nocobase/.github/workflows/release-next.yml
YANG QIA ce3d6ac233
fix(release): decrypt token error occasionally (#5143)
* fix(release): decrypt token error occasionally

* chore: update
2024-08-27 19:50:01 +08:00

126 lines
5.1 KiB
YAML

name: Release Next
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
jobs:
app-token:
uses: nocobase/nocobase/.github/workflows/get-nocobase-app-token.yml@main
secrets: inherit
publish-npm:
runs-on: ubuntu-latest
container: node:18
needs: app-token
steps:
- name: Decrypt app token
id: app-token
shell: bash
run: |
ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }};
APP_TOKEN=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}");
echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT
- name: Checkout
uses: actions/checkout@v4
with:
ref: next
- name: Send curl request and parse response
env:
PKG_USERNAME: ${{ secrets.PKG_USERNAME }}
PKG_PASSWORD: ${{ secrets.PKG_PASSWORD }}
run: |
mkdir git-ci-cache
apt-get update && apt-get install -y jq gh
response1=$(curl -s 'https://pkg.nocobase.com/-/verdaccio/sec/login' \
-H 'content-type: application/json' \
--data-raw '{"username":"'$PKG_USERNAME'","password":"'$PKG_PASSWORD'"}')
token1=$(echo $response1 | jq -r '.token')
response2=$(curl -s 'https://pkg-src.nocobase.com/-/verdaccio/sec/login' \
-H 'content-type: application/json' \
--data-raw '{"username":"'$PKG_USERNAME'","password":"'$PKG_PASSWORD'"}')
token2=$(echo $response2 | jq -r '.token')
echo "PKG_NOCOBASE_TOKEN=$token1" >> $GITHUB_ENV
echo "PKG_SRC_NOCOBASE_TOKEN=$token2" >> $GITHUB_ENV
- name: restore cache
id: cache
uses: actions/cache@v3
with:
path: ./git-ci-cache
key: new-next-version-${{ github.run_id }}
- name: Set NEWVERSION variable
id: set_version
run: |
cd ./git-ci-cache
if [ -f newversion.txt ]; then
NEWVERSION=$(cat newversion.txt)
else
NEWVERSION=$(cat ../lerna.json | jq -r '.version').$(date +'%Y%m%d%H%M%S')
echo "$NEWVERSION" > newversion.txt
fi
echo "NEWVERSION=$NEWVERSION" >> $GITHUB_ENV
- name: Print NEWVERSION
run: echo "The new version is ${{ env.NEWVERSION }}"
- name: Save NEWVERSION to cache
run: echo "NEWVERSION=$NEWVERSION" >> ./git-ci-cache/newversion.txt
- name: save cache
id: save-cache
uses: actions/cache/save@v3
if: steps.cache.outputs.cache-hit != 'true'
with:
path: ./git-ci-cache
key: new-next-version-${{ github.run_id }}
- name: publish npmjs.org
continue-on-error: true
run: |
git config --global user.email "test@mail.com"
git config --global user.name "test"
git config --global --add safe.directory /__w/nocobase/nocobase
npm config set access public
npm config set registry https://registry.npmjs.org/
npm config set //registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}
yarn config set access public
yarn config set registry https://registry.npmjs.org/
yarn config set //registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}
yarn install
yarn lerna version ${{ env.NEWVERSION }} -y --no-git-tag-version
yarn build
echo "# test" >> Release.md
git add .
git commit -m "chore(versions): test publish packages xxx"
cat lerna.json
yarn release:force --no-verify-access --no-git-reset --registry https://registry.npmjs.org/ --dist-tag=next
- name: Checkout pro-plugins
uses: actions/checkout@v3
with:
repository: nocobase/pro-plugins
path: packages/pro-plugins
ref: next
token: ${{ steps.app-token.outputs.token }}
- name: Clone pro repos
shell: bash
run: |
for repo in ${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ' ') }}
do
git clone -b next https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/nocobase/$repo.git packages/pro-plugins/@nocobase/$repo
done
- name: Build Pro plugins
run: |
yarn config set registry https://registry.npmjs.org/
yarn install
yarn lerna version ${{ env.NEWVERSION }} -y --no-git-tag-version
yarn build packages/pro-plugins
- name: publish pkg.nocobase.com
run: |
git reset --hard
npm config set //pkg.nocobase.com/:_authToken=${{ env.PKG_NOCOBASE_TOKEN }}
yarn release:force --no-verify-access --no-git-reset --registry https://pkg.nocobase.com --dist-tag=next
- name: publish pkg-src.nocobase.com
run: |
git reset --hard
bash generate-npmignore.sh ignore-src
npm config set //pkg-src.nocobase.com/:_authToken=${{ env.PKG_SRC_NOCOBASE_TOKEN }}
yarn release:force --no-verify-access --no-git-reset --registry https://pkg-src.nocobase.com --dist-tag=next