FR-16888 - Secure Token Exchange via Middleware #325
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish to NPM | |
| on: | |
| # When Release Pull Request is merged | |
| pull_request: | |
| branches: | |
| - master | |
| types: [closed] | |
| env: | |
| CI: true | |
| jobs: | |
| publish: | |
| name: Publish | |
| if: "contains(join(github.event.pull_request.labels.*.name, ','), 'Release') && github.event.pull_request.merged == true" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: "0" | |
| - name: Read .nvmrc | |
| run: echo "NODE_VERSION=$(cat .nvmrc)" >> $GITHUB_OUTPUT | |
| id: nvm | |
| - name: Use Node.js ${{ steps.nvm.outputs.NODE_VERSION }} | |
| uses: actions/setup-node@v2 | |
| with: | |
| node-version: ${{ steps.nvm.outputs.NODE_VERSION }} | |
| - name: Git Identity | |
| run: | | |
| git config --global user.name 'github-actions[bot]' | |
| git config --global user.email 'github-actions[bot]@users.noreply.github.com' | |
| git remote set-url origin https://x-access-token:${GITHUB_TOKEN}@github.com/$GITHUB_REPOSITORY | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install Dependencies and Build Packages | |
| run: | | |
| yarn install | |
| yarn build | |
| - name: Set Current Version | |
| id: set_current_version | |
| if: startsWith(github.event.pull_request.title, 'v') | |
| shell: bash -ex {0} | |
| run: | | |
| CURRENT_VERSION=$(node -p 'require("./lerna.json").version') | |
| echo "CURRENT_VERSION=${CURRENT_VERSION}" >> $GITHUB_OUTPUT | |
| - name: Tag Check | |
| id: tag_check | |
| shell: bash -ex {0} | |
| run: | | |
| GET_API_URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/git/ref/tags/v${{ steps.set_current_version.outputs.CURRENT_VERSION }}" | |
| http_status_code=$(curl -LI $GET_API_URL -o /dev/null -w '%{http_code}\n' -s \ | |
| -H "Authorization: token ${GITHUB_TOKEN}") | |
| if [ "$http_status_code" -ne "404" ] ; then | |
| echo "exists_tag=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "exists_tag=false" >> $GITHUB_OUTPUT | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create Git Tag | |
| if: steps.tag_check.outputs.exists_tag == 'false' | |
| uses: azu/action-package-version-to-git-tag@v1 | |
| with: | |
| version: ${{ steps.set_current_version.outputs.CURRENT_VERSION }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| github_repo: ${{ github.repository }} | |
| git_commit_sha: ${{ github.sha }} | |
| git_tag_prefix: 'v' | |
| - name: Create Release | |
| id: create_release | |
| if: steps.tag_check.outputs.exists_tag == 'false' | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: v${{ steps.set_current_version.outputs.CURRENT_VERSION }} | |
| release_name: ${{ github.event.pull_request.title }} | |
| body: | | |
| ${{ github.event.pull_request.body }} | |
| draft: false | |
| prerelease: false | |
| - name: Authenticate with Registry | |
| run: | | |
| yarn logout | |
| echo "init-author-name=Frontegg LTD" > .npmrc | |
| echo "[email protected]" >> .npmrc | |
| echo "init-author-url=https://frontegg.com" >> .npmrc | |
| echo "init-license=MIT" >> .npmrc | |
| echo "always-auth=true" >> .npmrc | |
| echo "registry=https://registry.npmjs.org" >> .npmrc | |
| echo "_authToken=$NPM_TOKEN" >> .npmrc | |
| echo "@frontegg:registry=https://registry.npmjs.org" >> .npmrc | |
| echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> .npmrc | |
| npm whoami | |
| env: | |
| NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} | |
| - name: Publish | |
| run: | | |
| cp "./.npmrc" "./dist/@frontegg/nextjs/.npmrc" | |
| cp "./.npmignore" "./dist/@frontegg/nextjs/.npmignore" | |
| cd "./dist/@frontegg/nextjs" && npm publish --tag latest | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} | |
| - name: Notify Slack on deployment | |
| uses: rtCamp/action-slack-notify@v2 | |
| env: | |
| SLACK_CHANNEL: Production | |
| SLACK_COLOR: ${{ job.status }} | |
| SLACK_ICON: https://avatars.githubusercontent.com/u/67857107?s=40&v=4 | |
| SLACK_MESSAGE: '${{ github.actor }} has deployed ${{ inputs.repository_name }} version: ${{ steps.set_current_version.outputs.CURRENT_VERSION }} :rocket:' | |
| SLACK_TITLE: '${{ inputs.repository_name }} version: ${{ steps.set_current_version.outputs.CURRENT_VERSION }} has been successfully published' | |
| SLACK_USERNAME: ${{ github.actor }} | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_PRODUCTION_TOKEN }} | |
| MSG_MINIMAL: Commit,actions url | |
| - uses: actions/[email protected] | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| script: | | |
| github.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: 'https://github.com/${{ github.repository }}/releases/tag/v${{ steps.set_current_version.outputs.CURRENT_VERSION }} is released 🎉' | |
| }) |