diff --git a/.gitea/workflows/publish-packages.yml b/.gitea/workflows/publish-packages.yml new file mode 100644 index 00000000..0f592639 --- /dev/null +++ b/.gitea/workflows/publish-packages.yml @@ -0,0 +1,124 @@ +name: Publish @bytelyst/* packages + +on: + push: + tags: + - 'v*' + workflow_dispatch: + inputs: + dry_run: + description: 'Build + pack but skip publish' + required: false + default: 'true' + package_filter: + description: 'Optional package name to restrict publish/dry-run, e.g. @bytelyst/errors' + required: false + default: '@bytelyst/*' + +concurrency: + group: publish-${{ github.ref }} + cancel-in-progress: false + +jobs: + publish: + runs-on: [ubuntu-latest, bytelyst, hostinger] + container: + image: node:20-bookworm@sha256:8f693eaa7e0a8e71560c9a82b55fd54c2ae920a2ba5d2cde28bac7d1c01c9ba5 + options: --network host -v /home/gitea-runner/.gitea_publish_npmrc:/run/secrets/gitea_publish_npmrc:ro + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + github-server-url: https://gitea.bytelyst.com + + - name: Print build context + run: | + echo "Ref: ${{ github.ref }}" + echo "RefName: ${{ github.ref_name }}" + echo "Commit: ${{ github.sha }}" + echo "Runner: $(hostname)" + grep '^PRETTY_NAME=' /etc/os-release || true + node --version + npm --version + + - name: Install pinned pnpm + run: | + npm install -g pnpm@10.6.5 + pnpm --version + + - name: Configure publish registry + run: | + cp /run/secrets/gitea_publish_npmrc /tmp/publish.npmrc + chmod 600 /tmp/publish.npmrc + echo "Configured registry:" + sed -E 's#(_auth(Token)?=).*#\1***#; s#(//[^[:space:]]+:)_authToken=.*#\1_authToken=***#' /tmp/publish.npmrc + npm whoami --userconfig /tmp/publish.npmrc --registry https://gitea.bytelyst.com/api/packages/bytelyst/npm/ + + - name: Install workspace deps + run: HUSKY=0 pnpm install --frozen-lockfile + + - name: Discover unpublished packages + env: + PACKAGE_FILTER: ${{ inputs.package_filter || '@bytelyst/*' }} + run: | + set -euo pipefail + : > /tmp/packages-to-publish.tsv + for pkg_json in packages/*/package.json; do + name=$(node -p "require('./$pkg_json').name") + version=$(node -p "require('./$pkg_json').version") + dir=$(dirname "$pkg_json") + case "$name" in + @bytelyst/*) ;; + *) continue ;; + esac + case "$PACKAGE_FILTER" in + '@bytelyst/*'|'') ;; + "$name") ;; + *) continue ;; + esac + if npm view "$name@$version" version --userconfig /tmp/publish.npmrc --registry https://gitea.bytelyst.com/api/packages/bytelyst/npm/ >/dev/null 2>&1; then + echo "SKIP already published: $name@$version" + else + echo "QUEUE publish: $name@$version ($dir)" + printf '%s\t%s\t%s\n' "$name" "$version" "$dir" >> /tmp/packages-to-publish.tsv + fi + done + echo "Queued packages:" + cat /tmp/packages-to-publish.tsv || true + + - name: Build, test, pack, and optionally publish queued packages + env: + DRY_RUN: ${{ inputs.dry_run || 'false' }} + run: | + set -euo pipefail + mkdir -p /tmp/tarballs + if [ ! -s /tmp/packages-to-publish.tsv ]; then + echo "No unpublished packages matched the filter; nothing to do." + exit 0 + fi + while IFS=$'\t' read -r name version dir; do + echo "=== $name@$version ===" + pnpm --filter "$name" run build + pnpm --filter "$name" test + (cd "$dir" && pnpm pack --pack-destination /tmp/tarballs) + if [ "$DRY_RUN" = "true" ]; then + echo "DRY RUN: skipping publish for $name@$version" + else + (cd "$dir" && pnpm publish --no-git-checks --userconfig /tmp/publish.npmrc --registry https://gitea.bytelyst.com/api/packages/bytelyst/npm/) + npm view "$name@$version" dist.shasum --userconfig /tmp/publish.npmrc --registry https://gitea.bytelyst.com/api/packages/bytelyst/npm/ + fi + done < /tmp/packages-to-publish.tsv + + - name: Compute tarball SHA512 manifest + run: | + set -euo pipefail + cd /tmp/tarballs + if ls *.tgz >/dev/null 2>&1; then + sha512sum *.tgz > manifest.sha512 + cat manifest.sha512 + else + echo "No tarballs produced" > manifest.sha512 + cat manifest.sha512 + fi