diff --git a/.github/workflows/release-snapshot.yml b/.github/workflows/release-snapshot.yml new file mode 100644 index 000000000..aacbd989a --- /dev/null +++ b/.github/workflows/release-snapshot.yml @@ -0,0 +1,104 @@ +name: release snapshot to jfrog + +on: + push: + branches: + - main + workflow_dispatch: + +# Allow only one concurrent deployment, but do NOT cancel in-progress runs as +# we want to allow these release deployments to complete. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + +permissions: + contents: read + id-token: write # necessary for NPM provenance + +jobs: + publish-npm: + name: Snapshot Publish + runs-on: ubuntu-latest + + permissions: + id-token: write + + strategy: + matrix: + package: + [ + "agent", + "api", + "common", + "credentials", + "crypto", + "crypto-aws-kms", + "dids", + "identity-agent", + "proxy-agent", + "user-agent", + ] + + steps: + - name: Checkout source + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 + with: + fetch-depth: 0 + + # https://cashapp.github.io/hermit/usage/ci/ + - name: Init Hermit + uses: cashapp/activate-hermit@v1 + with: + cache: "true" + + - name: Install dependencies + run: pnpm install + + - name: Build all workspace packages + run: pnpm build + + - uses: jfrog/setup-jfrog-cli@v4 + with: + version: latest + oidc-provider-name: github # must match the OpenID Connect name from https://blockxyz.jfrog.io/ui/admin/configuration/integrations + env: + JF_URL: https://blockxyz.jfrog.io + + - name: Publish @web5/${{ matrix.package }}@${{ env.REPO_VERSION }} + env: + NODE_AUTH_TOKEN: ${{secrets.npm_token}} + run: | + set -exuo pipefail + + package_name="${{ matrix.package }}" + cd "packages/${package_name}" + + base_version=$(jq -r .version package.json) + + # I'm not seeing a great way to determine the commit of the last release of a given package, so I'm using a not-so-great way + version_line=$(grep -n "\"version\": \"${base_version}\"" package.json | cut -d: -f1) # determine which line in package.json specifies the version + version_bump_commit=$(git blame --porcelain -L "${version_line},${version_line}" -- package.json | head -n1 | awk '{ print $1 }') # ask git when the last commit to that line was + commits_since_version_bump=$(git rev-list ${version_bump_commit} --count -- .) # count the number of commits that changed this package since the version change commit + + + snapshot_version="${base_version}-SNAPSHOT.${commits_since_version_bump}" + + # check if that snapshot version has already been published + if curl -f --silent "https://blockxyz.jfrog.io/artifactory/api/storage/tbd-oss-snapshots-npm/@web5/${package_name}/-/@web5/${package_name}-${snapshot_version}.tgz" > /dev/null; then + echo "release for @web5/${package_name}-${snapshot_version} already exists, not re-publishing" + exit 0 + fi + + # set the snapshot version + jq --arg version "${snapshot_version}" '.version = $version' package.json > package-new.json + mv package-new.json package.json + + # set publishing config in package.json + jq '.publishConfig.registry = "https://blockxyz.jfrog.io/artifactory/api/npm/tbd-oss-snapshots-npm/"' package.json > package-new.json + mv package-new.json package.json + + # login to jfrog and publish + jf npm-config --global=true --repo-resolve=tbd-oss-snapshots-npm --repo-deploy=tbd-oss-snapshots-npm + jf npm publish --registry https://blockxyz.jfrog.io/artifactory/api/npm/tbd-oss-snapshots-npm/ + shell: bash