-
Notifications
You must be signed in to change notification settings - Fork 6
317 lines (287 loc) · 13.2 KB
/
build-and-push-assets.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
name: Build and push assets
on:
workflow_call:
inputs:
NODE_OPTIONS:
description: Space-separated list of command-line Node options.
type: string
default: ''
required: false
NODE_VERSION:
description: Node version with which the static code analysis is to be executed.
default: 18
required: false
type: string
NPM_REGISTRY_DOMAIN:
description: Domain of the private npm registry.
default: https://npm.pkg.github.com/
required: false
type: string
PACKAGE_MANAGER:
description: Package manager with which the dependencies should be installed (`npm` or `yarn`).
default: 'npm'
required: false
type: string
WORKING_DIRECTORY:
description: Working directory path.
default: './'
required: false
type: string
COMPILE_SCRIPT_PROD:
description: Script added to "npm run" or "yarn" to build production assets.
type: string
default: 'build'
required: false
COMPILE_SCRIPT_DEV:
description: Script added to "npm run" or "yarn" to build development assets.
type: string
default: 'build:dev'
required: false
MODE:
description: Mode for compiling assets (`prod` or `dev`)
default: ''
required: false
type: string
ASSETS_TARGET_PATHS:
description: Space-separated list of target directory paths for compiled assets.
default: './assets'
required: false
type: string
ASSETS_TARGET_FILES:
description: Space-separated list of target file paths for compiled assets.
default: ''
required: false
type: string
BUILT_BRANCH_NAME:
description: Sets the target branch for pushing assets on the `branch` event.
type: string
default: ''
required: false
RELEASE_BRANCH_NAME:
description: On tag events, target branch where compiled assets are pushed and the tag is moved to.
type: string
default: ''
required: false
PHP_VERSION:
description: PHP version with which the PHP tools are to be executed.
default: '8.2'
required: false
type: string
PHP_TOOLS:
description: PHP tools supported by shivammathur/setup-php to be installed.
default: ''
required: false
type: string
secrets:
NPM_REGISTRY_TOKEN:
description: Authentication for the private npm registry.
required: false
GITHUB_USER_EMAIL:
description: Email address for the GitHub user configuration.
required: true
GITHUB_USER_NAME:
description: Username for the GitHub user configuration.
required: true
GITHUB_USER_SSH_KEY:
description: Private SSH key associated with the GitHub user passed as `GITHUB_USER_NAME`.
required: false
GITHUB_USER_SSH_PUBLIC_KEY:
description: Public SSH key associated with the GitHub user passed as `GITHUB_USER_NAME`.
required: false
ENV_VARS:
description: Additional environment variables as a JSON formatted object.
required: false
jobs:
checks:
runs-on: ubuntu-latest
outputs:
is_development_branch_last_commit: ${{ github.sha == steps.detect_development_branch_last_commit.outputs.development_branch_last_commit && 'yes' || 'no' }}
is_moved_tag: ${{ (github.ref_type == 'tag' && contains(steps.detect_tag_annotation.outputs.tag_annotation, env.MOVED_TAG_ANNOTATION_PATTERN)) && 'yes' || 'no' }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Checkout development branch
# it is not possible to get tag annotation from detached state https://github.com/actions/runner/issues/712
run: |
git checkout ${{ github.event.repository.default_branch }}
- name: Find last commit
id: detect_development_branch_last_commit
run: |
echo "development_branch_last_commit=$(git --no-pager log -n 1 --pretty=tformat:'%H')" >> "$GITHUB_OUTPUT"
- name: Find tag message
id: detect_tag_annotation
if: ${{ github.ref_type == 'tag' }}
run: |
git fetch --tags --force # Retrieve annotated tags https://github.com/actions/checkout/issues/290
echo "tag_annotation=$(git --no-pager tag -l --format='%(contents:subject)' ${{ github.ref_name }})" >> "$GITHUB_OUTPUT"
- name: Prepare moved tag annotation pattern
run: |
echo "MOVED_TAG_ANNOTATION_PATTERN=// Released by ${{ github.workflow }}" >> $GITHUB_ENV
compile-assets:
needs: checks
if: ${{ github.ref_type == 'branch' || (github.ref_type == 'tag' && needs.checks.outputs.is_moved_tag == 'no') }}
defaults:
run:
working-directory: ${{ inputs.WORKING_DIRECTORY }}
timeout-minutes: 10
runs-on: ubuntu-latest
env:
NODE_OPTIONS: ${{ inputs.NODE_OPTIONS }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_REGISTRY_TOKEN }}
NODE_CACHE_MODE: ''
GITHUB_USER_EMAIL: ${{ secrets.GITHUB_USER_EMAIL }}
GITHUB_USER_NAME: ${{ secrets.GITHUB_USER_NAME }}
GITHUB_USER_SSH_KEY: ${{ secrets.GITHUB_USER_SSH_KEY }}
GITHUB_USER_SSH_PUBLIC_KEY: ${{ secrets.GITHUB_USER_SSH_PUBLIC_KEY }}
COMPILE_SCRIPT: ''
TAG_NAME: '' # we'll override if the push is for tag
TAG_BRANCH_NAME: '' # we'll override if the push is for tag
NO_CHANGES: '' # we'll override if no changes to commit
steps:
- name: PACKAGE_MANAGER deprecation warning
if: ${{ inputs.PACKAGE_MANAGER != '' }}
run: |
if [ "${{ inputs.PACKAGE_MANAGER }}" == 'npm' ]; then
echo "::warning::The PACKAGE_MANAGER input is deprecated and will be removed soon. Please remove it. The workflow already uses npm by default."
else
echo "::warning::The PACKAGE_MANAGER input is deprecated and will be removed soon. Please update your workflow to use npm."
fi
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
ssh-key: ${{ env.GITHUB_USER_SSH_KEY }}
- name: Set up SSH
if: ${{ env.GITHUB_USER_SSH_KEY != '' }}
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ env.GITHUB_USER_SSH_KEY }}
- name: Set up Git
run: |
git config --global user.email "${{ env.GITHUB_USER_EMAIL }}"
git config --global user.name "${{ env.GITHUB_USER_NAME }}"
git config --global advice.addIgnoredFile false
git config --global push.autoSetupRemote true
- name: Set up signing commits
if: ${{ env.GITHUB_USER_SSH_PUBLIC_KEY != '' }}
run: |
: # Create empty SSH private key file so Git does not complain.
touch "${{ runner.temp }}/signingkey"
echo "${{ env.GITHUB_USER_SSH_PUBLIC_KEY }}" > "${{ runner.temp }}/signingkey.pub"
git config --global commit.gpgsign true
git config --global gpg.format ssh
git config --global user.signingkey "${{ runner.temp }}/signingkey.pub"
- name: Set up custom environment variables
env:
ENV_VARS: ${{ secrets.ENV_VARS }}
if: ${{ env.ENV_VARS }}
uses: actions/github-script@v7
with:
script: |
JSON
.parse(process.env.ENV_VARS)
.forEach(envVar => core.exportVariable(envVar.name, envVar.value));
- name: Set compile script
run: |
if [ "${{ inputs.MODE }}" == 'dev' ]; then
echo "COMPILE_SCRIPT=${{ inputs.COMPILE_SCRIPT_DEV }}" >> $GITHUB_ENV
elif [ "${{ inputs.MODE }}" == 'prod' ]; then
echo "COMPILE_SCRIPT=${{ inputs.COMPILE_SCRIPT_PROD }}" >> $GITHUB_ENV
elif [ ${{ contains(github.ref, 'refs/tags/') }} ]; then
echo "COMPILE_SCRIPT=${{ inputs.COMPILE_SCRIPT_PROD }}" >> $GITHUB_ENV
else
echo "COMPILE_SCRIPT=${{ inputs.COMPILE_SCRIPT_DEV }}" >> $GITHUB_ENV
fi
- name: Set branch environment variables
if: ${{ github.ref_type == 'branch' }}
run: |
echo "BUILT_BRANCH_NAME=${{ inputs.BUILT_BRANCH_NAME && inputs.BUILT_BRANCH_NAME || github.ref_name }}" >> $GITHUB_ENV
- name: Set tag environment variables
if: ${{ github.ref_type == 'tag' }}
run: |
echo "TAG_NAME=$(echo ${GITHUB_REF#refs/*/})" >> $GITHUB_ENV
echo "RELEASE_BRANCH_ENABLED=${{ (needs.checks.outputs.is_development_branch_last_commit == 'yes' && inputs.RELEASE_BRANCH_NAME != '') && 'yes' || 'no' }}" >> $GITHUB_ENV
- name: Checkout and merge the built branch
if: ${{ github.ref_type == 'branch' }}
run: |
git show-ref -q refs/remotes/origin/${{ env.BUILT_BRANCH_NAME }} && git checkout ${{ env.BUILT_BRANCH_NAME }} || git checkout -b ${{ env.BUILT_BRANCH_NAME }}
git merge ${{ github.ref_name }}
- name: Git pull on re-run
if: ${{ (github.run_attempt > 1) && (github.ref_type != 'tag') }}
run: git show-ref -q refs/remotes/origin/$(git branch --show-current) && git pull || true
- name: Checkout and merge the release branch
if: ${{ github.ref_type == 'tag' && env.RELEASE_BRANCH_ENABLED == 'yes' }}
run: |
git checkout ${{ github.event.repository.default_branch }}
git show-ref -q refs/remotes/origin/${{ inputs.RELEASE_BRANCH_NAME }} && git checkout ${{ inputs.RELEASE_BRANCH_NAME }} || git checkout -b ${{ inputs.RELEASE_BRANCH_NAME }}
git merge ${{ github.event.repository.default_branch }}
- name: Checkout temporary tag branch
if: ${{ github.ref_type == 'tag' && env.RELEASE_BRANCH_ENABLED == 'no' }}
run: |
git checkout -b bot/compiled-assets/${{ github.sha }}
echo "TAG_BRANCH_NAME=bot/compiled-assets/${{ github.sha }}" >> $GITHUB_ENV
- name: Prepare directories
run: |
mkdir -p ${{ inputs.ASSETS_TARGET_PATHS }}
- name: Set up node cache mode
run: |
if [ "${{ inputs.PACKAGE_MANAGER }}" == 'npm' ] && { [ -f "${GITHUB_WORKSPACE}/package-lock.json" ] || [ -f "${GITHUB_WORKSPACE}/npm-shrinkwrap.json" ]; }; then
echo "NODE_CACHE_MODE=npm" >> $GITHUB_ENV
elif [ "${{ inputs.PACKAGE_MANAGER }}" == 'yarn' ] && [ -f "${GITHUB_WORKSPACE}/yarn.lock" ]; then
echo "NODE_CACHE_MODE=yarn" >> $GITHUB_ENV
else
echo "No lock files found or unknown package manager"
fi
- name: Set up node
uses: actions/setup-node@v4
with:
node-version: ${{ inputs.NODE_VERSION }}
registry-url: ${{ inputs.NPM_REGISTRY_DOMAIN }}
cache: ${{ env.NODE_CACHE_MODE }}
- name: Set up PHP
if: ${{ inputs.PHP_TOOLS }}
uses: shivammathur/setup-php@v2
with:
php-version: ${{ inputs.PHP_VERSION }}
tools: ${{ inputs.PHP_TOOLS }}
coverage: none
- name: Install dependencies
env:
ARGS: ${{ env.NODE_CACHE_MODE == 'yarn' && '--frozen-lockfile' || env.NODE_CACHE_MODE == 'npm' && 'ci' || 'install' }}
run: ${{ format('{0} {1}', inputs.PACKAGE_MANAGER, env.ARGS) }}
- name: Compile assets
run: ${{ inputs.PACKAGE_MANAGER == 'yarn' && 'yarn' || 'npm run' }} ${{ env.COMPILE_SCRIPT }}
- name: Git add, commit
run: |
declare -a TARGET_DIRECTORY_PATHS_ARRAY=(${{ inputs.ASSETS_TARGET_PATHS }})
for path in "${TARGET_DIRECTORY_PATHS_ARRAY[@]}"; do git add -f "${path}/*"; done
declare -a TARGET_FILES_PATHS_ARRAY=(${{ inputs.ASSETS_TARGET_FILES }})
for path in "${TARGET_FILES_PATHS_ARRAY[@]}"; do [[ -f "$path" ]] && git add -f "${path}"; done
git add -A
git commit -m "[BOT] Add compiled assets for #${{ github.ref }}" --no-verify || ((echo "NO_CHANGES=yes" >> $GITHUB_ENV) && (echo "No changes to commit"))
- name: Git push for branch
if: ${{ github.ref_type == 'branch' }}
run: git push
- name: Git push for tag
if: ${{ github.ref_type == 'tag' && (env.NO_CHANGES != 'yes' || env.RELEASE_BRANCH_ENABLED == 'yes') }}
run: git push
- name: Move tag
if: ${{ github.ref_type == 'tag' && (env.NO_CHANGES != 'yes' || env.RELEASE_BRANCH_ENABLED == 'yes') }}
run: |
git tag -d ${{ env.TAG_NAME }}
git push origin :refs/tags/${{ env.TAG_NAME }}
git tag -a -m "[RELEASE] ${{ github.sha }} // Released by ${{ github.workflow }}" ${{ env.TAG_NAME }}
git push origin --tags
- name: Delete temporary tag branch
if: ${{ always() && env.TAG_BRANCH_NAME != '' && env.NO_CHANGES != 'yes' }}
run: |
git checkout --detach
git branch -d ${{ env.TAG_BRANCH_NAME }}
git push origin --delete ${{ env.TAG_BRANCH_NAME }}
- name: Delete signing key files
if: ${{ always() && env.GITHUB_USER_SSH_PUBLIC_KEY != '' }}
run: |
rm -f "${{ runner.temp }}/signingkey"
rm -f "${{ runner.temp }}/signingkey.pub"