nocobase/.github/workflows/release.yml
YANG QIA 685f0764f1
chore: optimize pro image build ci (#5140)
* chore: optimize pro image build ci

* chore: update

* chore: update

* fix: branch
2024-08-27 06:46:25 +08:00

139 lines
5.5 KiB
YAML

name: Release
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
tags:
- 'v*'
jobs:
app-token:
uses: nocobase/nocobase/.github/workflows/get-nocobase-app-token.yml@main
secrets: inherit
publish-npm:
runs-on: ubuntu-latest
container: node:18
needs: app-token
steps:
- name: Decrypt app token
id: app-token
shell: bash
run: |
ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }};
BINARY_ENCRYPTED_SECRET=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode);
APP_TOKEN=$(echo -n "$BINARY_ENCRYPTED_SECRET" | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}");
echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT
- name: Checkout
uses: actions/checkout@v3
- name: Send curl request and parse response
env:
PKG_USERNAME: ${{ secrets.PKG_USERNAME }}
PKG_PASSWORD: ${{ secrets.PKG_PASSWORD }}
run: |
mkdir git-ci-cache
apt-get update && apt-get install -y jq
response1=$(curl -s 'https://pkg.nocobase.com/-/verdaccio/sec/login' \
-H 'content-type: application/json' \
--data-raw '{"username":"'$PKG_USERNAME'","password":"'$PKG_PASSWORD'"}')
token1=$(echo $response1 | jq -r '.token')
response2=$(curl -s 'https://pkg-src.nocobase.com/-/verdaccio/sec/login' \
-H 'content-type: application/json' \
--data-raw '{"username":"'$PKG_USERNAME'","password":"'$PKG_PASSWORD'"}')
token2=$(echo $response2 | jq -r '.token')
echo "PKG_NOCOBASE_TOKEN=$token1" >> $GITHUB_ENV
echo "PKG_SRC_NOCOBASE_TOKEN=$token2" >> $GITHUB_ENV
- name: yarn install and build
run: |
yarn config set registry https://registry.npmjs.org/
yarn install
yarn build
- name: publish npmjs.org
continue-on-error: true
run: |
git config --global user.email "test@mail.com"
git config --global user.name "test"
git config --global --add safe.directory /__w/nocobase/nocobase
echo "# test" >> Release.md
git add .
git commit -m "chore(versions): test publish packages xxx"
npm config set access public
npm config set registry https://registry.npmjs.org/
npm config set //registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}
yarn config set access public
yarn config set registry https://registry.npmjs.org/
yarn config set //registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}
npm whoami
yarn release:force --no-verify-access --no-git-reset --registry https://registry.npmjs.org/
- name: Checkout pro-plugins
uses: actions/checkout@v3
with:
repository: nocobase/pro-plugins
path: packages/pro-plugins
token: ${{ steps.app-token.outputs.token }}
- name: Clone pro repos
shell: bash
run: |
for repo in ${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ' ') }}
do
git clone -b main https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/nocobase/$repo.git packages/pro-plugins/@nocobase/$repo
done
- name: Build Pro plugins
continue-on-error: true
run: |
yarn config set registry https://registry.npmjs.org/
yarn install
yarn build packages/pro-plugins
- name: publish pkg.nocobase.com
run: |
git reset --hard
npm config set //pkg.nocobase.com/:_authToken=${{ env.PKG_NOCOBASE_TOKEN }}
yarn release:force --no-verify-access --no-git-reset --registry https://pkg.nocobase.com
- name: publish pkg-src.nocobase.com
run: |
git reset --hard
bash generate-npmignore.sh ignore-src
npm config set //pkg-src.nocobase.com/:_authToken=${{ env.PKG_SRC_NOCOBASE_TOKEN }}
yarn release:force --no-verify-access --no-git-reset --registry https://pkg-src.nocobase.com
push-docker:
runs-on: ubuntu-latest
needs: publish-npm
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: |
nocobase/nocobase
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to Aliyun Container Registry (Public)
uses: docker/login-action@v2
with:
registry: ${{ secrets.ALI_DOCKER_PUBLIC_REGISTRY }}
username: ${{ secrets.ALI_DOCKER_USERNAME }}
password: ${{ secrets.ALI_DOCKER_PASSWORD }}
- name: Build and push
uses: docker/build-push-action@v3
with:
context: ./docker/nocobase
platforms: linux/amd64,linux/arm64
push: true
tags: nocobase/nocobase:latest,${{ steps.meta.outputs.tags }},${{ secrets.ALI_DOCKER_PUBLIC_REGISTRY }}/nocobase/nocobase:latest,${{ secrets.ALI_DOCKER_PUBLIC_REGISTRY }}/${{ steps.meta.outputs.tags }}