name: Release concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true on: push: tags: - 'v*' jobs: app-token: uses: nocobase/nocobase/.github/workflows/get-nocobase-app-token.yml@main secrets: inherit publish-npm: runs-on: ubuntu-latest container: node:18 needs: app-token steps: - name: Decrypt app token id: app-token shell: bash run: | ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }}; APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}"); echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT - name: Checkout uses: actions/checkout@v3 - name: Send curl request and parse response env: PKG_USERNAME: ${{ secrets.PKG_USERNAME }} PKG_PASSWORD: ${{ secrets.PKG_PASSWORD }} run: | mkdir git-ci-cache apt-get update && apt-get install -y jq response1=$(curl -s 'https://pkg.nocobase.com/-/verdaccio/sec/login' \ -H 'content-type: application/json' \ --data-raw '{"username":"'$PKG_USERNAME'","password":"'$PKG_PASSWORD'"}') token1=$(echo $response1 | jq -r '.token') response2=$(curl -s 'https://pkg-src.nocobase.com/-/verdaccio/sec/login' \ -H 'content-type: application/json' \ --data-raw '{"username":"'$PKG_USERNAME'","password":"'$PKG_PASSWORD'"}') token2=$(echo $response2 | jq -r '.token') echo "PKG_NOCOBASE_TOKEN=$token1" >> $GITHUB_ENV echo "PKG_SRC_NOCOBASE_TOKEN=$token2" >> $GITHUB_ENV - name: yarn install and build run: | yarn config set registry https://registry.npmjs.org/ yarn install yarn build - name: publish npmjs.org continue-on-error: true run: | git config --global user.email "test@mail.com" git config --global user.name "test" git config --global --add safe.directory /__w/nocobase/nocobase echo "# test" >> Release.md git add . git commit -m "chore(versions): test publish packages xxx" npm config set access public npm config set registry https://registry.npmjs.org/ npm config set //registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }} yarn config set access public yarn config set registry https://registry.npmjs.org/ yarn config set //registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }} npm whoami yarn release:force --no-verify-access --no-git-reset --registry https://registry.npmjs.org/ - name: Checkout pro-plugins uses: actions/checkout@v3 with: repository: nocobase/pro-plugins path: packages/pro-plugins token: ${{ steps.app-token.outputs.token }} - name: Clone pro repos shell: bash run: | for repo in ${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ' ') }} do git clone -b main https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/nocobase/$repo.git packages/pro-plugins/@nocobase/$repo done - name: Build Pro plugins run: | yarn config set registry https://registry.npmjs.org/ yarn install yarn build packages/pro-plugins - name: publish pkg.nocobase.com run: | git reset --hard npm config set //pkg.nocobase.com/:_authToken=${{ env.PKG_NOCOBASE_TOKEN }} yarn release:force --no-verify-access --no-git-reset --registry https://pkg.nocobase.com - name: publish pkg-src.nocobase.com run: | git reset --hard bash generate-npmignore.sh ignore-src npm config set //pkg-src.nocobase.com/:_authToken=${{ env.PKG_SRC_NOCOBASE_TOKEN }} yarn release:force --no-verify-access --no-git-reset --registry https://pkg-src.nocobase.com push-docker: runs-on: ubuntu-latest needs: publish-npm steps: - name: Checkout uses: actions/checkout@v3 - name: Set up QEMU uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - name: Docker meta id: meta uses: docker/metadata-action@v4 with: images: | nocobase/nocobase tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} - name: Login to Docker Hub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to Aliyun Container Registry (Public) uses: docker/login-action@v2 with: registry: ${{ secrets.ALI_DOCKER_PUBLIC_REGISTRY }} username: ${{ secrets.ALI_DOCKER_USERNAME }} password: ${{ secrets.ALI_DOCKER_PASSWORD }} - name: Build and push uses: docker/build-push-action@v3 with: context: ./docker/nocobase platforms: linux/amd64,linux/arm64 push: true tags: nocobase/nocobase:latest,${{ steps.meta.outputs.tags }},${{ secrets.ALI_DOCKER_PUBLIC_REGISTRY }}/nocobase/nocobase:latest,${{ secrets.ALI_DOCKER_PUBLIC_REGISTRY }}/${{ steps.meta.outputs.tags }}