TA-4767: Fix API token and team URL selection on commands (#296) #50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build / Publish Workflow | |
| on: | |
| push: | |
| branches: | |
| - 'master' | |
| - 'release/*' | |
| paths-ignore: | |
| - '.github/**' | |
| permissions: | |
| id-token: write | |
| contents: write | |
| packages: write | |
| jobs: | |
| detect-bump: | |
| name: Detect Version Bump | |
| runs-on: ubuntu-latest | |
| outputs: | |
| is_bump: ${{ steps.check.outputs.is_bump }} | |
| commit_sha: ${{ steps.sha.outputs.sha }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 2 | |
| - id: sha | |
| run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| - id: check | |
| run: | | |
| last_commit_message=$(git log -1 --pretty=%B) | |
| echo "Last commit message: $last_commit_message" | |
| if [[ $last_commit_message =~ \[Release\]\ Bump\ version ]]; then | |
| echo "is_bump=true" >> $GITHUB_OUTPUT | |
| echo "Bump commit detected." | |
| else | |
| echo "is_bump=false" >> $GITHUB_OUTPUT | |
| echo "No bump commit detected." | |
| fi | |
| build-only: | |
| name: Build (no publish) | |
| runs-on: ubuntu-latest | |
| needs: detect-bump | |
| if: needs.detect-bump.outputs.is_bump != 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Build and Test | |
| uses: ./.github/action/build | |
| - name: Done | |
| run: echo "Regular commit detected — build and test completed." | |
| create-release-branch-and-publish: | |
| name: Create release branch (CalVer) and Publish | |
| runs-on: ubuntu-latest | |
| needs: detect-bump | |
| if: needs.detect-bump.outputs.is_bump == 'true' && github.ref == 'refs/heads/master' | |
| permissions: | |
| id-token: write | |
| contents: write | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Compute unique CalVer release branch name | |
| id: calver | |
| run: | | |
| base_name=$(date +"%Y%m%d-%H%M%S") | |
| git fetch origin "+refs/heads/release/*:refs/remotes/origin/release/*" || true | |
| rc_index=0 | |
| candidate="${base_name}_RC$(printf '%02d' $rc_index)" | |
| while git branch -r | grep -q "origin/release/${candidate}"; do | |
| rc_index=$((rc_index + 1)) | |
| candidate="${base_name}_RC$(printf '%02d' $rc_index)" | |
| done | |
| release_branch="release/${candidate}" | |
| echo "release_branch=${release_branch}" >> $GITHUB_OUTPUT | |
| echo "Selected release branch: ${release_branch}" | |
| - name: Create and push release branch from current master commit | |
| env: | |
| GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| branch="${{ steps.calver.outputs.release_branch }}" | |
| git checkout -b "$branch" | |
| git push https://x-access-token:${GIT_TOKEN}@github.com/${{ github.repository }} "HEAD:refs/heads/${branch}" | |
| - name: Build and Test | |
| uses: ./.github/action/build | |
| - name: Prepare dist | |
| run: | | |
| cp README.md dist/README.md | |
| cp LICENSE dist/LICENSE | |
| - name: Publish to GitHub Registry | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: cd dist/ && npm publish | |
| - name: Setup Node for NPM Registry | |
| uses: actions/setup-node@v1 | |
| with: | |
| node-version: '20' | |
| registry-url: https://registry.npmjs.org/ | |
| scope: '@celonis' | |
| - name: Upgrade npm to support Trusted Publishing | |
| run: npm install -g [email protected] | |
| - name: Publish to NPM Registry | |
| run: | | |
| cd dist/ | |
| npm publish --access public | |
| - name: Tag release version | |
| id: tag | |
| env: | |
| GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| version=$(node -p "require('./package.json').version") | |
| tag="v${version}" | |
| echo "tag=${tag}" >> $GITHUB_OUTPUT | |
| git fetch origin --tags || true | |
| if ! git rev-parse "${tag}" >/dev/null 2>&1; then | |
| git tag "${tag}" | |
| git push https://x-access-token:${GIT_TOKEN}@github.com/${{ github.repository }} "${tag}" | |
| else | |
| echo "Tag ${tag} already exists, skipping creation" | |
| fi | |
| - name: Generate release notes | |
| uses: softprops/[email protected] | |
| with: | |
| tag_name: ${{ steps.tag.outputs.tag }} | |
| name: ${{ steps.tag.outputs.tag }} | |
| target_commitish: ${{ github.sha }} | |
| draft: false | |
| prerelease: false | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| generate_release_notes: true | |
| - name: Post-publish note | |
| run: echo "Release branch ${{ steps.calver.outputs.release_branch }} created, published, and tagged with version." |