Merge pull request #70 from smartcontractkit/changeset-release/main #58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CD | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| jobs: | |
| # This job will either: | |
| # 1. Upsert a "version" pull request if there are changesets and publish a dev snapshot to NPM | |
| # 2. Publish an official version to NPM if there are no changesets | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| environment: production | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Assume role capable of getting token from gati | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_OIDC_FUNCTIONS_TOOLKIT_CI_CHANGESET_TOKEN_ISSUER_ROLE_ARN }} | |
| role-duration-seconds: '900' | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| mask-aws-account-id: true | |
| - name: Get github token from gati | |
| id: gati | |
| uses: smartcontractkit/chainlink-github-actions/github-app-token-issuer@fc3e0df622521019f50d772726d6bf8dc919dd38 # v2.3.19 | |
| with: | |
| url: ${{ secrets.LAMBDA_FUNCTIONS_URL }} | |
| - name: Checkout the repo | |
| uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
| with: | |
| # This sets up the local git config so that the changesets action | |
| # can commit changes to the repo on behalf of the GitHub Actions bot. | |
| token: ${{ steps.gati.outputs.access-token }} | |
| - name: Setup node | |
| uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
| with: | |
| cache: npm | |
| node-version: '18' | |
| # When registry-url is specified, a .npmrc file referencing NODE_AUTH_TOKEN | |
| # is created. This is needed for the changesets action to publish to NPM. | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Run npm ci | |
| run: npm install # npm install instead of npm ci is used to prevent unsupported platform errors due to the fsevents sub-dependency --no-optional | |
| - name: Setup project | |
| run: npm run build | |
| - name: Create Release Pull Request or Publish to NPM | |
| id: changesets | |
| uses: smartcontractkit/.github/actions/signed-commits@ff80d56f5301dc8a65f66c4d47d746ee956beed9 # [email protected] | |
| with: | |
| publish: npx changeset publish | |
| env: | |
| GITHUB_TOKEN: ${{ steps.gati.outputs.access-token }} | |
| # Action needs NPM_TOKEN https://github.com/changesets/action#with-publishing | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| # actions/setup-node creates an .npmrc file that references NODE_AUTH_TOKEN | |
| # https://github.com/actions/setup-node/blob/5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d/docs/advanced-usage.md?plain=1#L346 | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| # The step above only calls the publish script if | |
| # there are no changesets to publish. When there are no changesets | |
| # to publish, it means that "changesets version" was run, consuming | |
| # the changesets. | |
| # | |
| # If there are changesets to publish, then the publish script is not | |
| # called, and the changesets are not consumed. | |
| # This means that we're in a "snapshot" state, and we should publish | |
| # a snapshot version for previewing. | |
| - name: Publish dev snapshot | |
| if: steps.changesets.outputs.published != 'true' | |
| env: | |
| GITHUB_TOKEN: ${{ steps.gati.outputs.access-token }} | |
| # actions/setup-node creates an .npmrc file that references NODE_AUTH_TOKEN | |
| # https://github.com/actions/setup-node/blob/5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d/docs/advanced-usage.md?plain=1#L346 | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| run: | | |
| # We need to checkout main again because the changesets action | |
| # consumes the changesets via "changeset version", but we | |
| # want to do a snapshot versioning instead, hence checking out | |
| # main again. | |
| git checkout main | |
| npx changeset version --snapshot | |
| npx changeset publish --tag dev |