Merge pull request #3 from docker/ci-publish

ci: fix publish workflow
2024-11-23 03:16:09 +08:00 · 2023-01-30 11:19:26 +01:00 · 2023-01-30 11:19:26 +01:00 · 5360816e7b
commit 5360816e7b
parent 581e356545 e39eef321f
5 changed files with 47 additions and 17 deletions
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -12,7 +12,13 @@ jobs:
      -
        name: Checkout
        uses: actions/checkout@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
      -
        name: Publish
-        run: |
-          PUBLISH_VERSION=${} make publish
+        uses: docker/bake-action@v2
+        with:
+          targets: publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}
--- a/14
+++ b/14
@ -1,14 +0,0 @@
-PUBLISH_VERSION ?=
-
-ifndef PUBLISH_VERSION
-$(error PUBLISH_VERSION is not set)
-endif
-
-.PHONY: all
-all:
-
-.PHONY: publish
-publish:
-	yarn install
-	yarn build
-	yarn publish --no-git-tag-version --new-version $(PUBLISH_VERSION)
--- a/dev.Dockerfile
+++ b/dev.Dockerfile
@ -69,3 +69,24 @@ RUN --mount=type=bind,target=.,rw \

 FROM scratch AS test-coverage
 COPY --from=test /tmp/coverage /
+
+FROM base AS publish
+ARG GITHUB_REF
+RUN --mount=type=bind,target=.,rw \
+    --mount=type=cache,target=/src/.yarn/cache \
+    --mount=type=cache,target=/src/node_modules \
+    --mount=type=secret,id=NODE_AUTH_TOKEN <<EOT
+  set -e
+  if ! [[ $GITHUB_REF =~ ^refs/tags/v ]]; then
+    echo "GITHUB_REF is not a tag"
+    exit 1
+  fi
+  yarn install
+  yarn run build
+  npm config set //registry.npmjs.org/:_authToken $(cat /run/secrets/NODE_AUTH_TOKEN)
+  npm version --no-git-tag-version ${GITHUB_REF#refs/tags/v}
+  npm publish --access public
+
+  # FIXME: Can't publish with yarn berry atm: https://github.com/changesets/changesets/pull/674
+  #NODE_AUTH_TOKEN=$(cat /run/secrets/NODE_AUTH_TOKEN) yarn publish --no-git-tag-version --new-version ${GITHUB_REF#refs/tags/v}
+EOT
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -53,3 +53,19 @@ target "test-coverage" {
  output = ["./coverage"]
  secret = ["id=GITHUB_TOKEN,env=GITHUB_TOKEN"]
 }
+
+# GITHUB_REF is the actual ref that triggers the workflow and used as version
+# when a tag is pushed: https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
+variable "GITHUB_REF" {
+  default = ""
+}
+
+target "publish" {
+  dockerfile = "dev.Dockerfile"
+  args = {
+    GITHUB_REF = GITHUB_REF
+  }
+  target = "publish"
+  output = ["type=cacheonly"]
+  secret = ["id=NODE_AUTH_TOKEN,env=NODE_AUTH_TOKEN"]
+}
--- a/package.json
+++ b/package.json
@ -33,7 +33,8 @@
    "lib"
  ],
  "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
  },
  "dependencies": {
    "@actions/core": "^1.10.0",