diff --git a/.github/workflows/build-pro-image.yml b/.github/workflows/build-pro-image.yml index 7e37364589..adf2ef8971 100644 --- a/.github/workflows/build-pro-image.yml +++ b/.github/workflows/build-pro-image.yml @@ -15,12 +15,8 @@ on: - '.github/workflows/build-pro-image.yml' jobs: - app-token: - if: github.event.pull_request.head.repo.fork != true - uses: nocobase/nocobase/.github/workflows/get-nocobase-app-token.yml@main - secrets: inherit build-and-push: - needs: app-token + if: github.event.pull_request.head.repo.fork != true runs-on: ubuntu-latest services: verdaccio: @@ -28,13 +24,13 @@ jobs: ports: - 4873:4873 steps: - - name: Decrypt app token + - uses: actions/create-github-app-token@v1 id: app-token - shell: bash - run: | - ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }}; - APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); - echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT + with: + app-id: ${{ vars.NOCOBASE_APP_ID }} + private-key: ${{ secrets.NOCOBASE_APP_PRIVATE_KEY }} + repositories: nocobase,pro-plugins,${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ',') }} + skip-token-revoke: true - name: Checkout uses: actions/checkout@v3 with: diff --git a/.github/workflows/changelog-and-release.yml b/.github/workflows/changelog-and-release.yml index 43b697e0bc..856ed7cae3 100644 --- a/.github/workflows/changelog-and-release.yml +++ b/.github/workflows/changelog-and-release.yml @@ -11,21 +11,21 @@ on: - 'v*-beta' jobs: - app-token: - uses: nocobase/nocobase/.github/workflows/get-nocobase-app-token.yml@main - secrets: inherit write-changelog-and-release: - needs: - - app-token runs-on: ubuntu-latest steps: - - name: Decrypt app token + - uses: actions/create-github-app-token@v1 id: app-token - shell: bash - run: | - ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }}; - APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); - echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT + with: + app-id: ${{ vars.NOCOBASE_APP_ID }} + private-key: ${{ secrets.NOCOBASE_APP_PRIVATE_KEY }} + repositories: nocobase,pro-plugins,${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ',') }} + skip-token-revoke: true + - name: Get GitHub App User ID + id: get-user-id + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} - name: Checkout uses: actions/checkout@v4 with: @@ -50,8 +50,8 @@ jobs: done - name: Set user run: | - git config --global user.name '${{ needs.app-token.outputs.app-slug }}[bot]' - git config --global user.email '${{ needs.app-token.outputs.user-id }}+${{ needs.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>' + git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]' + git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>' - name: Set Node.js 18 uses: actions/setup-node@v3 with: diff --git a/.github/workflows/manual-build-pro-image.yml b/.github/workflows/manual-build-pro-image.yml index 78c7fb98db..08ecea5040 100644 --- a/.github/workflows/manual-build-pro-image.yml +++ b/.github/workflows/manual-build-pro-image.yml @@ -16,12 +16,8 @@ on: required: true jobs: - app-token: - if: github.event.pull_request.head.repo.fork != true - uses: nocobase/nocobase/.github/workflows/get-nocobase-app-token.yml@main - secrets: inherit build-and-push: - needs: app-token + if: github.event.pull_request.head.repo.fork != true runs-on: ubuntu-latest services: verdaccio: @@ -29,13 +25,13 @@ jobs: ports: - 4873:4873 steps: - - name: Decrypt app token + - uses: actions/create-github-app-token@v1 id: app-token - shell: bash - run: | - ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }}; - APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); - echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT + with: + app-id: ${{ vars.NOCOBASE_APP_ID }} + private-key: ${{ secrets.NOCOBASE_APP_PRIVATE_KEY }} + repositories: nocobase,pro-plugins,${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ',') }} + skip-token-revoke: true - name: Checkout uses: actions/checkout@v3 with: diff --git a/.github/workflows/manual-release.yml b/.github/workflows/manual-release.yml index 2dee6668b1..fe0275f05c 100644 --- a/.github/workflows/manual-release.yml +++ b/.github/workflows/manual-release.yml @@ -12,12 +12,8 @@ on: type: boolean jobs: - app-token: - uses: nocobase/nocobase/.github/workflows/get-nocobase-app-token.yml@main - secrets: inherit pre-merge-main-into-next: runs-on: ubuntu-latest - needs: app-token strategy: matrix: repo: @@ -25,13 +21,18 @@ jobs: - 'pro-plugins' - ${{ fromJSON(vars.PRO_PLUGIN_REPOS) }} steps: - - name: Decrypt app token + - uses: actions/create-github-app-token@v1 id: app-token - shell: bash - run: | - ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }}; - APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); - echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT + with: + app-id: ${{ vars.NOCOBASE_APP_ID }} + private-key: ${{ secrets.NOCOBASE_APP_PRIVATE_KEY }} + repositories: nocobase,pro-plugins,${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ',') }} + skip-token-revoke: true + - name: Get GitHub App User ID + id: get-user-id + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} - name: Checkout uses: actions/checkout@v4 with: @@ -41,8 +42,8 @@ jobs: token: ${{ steps.app-token.outputs.token }} - name: main -> next (nocobase/${{ matrix.repo }}) run: | - git config --global user.name '${{ needs.app-token.outputs.app-slug }}[bot]' - git config --global user.email '${{ needs.app-token.outputs.user-id }}+${{ needs.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>' + git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]' + git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>' git checkout main git pull origin main git checkout next @@ -50,17 +51,21 @@ jobs: git push origin next --tags --atomic update-version: needs: - - app-token - pre-merge-main-into-next runs-on: ubuntu-latest steps: - - name: Decrypt app token + - uses: actions/create-github-app-token@v1 id: app-token - shell: bash - run: | - ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }}; - APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); - echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT + with: + app-id: ${{ vars.NOCOBASE_APP_ID }} + private-key: ${{ secrets.NOCOBASE_APP_PRIVATE_KEY }} + repositories: nocobase,pro-plugins,${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ',') }} + skip-token-revoke: true + - name: Get GitHub App User ID + id: get-user-id + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} - name: Checkout uses: actions/checkout@v4 with: @@ -101,8 +106,8 @@ jobs: echo "$(<.git/info/exclude )" cd ./../.. git checkout main - git config --global user.name '${{ needs.app-token.outputs.app-slug }}[bot]' - git config --global user.email '${{ needs.app-token.outputs.user-id }}+${{ needs.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>' + git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]' + git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>' echo "packages/pro-plugins" >> .git/info/exclude bash release.sh $IS_FEAT env: diff --git a/.github/workflows/release-next.yml b/.github/workflows/release-next.yml index 1963cc2df6..9d5b6c15cd 100644 --- a/.github/workflows/release-next.yml +++ b/.github/workflows/release-next.yml @@ -8,21 +8,22 @@ on: workflow_dispatch: jobs: - app-token: - uses: nocobase/nocobase/.github/workflows/get-nocobase-app-token.yml@main - secrets: inherit publish-npm: runs-on: ubuntu-latest container: node:18 - needs: app-token steps: - - name: Decrypt app token + - uses: actions/create-github-app-token@v1 id: app-token - shell: bash - run: | - ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }}; - APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); - echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT + with: + app-id: ${{ vars.NOCOBASE_APP_ID }} + private-key: ${{ secrets.NOCOBASE_APP_PRIVATE_KEY }} + repositories: nocobase,pro-plugins,${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ',') }} + skip-token-revoke: true + - name: Get GitHub App User ID + id: get-user-id + run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} - name: Checkout uses: actions/checkout@v4 with: @@ -75,8 +76,8 @@ jobs: - name: publish npmjs.org continue-on-error: true run: | - git config --global user.name '${{ needs.app-token.outputs.app-slug }}[bot]' - git config --global user.email '${{ needs.app-token.outputs.user-id }}+${{ needs.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>' + git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]' + git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>' git config --global --add safe.directory /__w/nocobase/nocobase npm config set access public npm config set registry https://registry.npmjs.org/ diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 75d6b0b746..c3b8b53711 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,21 +10,17 @@ on: - 'v*' jobs: - app-token: - uses: nocobase/nocobase/.github/workflows/get-nocobase-app-token.yml@main - secrets: inherit publish-npm: runs-on: ubuntu-latest container: node:18 - needs: app-token steps: - - name: Decrypt app token + - uses: actions/create-github-app-token@v1 id: app-token - shell: bash - run: | - ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }}; - APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); - echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT + with: + app-id: ${{ vars.NOCOBASE_APP_ID }} + private-key: ${{ secrets.NOCOBASE_APP_PRIVATE_KEY }} + repositories: nocobase,pro-plugins,${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ',') }} + skip-token-revoke: true - name: Checkout uses: actions/checkout@v3 - name: Send curl request and parse response diff --git a/scripts/release/changelogAndRelease.js b/scripts/release/changelogAndRelease.js index 2c56468594..684462ab3d 100644 --- a/scripts/release/changelogAndRelease.js +++ b/scripts/release/changelogAndRelease.js @@ -186,14 +186,12 @@ function arrangeChangelogs(changelogs) { async function collect() { let { from, to, ver = 'beta' } = program.opts(); if (!from || !to) { - // git describe --tags $(git rev-list --tags --max-count=2) --abbrev=0 + // git tag -l --sort=version:refname | grep "v*-ver" | tail -2 const tagPattern = `v*-${ver}`; - const { stdout: tags } = await execa( - 'git', - ['describe', '--tags', `$(git rev-list --tags=${tagPattern} --max-count=2)`, '--abbrev=0'], - { shell: true }, - ); - [from, to] = tags.split('\n').reverse(); + const { stdout: tags } = await execa(`git tag -l --sort=version:refname | grep "${tagPattern}" | tail -2`, { + shell: true, + }); + [from, to] = tags.split('\n'); } console.log(`From: ${from}, To: ${to}`); const changelogs = [];