Allow dev and release branches to overwrite their pre-release gems #32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main, develop, release/**] | |
| pull_request: | |
| branches: [main, develop] | |
| permissions: | |
| actions: write | |
| contents: read | |
| id-token: write | |
| packages: write | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| ruby-version: ["2.7", "3.0", "3.1", "3.2", "3.3"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Ruby ${{ matrix.ruby-version }} | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: ${{ matrix.ruby-version }} | |
| bundler-cache: true | |
| - name: Run tests with coverage | |
| run: bundle exec rspec | |
| - name: Upload coverage to Qlty | |
| if: matrix.ruby-version == '3.3' | |
| uses: qltysh/qlty-action/coverage@v1 | |
| continue-on-error: true | |
| env: | |
| QLTY_COVERAGE_TOKEN: ${{ secrets.QLTY_COVERAGE_TOKEN }} | |
| with: | |
| oidc: true | |
| files: coverage/coverage.json | |
| - name: Run Qlty code quality checks | |
| if: matrix.ruby-version == '3.3' | |
| run: | | |
| curl -sSfL https://qlty.sh | sh | |
| echo "$HOME/.qlty/bin" >> $GITHUB_PATH | |
| ~/.qlty/bin/qlty check || true | |
| continue-on-error: true | |
| - name: Run RuboCop (Ruby 3.3 only) | |
| if: matrix.ruby-version == '3.3' | |
| run: bundle exec rubocop || true | |
| continue-on-error: true | |
| security: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: "3.3" | |
| bundler-cache: true | |
| - name: Run bundle audit | |
| run: | | |
| gem install bundler-audit | |
| bundle audit --update || true | |
| continue-on-error: true | |
| publish: | |
| runs-on: ubuntu-latest | |
| needs: [test, security] | |
| if: github.event_name == 'push' && (github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/release/')) | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: "3.3" | |
| bundler-cache: true | |
| - name: Modify version for develop branch | |
| if: github.ref == 'refs/heads/develop' | |
| run: | | |
| SHORT_SHA=$(git rev-parse --short HEAD) | |
| sed -i "s/VERSION = '\([^']*\)'/VERSION = '\1.dev.${SHORT_SHA}'/" lib/sudo/constants.rb | |
| - name: Modify version for release branch | |
| if: startsWith(github.ref, 'refs/heads/release/') | |
| run: | | |
| SHORT_SHA=$(git rev-parse --short HEAD) | |
| sed -i "s/VERSION = '\([^']*\)'/VERSION = '\1.rc.${SHORT_SHA}'/" lib/sudo/constants.rb | |
| - name: Build gem | |
| run: gem build sudo.gemspec | |
| - name: Publish to GitHub Packages | |
| run: | | |
| mkdir -p ~/.gem | |
| cat << EOF > ~/.gem/credentials | |
| --- | |
| :github: Bearer ${{ secrets.GITHUB_TOKEN }} | |
| EOF | |
| chmod 600 ~/.gem/credentials | |
| # Temporarily remove allowed_push_host restriction for GitHub Packages | |
| sed -i "s/spec.metadata\['allowed_push_host'\].*$//" sudo.gemspec | |
| gem build sudo.gemspec | |
| # For pre-release versions (.dev and .rc), yank existing version first to allow overwrites | |
| if [[ "${{ github.ref }}" == "refs/heads/develop" ]] || [[ "${{ github.ref }}" == refs/heads/release/* ]]; then | |
| # Extract version from gem file | |
| GEM_VERSION=$(ls *.gem | sed 's/sudo-\(.*\)\.gem/\1/') | |
| # Try to yank existing version (ignore errors if it doesn't exist) | |
| gem yank --key github --host https://rubygems.pkg.github.com/TwilightCoders sudo --version $GEM_VERSION || true | |
| fi | |
| gem push --key github --host https://rubygems.pkg.github.com/TwilightCoders *.gem |