From 0b5f9f56a448068306a35bb0490319854020db3f Mon Sep 17 00:00:00 2001 From: PanayotHristov Date: Thu, 21 Apr 2022 18:08:17 +0300 Subject: [PATCH 1/5] Testing ci workflow --- .github/workflows/ci.yml | 29 +++++++++++++++++++++++++++++ .gitignore | 1 + circle.yml => old.circle.yml | 0 3 files changed, 30 insertions(+) create mode 100644 .github/workflows/ci.yml rename circle.yml => old.circle.yml (100%) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..b01a5f0 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,29 @@ +name: CI + +on: pull_request + +jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Install node + uses: actions/setup-node@v2 + with: + version: '10' + + - name: Install yarn + run: npm install -g yarn + + - name: Install dependencies + run: yarn install + + - name: Run tests + run: yarn test:cover + + - name: Run coveralls + uses: coverallsapp/github-action@master + with: + github-token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.gitignore b/.gitignore index b9651a9..2f0ff97 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ coverage node_modules *.log +.idea diff --git a/circle.yml b/old.circle.yml similarity index 100% rename from circle.yml rename to old.circle.yml From 3576ab92a545f41bf064f843379d995b4163b43c Mon Sep 17 00:00:00 2001 From: PanayotHristov Date: Thu, 21 Apr 2022 18:37:30 +0300 Subject: [PATCH 2/5] Removed circle.ci config, added publishing workflow, moved common parts to action --- .github/.npmrc | 2 + .github/actions/setup-dependencies/action.yml | 33 +++++++++ .github/workflows/cd.yml | 70 +++++++++++++++++++ .github/workflows/ci.yml | 20 +----- old.circle.yml | 31 -------- 5 files changed, 108 insertions(+), 48 deletions(-) create mode 100644 .github/.npmrc create mode 100644 .github/actions/setup-dependencies/action.yml create mode 100644 .github/workflows/cd.yml delete mode 100644 old.circle.yml diff --git a/.github/.npmrc b/.github/.npmrc new file mode 100644 index 0000000..2980411 --- /dev/null +++ b/.github/.npmrc @@ -0,0 +1,2 @@ +save-exact=true +//registry.npmjs.org/:_authToken=${NPM_TOKEN} \ No newline at end of file diff --git a/.github/actions/setup-dependencies/action.yml b/.github/actions/setup-dependencies/action.yml new file mode 100644 index 0000000..36dd042 --- /dev/null +++ b/.github/actions/setup-dependencies/action.yml @@ -0,0 +1,33 @@ +name: Setup +description: 'Setup dependencies and run tests' + +inputs: + github_token: + description: 'Github token for coveralls' + required: true + +runs: + using: "composite" + steps: + - name: Setup node + uses: actions/setup-node@v2 + with: + node-version: '10' + registry-url: 'https://registry.npmjs.org' + + - name: Install yarn + shell: bash + run: npm install -g yarn + + - name: Install dependencies + shell: bash + run: yarn install + + - name: Run tests + shell: bash + run: yarn test:cover + + - name: Run coveralls + uses: coverallsapp/github-action@master + with: + github-token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml new file mode 100644 index 0000000..20d30e5 --- /dev/null +++ b/.github/workflows/cd.yml @@ -0,0 +1,70 @@ +name: Publish + +on: + push: + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + +jobs: + publish: + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Fetch npm token + id: secrets + uses: hashicorp/vault-action@v2.4.0 + with: + url: https://vault.jimdo-platform.net + method: github + githubToken: ${{ secrets.VAULT_ACTION_GITHUB_TOKEN }} + exportEnv: false + secrets: | + secret/creator/npm-publish-token NPM_TOKEN | NPM_PUBLISH_TOKEN; + + - name: Setup dependencies and run tests + uses: ./.github/actions/setup-dependencies + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get latest tag + id: latest_tag + uses: WyriHaximus/github-action-get-previous-tag@v1 + + - name: Publish + run: | + npm config set git-tag-version=false + npm version ${{ steps.latest_tag.outputs.tag }} + npm publish + env: + NPM_TOKEN: ${{ steps.secrets.outputs.NPM_PUBLISH_TOKEN }} + + slack-workflow-status: + name: Post workflow status to Slack + needs: + - publish + if: always() + runs-on: ubuntu-latest + steps: + - name: Determine if we need to notify + uses: Jimdo/should-i-notify-action@main + id: should_notify + with: + branch: master + needs_context: ${{ toJson(needs) }} + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Slack workflow notification + uses: Gamesight/slack-workflow-status@master + if: steps.should_notify.outputs.should_send_message == 'yes' + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} + channel: 'creator-deployments' + name: 'serverless-dotenv' \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b01a5f0..526f519 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,21 +9,7 @@ jobs: - name: Checkout code uses: actions/checkout@v2 - - name: Install node - uses: actions/setup-node@v2 + - name: Setup dependencies and run tests + uses: ./.github/actions/setup-dependencies with: - version: '10' - - - name: Install yarn - run: npm install -g yarn - - - name: Install dependencies - run: yarn install - - - name: Run tests - run: yarn test:cover - - - name: Run coveralls - uses: coverallsapp/github-action@master - with: - github-token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + github_token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/old.circle.yml b/old.circle.yml deleted file mode 100644 index 7d83aab..0000000 --- a/old.circle.yml +++ /dev/null @@ -1,31 +0,0 @@ -machine: - node: - version: 4.5.0 - environment: - PATH: "${PATH}:${HOME}/${CIRCLE_PROJECT_REPONAME}/node_modules/.bin" - -dependencies: - pre: - - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc - - override: - - yarn - - post: - - yarn global add dot-json - - cache_directories: - - ~/.cache/yarn - -test: - override: - - yarn test:cover - post: - - yarn coveralls - -deployment: - production: - tag: /v[0-9]+(\.[0-9]+)*$/ - commands: - - dot-json package.json version ${CIRCLE_TAG:1} - - npm publish From ee3878f9e42b7d6721ced260f72c329013f0d8b0 Mon Sep 17 00:00:00 2001 From: PanayotHristov Date: Thu, 21 Apr 2022 18:39:51 +0300 Subject: [PATCH 3/5] Fixing input usage for action --- .github/actions/setup-dependencies/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/setup-dependencies/action.yml b/.github/actions/setup-dependencies/action.yml index 36dd042..8729fe8 100644 --- a/.github/actions/setup-dependencies/action.yml +++ b/.github/actions/setup-dependencies/action.yml @@ -30,4 +30,4 @@ runs: - name: Run coveralls uses: coverallsapp/github-action@master with: - github-token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + github-token: ${{ inputs.github_token }} \ No newline at end of file From d66273e678e0ed773dcb49921e4d47b98008e3fa Mon Sep 17 00:00:00 2001 From: PanayotHristov Date: Wed, 27 Apr 2022 15:49:55 +0300 Subject: [PATCH 4/5] Debugging why secrets aren't being pulled properly during publish --- .github/workflows/cd.yml | 19 ++++++++++--------- .github/workflows/ci.yml | 5 ++++- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 20d30e5..bed416d 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -1,9 +1,10 @@ name: Publish -on: - push: - tags: - - 'v[0-9]+.[0-9]+.[0-9]+' +on: pull_request +#on: +# push: +# tags: +# - 'v[0-9]+.[0-9]+.[0-9]+' jobs: publish: @@ -17,6 +18,11 @@ jobs: with: fetch-depth: 0 + - name: Setup dependencies and run tests + uses: ./.github/actions/setup-dependencies + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + - name: Fetch npm token id: secrets uses: hashicorp/vault-action@v2.4.0 @@ -28,11 +34,6 @@ jobs: secrets: | secret/creator/npm-publish-token NPM_TOKEN | NPM_PUBLISH_TOKEN; - - name: Setup dependencies and run tests - uses: ./.github/actions/setup-dependencies - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - - name: Get latest tag id: latest_tag uses: WyriHaximus/github-action-get-previous-tag@v1 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 526f519..d871236 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,6 +1,9 @@ name: CI -on: pull_request +on: + push: + branches: + - master jobs: test: From 15e1154f0b88d726098227aa2499ccb84c87b681 Mon Sep 17 00:00:00 2001 From: PanayotHristov Date: Wed, 27 Apr 2022 16:30:36 +0300 Subject: [PATCH 5/5] Changing secret pull to jwt --- .github/workflows/cd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index bed416d..bd899cb 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -28,8 +28,8 @@ jobs: uses: hashicorp/vault-action@v2.4.0 with: url: https://vault.jimdo-platform.net - method: github - githubToken: ${{ secrets.VAULT_ACTION_GITHUB_TOKEN }} + method: jwt + role: github_jimdo exportEnv: false secrets: | secret/creator/npm-publish-token NPM_TOKEN | NPM_PUBLISH_TOKEN;