Skip to content

[Chore] Fix Security Alerts (#695) #497

[Chore] Fix Security Alerts (#695)

[Chore] Fix Security Alerts (#695) #497

Workflow file for this run

name: Release
on:
push:
branches:
- master
jobs:
release:
runs-on: ubuntu-latest
steps:
# Get GitHub token via the CT Changesets App
- name: Generate GitHub token (via CT Changesets App)
id: generate_github_token
uses: tibdex/[email protected]
with:
app_id: ${{ secrets.CT_CHANGESETS_APP_ID }}
private_key: ${{ secrets.CT_CHANGESETS_APP_PEM }}
- name: Get App user
id: get_app_user
env:
GITHUB_TOKEN: ${{ steps.generate_github_token.outputs.token }}
run: |
export GH_APP_USER=`gh api /users/ct-changesets%5Bbot%5D | jq .id`
echo "email=${GH_APP_USER}+ct-changesets[bot]@users.noreply.github.com" >> "$GITHUB_OUTPUT"
- name: Checkout
uses: actions/checkout@v4
with:
# Pass a personal access token (using our CT Changesets App) to be able to trigger other workflows
# https://help.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token
# https://github.community/t/action-does-not-trigger-another-on-push-tag-action/17148/8
token: ${{ steps.generate_github_token.outputs.token }}
- name: Read .nvmrc
run: echo ::set-output name=NVMRC::$(cat .nvmrc)
id: nvm
- name: Setup Node (uses version in .nvmrc)
uses: actions/setup-node@v4
with:
node-version: '${{ steps.nvm.outputs.NVMRC }}'
- name: Get yarn cache
id: yarn-cache
run: echo "::set-output name=dir::$(yarn cache dir)"
- uses: actions/cache@v4
with:
path: ${{ steps.yarn-cache.outputs.dir }}
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Creating .npmrc
run: |
cat << EOF > "$HOME/.npmrc"
[email protected]
//registry.npmjs.org/:_authToken=$NPM_TOKEN
EOF
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Building packages
run: yarn build
- name: Create Release Pull Request or Publish to npm
id: changesets
uses: changesets/action@master
with:
publish: yarn changeset publish
version: yarn changeset:version-and-format
commit: 'ci(changesets): version packages'
env:
GITHUB_TOKEN: ${{ steps.generate_github_token.outputs.token }}
- name: Convert markdown to slack markdown
uses: LoveToKnow/[email protected]
id: markdown
with:
text: |
A new version of [ts-sdk](https://github.com/commercetools/commercetools-sdk-typescript) was published to npm :rocket:
- name: Slack Notification
if: steps.changesets.outputs.published == 'true'
uses: rtCamp/action-slack-notify@v2
env:
SLACK_CHANNEL: devtooling-automation
SLACK_COLOR: ${{ job.status }}
MSG_MINIMAL: actions url,commit
SLACK_TITLE: Typescript SDK Release ✨
SLACK_MESSAGE: ${{steps.markdown.outputs.text}}
SLACK_USERNAME: rtBot
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
- name: "Switch SDK to after release branch"
if: steps.changesets.outputs.published == 'true'
run: |
git fetch --depth=1 origin after-release || true
git checkout -B after-release origin/after-release || true
git checkout -B after-release
git log -1
- name: "remove API reference commit SHA"
if: steps.changesets.outputs.published == 'true'
run: rm -rf reference.txt
continue-on-error: true
- uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1
if: steps.changesets.outputs.published == 'true'
with:
branch: after-release
file_pattern: 'reference.txt'
commit_message: "chore: updating API ref SHA"
commit_author: ct-changesets[bot] <${{ steps.get_app_user.outputs.email }}>
commit_user_name: ct-changesets[bot]
commit_user_email: ${{ steps.get_app_user.outputs.email }}