From 92eaf1fb4d41cae486e993080bf88e5aa65771ed Mon Sep 17 00:00:00 2001
From: Frank Hinek <frankhinek@users.noreply.github.com>
Date: Tue, 23 May 2023 02:18:19 -0400
Subject: [PATCH] Improve NPM publish GH Action to only publish when repo
 version is latest

Signed-off-by: Frank Hinek <frankhinek@users.noreply.github.com>
---
 .github/workflows/release-npm.yml | 65 ++++++++++++++++++++++++++-----
 1 file changed, 56 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/release-npm.yml b/.github/workflows/release-npm.yml
index caeec0ac8..70d67c44f 100644
--- a/.github/workflows/release-npm.yml
+++ b/.github/workflows/release-npm.yml
@@ -12,9 +12,21 @@ permissions:
 
 jobs:
   publish-npm:
-    name: Release NPM Package
+    name: NPM Publish
     runs-on: ubuntu-latest
 
+    strategy:
+      matrix:
+        package:
+          [
+            "crypto",
+            "dids",
+            "web5",
+            "web5-agent",
+            "web5-proxy-agent",
+            "web5-user-agent",
+          ]
+
     steps:
       - name: Checkout source
         uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
@@ -28,19 +40,54 @@ jobs:
       - name: Install latest npm
         run: npm install -g npm@latest
 
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Build all workspace packages
-        run: npm run build
+      - name: Install semver utility
+        run: npm install -g semver@7.5.1
 
       # Note - this is not required but it gives a clean failure prior to attempting a release if the GH workflow runner is not authenticated with NPMjs.com
-      - name: Display the npm username of the currently logged-in user
+      - name: Verify NPM token is authenticated with NPMjs.com
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.npm_token}}
         run: npm whoami
+
+      - name: Check if GitHub repo package version is latest
         env:
           NODE_AUTH_TOKEN: ${{secrets.npm_token}}
+        run: |
+          cd packages/${{ matrix.package }}
+
+          # Fetch the published version on NPMjs.com.
+          PUBLISHED_VERSION=$(npm view @tbd54566975/${{ matrix.package }} version)
+          echo "Published Version: $PUBLISHED_VERSION"
+
+          # Fetch the version in the GitHub repo's package.json file.
+          REPO_VERSION=$(node -p "require('./package.json').version")
+          echo "REPO_VERSION=$REPO_VERSION" >> $GITHUB_ENV
+          echo "Repo Version: $REPO_VERSION"
+
+          # Compare the repo and NPMjs.com package versions.
+          IS_GREATER=$(semver --range ">$PUBLISHED_VERSION" $REPO_VERSION || true)
+          if [ -n "$IS_GREATER" ] ; then
+            echo "@tbd54566975/${{ matrix.package }}@$REPO_VERSION is latest"
+            echo "IS_LATEST=true" >> $GITHUB_ENV
+          else
+            echo "@tbd54566975/${{ matrix.package }}@$REPO_VERSION is already published or repo version is lower"
+            echo "IS_LATEST=false" >> $GITHUB_ENV
+          fi
+        shell: bash
+
+      - name: Install dependencies
+        if: env.IS_LATEST == 'true'
+        run: npm ci
+
+      - name: Build all workspace packages
+        if: env.IS_LATEST == 'true'
+        run: npm run build
 
-      - name: Publish Release to NPM Public Registry
-        run: npm publish --ws --access public --provenance
+      - name: Publish @tbd54566975/${{ matrix.package }}@${{ env.REPO_VERSION }}
+        if: env.IS_LATEST == 'true'
         env:
           NODE_AUTH_TOKEN: ${{secrets.npm_token}}
+        run: |
+          cd packages/${{ matrix.package }}
+          npm publish --access public --provenance
+        shell: bash