github.rest.issues.updateComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: "${{ steps.start-comment.outputs.result }}",
body: `
<details>
<summary>🎉 Released an insiders' build to npm. Here is how to upgrade:</summary>
* 🚧 This is an insiders' build. It possibly **is not stable and _may_ corrupt your data**. Always **backup your work** before upgrading.
* If you do try this build, welcome aboard, insider 😉. If you're feeling generous, share some feedback here or on [\`#contributing\`](https://discord.com/channels/870988717190426644/940301611023073400) at Discord.
* 🔼 To upgrade, edit \`package.json\` and replace the versions of all \`@theatre\` or \`theatric\` packages with their new versions:
\`\`\`diff
${published.map((pkg) => {
return `--- ${pkg.packageName}: "old-version",\n+++ ${pkg.packageName}: "${pkg.version}",`
}).join('\n')}
\`\`\`
All published packages are on npm:
${published.map((pkg) => {
return `* [\`${pkg.packageName}@${pkg.version}\`](https://www.npmjs.com/package/${pkg.packageName}/v/${pkg.version})`
}).join('\n')}
Published at the request of @${context.payload.comment.user.login}, on commit ${{ steps.pr-ref.outputs.result }}. Workflow log [here](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) to debug.
</details>
`
})