Skip to content

Commit

Permalink
ci: add npm provenance (#85)
Browse files Browse the repository at this point in the history 
* ci: add npm provenance

* ci: rely on bunx instead of npx

* ci: add bump minor action
  • Loading branch information
@ayuhito
ayuhito authored Sep 12, 2024
1 parent d551c34 commit bbd47cd
Show file tree
Hide file tree
Showing 10 changed files with 114 additions and 2,235 deletions.
13 changes: 4 additions & 9 deletions .github/workflows/algolia.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,19 +10,14 @@ jobs:
- name: checkout
uses: actions/checkout@v4

- name: Enable PNPM
uses: pnpm/action-setup@v4

- name: Set node version to 20
uses: actions/setup-node@v4
- uses: oven-sh/setup-bun@v2
with:
node-version: "20"
cache: "pnpm"
bun-version: latest

- name: Install
run: pnpm install --frozen-lockfile
run: bun install --frozen-lockfile

- name: Update Algolia Index
run: pnpm run algolia
run: bun run algolia
env:
ALGOLIA_ADMIN_KEY: ${{ secrets.ALGOLIA_ADMIN_KEY }}
57 changes: 57 additions & 0 deletions .github/workflows/bump-minor.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
name: Build and Release [Bump Minor] [Manual]

on: [workflow_dispatch]

permissions:
id-token: write

jobs:
build:
runs-on: ubuntu-latest

steps:
- name: checkout
uses: actions/checkout@v4

- uses: oven-sh/setup-bun@v2
with:
bun-version: latest

- name: Install
run: bun install --frozen-lockfile

- name: Fetch API # Calls Google Font Metadata to fetch the latest data from Google's Developer API
run: bunx gfm generate $GOOGLE_API_KEY
env:
GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}

- name: Parse API
run: bunx gfm parse --force

- name: Build fonts # Build all updated Google Fonts in repository
run: bunx fontsource build --force

- name: Generate fontlist
run: bun run fontlist

- name: Save GFM metadata
run: bun run gfm-metadata

- name: Save Fontsource metadata
run: bun run metadata

- name: Setup Git Config
run: |
git config --global user.email "[email protected]"
git config --global user.name "fontsource-bot"
- name: Publish to NPM
run: bunx @fontsource-utils/publish publish minor --force --yes --provenance
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

- name: Update Algolia Index
run: bun run algolia
env:
ALGOLIA_ADMIN_KEY: ${{ secrets.ALGOLIA_ADMIN_KEY }}
31 changes: 15 additions & 16 deletions .github/workflows/cron-run.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ on:
schedule:
- cron: "0 0 * * 0"

permissions:
id-token: write

jobs:
build:
runs-on: ubuntu-latest
Expand All @@ -12,52 +15,48 @@ jobs:
- name: checkout
uses: actions/checkout@v4

- name: Enable PNPM
uses: pnpm/action-setup@v4

- name: Set node version to 20
uses: actions/setup-node@v4
- uses: oven-sh/setup-bun@v2
with:
node-version: "20"
bun-version: latest

- name: Install
run: pnpm install --frozen-lockfile
run: bun install --frozen-lockfile

- name: Fetch API # Calls Google Font Metadata to fetch the latest data from Google's Developer API
run: npx gfm generate $GOOGLE_API_KEY
run: bunx gfm generate $GOOGLE_API_KEY
env:
GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}

- name: Parse API
run: npx gfm parse
run: bunx gfm parse

- name: Build fonts # Build all updated Google Fonts in repository
run: npx fontsource build
run: bunx fontsource build

- name: Remove Duplicates
run: pnpm run check-duplicates
run: bun run check-duplicates

- name: Generate fontlist
run: pnpm run fontlist
run: bun run fontlist

- name: Save GFM metadata
run: pnpm run gfm-metadata
run: bun run gfm-metadata

- name: Save Fontsource metadata
run: pnpm run metadata
run: bun run metadata

- name: Setup Git Config
run: |
git config --global user.email "[email protected]"
git config --global user.name "fontsource-bot"
- name: Publish to NPM
run: "pnpm run ci:publish"
run: bunx @fontsource-utils/publish publish patch --yes --provenance
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

- name: Update Algolia Index
run: pnpm run algolia
run: bun run algolia
env:
ALGOLIA_ADMIN_KEY: ${{ secrets.ALGOLIA_ADMIN_KEY }}
25 changes: 12 additions & 13 deletions .github/workflows/manual-run-force.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ name: Build and Release [Force Rebuild No Deploy] [Manual]

on: [workflow_dispatch]

permissions:
id-token: write

jobs:
build:
runs-on: ubuntu-latest
Expand All @@ -10,36 +13,32 @@ jobs:
- name: checkout
uses: actions/checkout@v4

- name: Enable PNPM
uses: pnpm/action-setup@v4

- name: Set node version to 20
uses: actions/setup-node@v4
- uses: oven-sh/setup-bun@v2
with:
node-version: "20"
bun-version: latest

- name: Install
run: pnpm install --frozen-lockfile
run: bun install --frozen-lockfile

- name: Fetch API # Calls Google Font Metadata to fetch the latest data from Google's Developer API
run: npx gfm generate $GOOGLE_API_KEY
run: bunx gfm generate $GOOGLE_API_KEY
env:
GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}

- name: Parse API
run: npx gfm parse --force
run: bunx gfm parse --force

- name: Build fonts # Build all updated Google Fonts in repository
run: npx fontsource build --force
run: bunx fontsource build --force

- name: Generate fontlist
run: pnpm run fontlist
run: bun run fontlist

- name: Save GFM metadata
run: pnpm run gfm-metadata
run: bun run gfm-metadata

- name: Save Fontsource metadata
run: pnpm run metadata
run: bun run metadata

- name: Stage, commit and push files
uses: stefanzweifel/git-auto-commit-action@v4
Expand Down
31 changes: 15 additions & 16 deletions .github/workflows/manual-run.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ name: Build and Release [Manual]

on: [workflow_dispatch]

permissions:
id-token: write

jobs:
build:
runs-on: ubuntu-latest
Expand All @@ -10,52 +13,48 @@ jobs:
- name: checkout
uses: actions/checkout@v4

- name: Enable PNPM
uses: pnpm/action-setup@v4

- name: Set node version to 20
uses: actions/setup-node@v4
- uses: oven-sh/setup-bun@v2
with:
node-version: "20"
bun-version: latest

- name: Install
run: pnpm install --frozen-lockfile
run: bun install --frozen-lockfile

- name: Fetch API # Calls Google Font Metadata to fetch the latest data from Google's Developer API
run: npx gfm generate $GOOGLE_API_KEY
run: bunx gfm generate $GOOGLE_API_KEY
env:
GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }}

- name: Parse API
run: npx gfm parse
run: bunx gfm parse

- name: Build fonts # Build all updated Google Fonts in repository
run: npx fontsource build
run: bunx fontsource build

- name: Remove Duplicates
run: pnpm run check-duplicates
run: bun run check-duplicates

- name: Generate fontlist
run: pnpm run fontlist
run: bun run fontlist

- name: Save GFM metadata
run: pnpm run gfm-metadata
run: bun run gfm-metadata

- name: Save Fontsource metadata
run: pnpm run metadata
run: bun run metadata

- name: Setup Git Config
run: |
git config --global user.email "[email protected]"
git config --global user.name "fontsource-bot"
- name: Publish to NPM
run: "pnpm run ci:publish"
run: bunx @fontsource-utils/publish publish patch --yes --provenance
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

- name: Update Algolia Index
run: pnpm run algolia
run: bun run algolia
env:
ALGOLIA_ADMIN_KEY: ${{ secrets.ALGOLIA_ADMIN_KEY }}
13 changes: 4 additions & 9 deletions .github/workflows/tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,12 @@ jobs:
- name: checkout
uses: actions/checkout@v4

- name: Enable PNPM
uses: pnpm/action-setup@v4

- name: Set node version to 20
uses: actions/setup-node@v4
- uses: oven-sh/setup-bun@v2
with:
node-version: "20"
cache: "pnpm"
bun-version: latest

- name: Install
run: pnpm install --frozen-lockfile
run: bun install --frozen-lockfile

- name: Run Tests
run: pnpm test
run: bun run test
13 changes: 4 additions & 9 deletions .github/workflows/update-deps.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,20 +12,15 @@ jobs:
- name: checkout
uses: actions/checkout@v4

- name: Enable PNPM
uses: pnpm/action-setup@v4

- name: Set node version to 20
uses: actions/setup-node@v4
- uses: oven-sh/setup-bun@v2
with:
node-version: "20"
cache: "pnpm"
bun-version: latest

- name: Install
run: pnpm install --frozen-lockfile
run: bun install --frozen-lockfile

- name: Update
run: pnpm up --latest
run: bun upgrade --latest

- name: Create Pull Request
uses: peter-evans/create-pull-request@v5
Expand Down
Binary file added bun.lockb
View file
Binary file not shown.
7 changes: 3 additions & 4 deletions package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "font-files",
"version": "5.0.0",
"version": "5.1.0",
"description": "1500+ open-source fonts bundled into neat packages.",
"type": "module",
"packageManager": "[email protected]",
Expand All @@ -11,14 +11,13 @@
"fontlist": "tsx scripts/fontlist.ts",
"gfm-metadata": "tsx scripts/gfm-metadata.ts",
"metadata": "tsx scripts/metadata.ts",
"test": "fontsource create-verify --all",
"ci:publish": "npx @fontsource-utils/publish publish patch --yes"
"test": "fontsource create-verify --all"
},
"author": "Ayuhito <[email protected]>",
"license": "MIT",
"dependencies": {
"@fontsource-utils/cli": "0.4.2",
"@fontsource-utils/publish": "^0.2.8",
"@fontsource-utils/publish": "^0.3.0",
"@types/node": "^20.12.7",
"algoliasearch": "^4.23.3",
"consola": "^3.2.3",
Expand Down
Loading

0 comments on commit bbd47cd

Please sign in to comment.