From 9e8d0bd0486a2d57b47f07cd4df95c65650b973e Mon Sep 17 00:00:00 2001 From: root Date: Mon, 25 May 2026 07:25:52 +0000 Subject: [PATCH] ci: add Gitea-compatible package publish modes --- .../dry-run-publish-all-packages.yml | 69 ++++++++++++++ .gitea/workflows/publish-all-packages.yml | 69 ++++++++++++++ .gitea/workflows/publish-packages.yml | 93 ++----------------- scripts/gitea/ci-publish-packages.sh | 86 +++++++++++++++++ 4 files changed, 232 insertions(+), 85 deletions(-) create mode 100644 .gitea/workflows/dry-run-publish-all-packages.yml create mode 100644 .gitea/workflows/publish-all-packages.yml create mode 100755 scripts/gitea/ci-publish-packages.sh diff --git a/.gitea/workflows/dry-run-publish-all-packages.yml b/.gitea/workflows/dry-run-publish-all-packages.yml new file mode 100644 index 00000000..37f86ef3 --- /dev/null +++ b/.gitea/workflows/dry-run-publish-all-packages.yml @@ -0,0 +1,69 @@ +name: Dry-run all @bytelyst/* package publish + +on: + workflow_dispatch: + +concurrency: + group: dry-run-publish-all-${{ github.ref }} + cancel-in-progress: false + +defaults: + run: + shell: bash + +jobs: + dry-run-publish-all: + runs-on: [ubuntu-latest, bytelyst, hostinger] + container: + image: node:20-bookworm@sha256:8f693eaa7e0a8e71560c9a82b55fd54c2ae920a2ba5d2cde28bac7d1c01c9ba5 + options: --network host -v /home/gitea-runner/.gitea_publish_npmrc:/run/secrets/gitea_publish_npmrc:ro + env: + PACKAGE_FILTER: '@bytelyst/*' + DRY_RUN: 'true' + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + github-server-url: https://gitea.bytelyst.com + + - name: Print build context + run: | + echo "Ref: ${{ github.ref }}" + echo "RefName: ${{ github.ref_name }}" + echo "Commit: ${{ github.sha }}" + echo "Runner: $(hostname)" + echo "Package filter: $PACKAGE_FILTER" + echo "Dry run: $DRY_RUN" + node --version + npm --version + + - name: Install pinned pnpm + run: | + npm install -g pnpm@10.6.5 + pnpm --version + + - name: Configure publish registry + run: | + cp /run/secrets/gitea_publish_npmrc /tmp/publish.npmrc + chmod 600 /tmp/publish.npmrc + npm whoami --userconfig /tmp/publish.npmrc --registry https://gitea.bytelyst.com/api/packages/bytelyst/npm/ + + - name: Install workspace deps + run: HUSKY=0 pnpm install --frozen-lockfile + + - name: Discover, build, test, and pack unpublished packages + run: scripts/gitea/ci-publish-packages.sh + + - name: Compute tarball SHA512 manifest + run: | + set -euo pipefail + cd /tmp/tarballs + if ls *.tgz >/dev/null 2>&1; then + sha512sum *.tgz > manifest.sha512 + cat manifest.sha512 + else + echo "No tarballs produced" > manifest.sha512 + cat manifest.sha512 + fi diff --git a/.gitea/workflows/publish-all-packages.yml b/.gitea/workflows/publish-all-packages.yml new file mode 100644 index 00000000..c94fc8c0 --- /dev/null +++ b/.gitea/workflows/publish-all-packages.yml @@ -0,0 +1,69 @@ +name: Publish all @bytelyst/* packages + +on: + workflow_dispatch: + +concurrency: + group: publish-all-${{ github.ref }} + cancel-in-progress: false + +defaults: + run: + shell: bash + +jobs: + publish-all: + runs-on: [ubuntu-latest, bytelyst, hostinger] + container: + image: node:20-bookworm@sha256:8f693eaa7e0a8e71560c9a82b55fd54c2ae920a2ba5d2cde28bac7d1c01c9ba5 + options: --network host -v /home/gitea-runner/.gitea_publish_npmrc:/run/secrets/gitea_publish_npmrc:ro + env: + PACKAGE_FILTER: '@bytelyst/*' + DRY_RUN: 'false' + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + github-server-url: https://gitea.bytelyst.com + + - name: Print build context + run: | + echo "Ref: ${{ github.ref }}" + echo "RefName: ${{ github.ref_name }}" + echo "Commit: ${{ github.sha }}" + echo "Runner: $(hostname)" + echo "Package filter: $PACKAGE_FILTER" + echo "Dry run: $DRY_RUN" + node --version + npm --version + + - name: Install pinned pnpm + run: | + npm install -g pnpm@10.6.5 + pnpm --version + + - name: Configure publish registry + run: | + cp /run/secrets/gitea_publish_npmrc /tmp/publish.npmrc + chmod 600 /tmp/publish.npmrc + npm whoami --userconfig /tmp/publish.npmrc --registry https://gitea.bytelyst.com/api/packages/bytelyst/npm/ + + - name: Install workspace deps + run: HUSKY=0 pnpm install --frozen-lockfile + + - name: Discover, build, test, pack, publish, and verify queued packages + run: scripts/gitea/ci-publish-packages.sh + + - name: Compute tarball SHA512 manifest + run: | + set -euo pipefail + cd /tmp/tarballs + if ls *.tgz >/dev/null 2>&1; then + sha512sum *.tgz > manifest.sha512 + cat manifest.sha512 + else + echo "No tarballs produced" > manifest.sha512 + cat manifest.sha512 + fi diff --git a/.gitea/workflows/publish-packages.yml b/.gitea/workflows/publish-packages.yml index 262b3d17..e1b97622 100644 --- a/.gitea/workflows/publish-packages.yml +++ b/.gitea/workflows/publish-packages.yml @@ -2,15 +2,6 @@ name: Publish @bytelyst/* packages on: workflow_dispatch: - inputs: - package_filter: - description: 'Package name to publish, or @bytelyst/* for all packages' - required: false - default: '@bytelyst/errors' - dry_run: - description: 'Build, test, and pack queued packages without publishing' - required: false - default: 'false' push: branches: [main] @@ -29,8 +20,10 @@ jobs: image: node:20-bookworm@sha256:8f693eaa7e0a8e71560c9a82b55fd54c2ae920a2ba5d2cde28bac7d1c01c9ba5 options: --network host -v /home/gitea-runner/.gitea_publish_npmrc:/run/secrets/gitea_publish_npmrc:ro env: - PACKAGE_FILTER: ${{ github.event.inputs.package_filter }} - DRY_RUN: ${{ github.event.inputs.dry_run }} + # Gitea 1.22 does not support workflow_dispatch inputs, so the + # push/manual default remains the narrow, safe publish path. + PACKAGE_FILTER: '@bytelyst/errors' + DRY_RUN: 'false' steps: - name: Checkout @@ -45,8 +38,8 @@ jobs: echo "RefName: ${{ github.ref_name }}" echo "Commit: ${{ github.sha }}" echo "Runner: $(hostname)" - echo "Package filter: ${PACKAGE_FILTER:-@bytelyst/errors}" - echo "Dry run: ${DRY_RUN:-false}" + echo "Package filter: $PACKAGE_FILTER" + echo "Dry run: $DRY_RUN" grep '^PRETTY_NAME=' /etc/os-release || true node --version npm --version @@ -67,78 +60,8 @@ jobs: - name: Install workspace deps run: HUSKY=0 pnpm install --frozen-lockfile - - name: Discover unpublished packages - run: | - set -euo pipefail - PACKAGE_FILTER="${PACKAGE_FILTER:-@bytelyst/errors}" - echo "Using package filter: $PACKAGE_FILTER" - : > /tmp/packages-to-publish.tsv - for pkg_json in packages/*/package.json; do - name=$(node -p "require('./$pkg_json').name") - version=$(node -p "require('./$pkg_json').version") - dir=$(dirname "$pkg_json") - case "$name" in - @bytelyst/*) ;; - *) continue ;; - esac - case "$PACKAGE_FILTER" in - '@bytelyst/*'|'') ;; - "$name") ;; - *) continue ;; - esac - if npm view "$name@$version" version --userconfig /tmp/publish.npmrc --registry https://gitea.bytelyst.com/api/packages/bytelyst/npm/ >/dev/null 2>&1; then - echo "SKIP already published: $name@$version" - else - echo "QUEUE publish: $name@$version ($dir)" - printf '%s\t%s\t%s\n' "$name" "$version" "$dir" >> /tmp/packages-to-publish.tsv - fi - done - echo "Queued packages:" - cat /tmp/packages-to-publish.tsv || true - - - name: Build, test, pack, publish, and consumer-verify queued packages - run: | - set -euo pipefail - DRY_RUN="${DRY_RUN:-false}" - case "$DRY_RUN" in - true|false) ;; - *) echo "DRY_RUN must be 'true' or 'false'; got '$DRY_RUN'" >&2; exit 1 ;; - esac - echo "Dry run mode: $DRY_RUN" - mkdir -p /tmp/tarballs - if [ ! -s /tmp/packages-to-publish.tsv ]; then - echo "No unpublished packages matched the filter; nothing to do." - exit 0 - fi - while IFS=$'\t' read -r name version dir; do - echo "=== $name@$version ===" - pnpm --filter "$name" run build - if node -e "const s=require('./$dir/package.json').scripts||{}; process.exit(s.test ? 0 : 1)"; then - pnpm --filter "$name" test - else - echo "SKIP test: $name has no package.json scripts.test" - fi - (cd "$dir" && pnpm pack --pack-destination /tmp/tarballs) - if [ "$DRY_RUN" = "true" ]; then - echo "DRY RUN: would publish $name@$version" - else - cp /tmp/publish.npmrc "$dir/.npmrc" - trap "rm -f '$dir/.npmrc'" EXIT - (cd "$dir" && pnpm publish --no-git-checks --registry https://gitea.bytelyst.com/api/packages/bytelyst/npm/) - rm -f "$dir/.npmrc" - trap - EXIT - npm view "$name@$version" version dist.shasum dist.tarball --userconfig /tmp/publish.npmrc --registry https://gitea.bytelyst.com/api/packages/bytelyst/npm/ - consumer_name="consumer-${name//@/}-${version}" - consumer_name="${consumer_name//\//-}" - consumer_dir="/tmp/$consumer_name" - rm -rf "$consumer_dir" - mkdir -p "$consumer_dir" - cp /tmp/publish.npmrc "$consumer_dir/.npmrc" - printf '{"name":"publish-consumer-verify","private":true,"type":"module","dependencies":{"%s":"%s"}}\n' "$name" "$version" > "$consumer_dir/package.json" - (cd "$consumer_dir" && pnpm install --no-frozen-lockfile) - (cd "$consumer_dir" && node --input-type=module -e "const m=await import('$name'); console.log(Object.keys(m).sort().join(','));") - fi - done < /tmp/packages-to-publish.tsv + - name: Discover, build, test, pack, publish, and verify queued packages + run: scripts/gitea/ci-publish-packages.sh - name: Compute tarball SHA512 manifest run: | diff --git a/scripts/gitea/ci-publish-packages.sh b/scripts/gitea/ci-publish-packages.sh new file mode 100755 index 00000000..3dc14673 --- /dev/null +++ b/scripts/gitea/ci-publish-packages.sh @@ -0,0 +1,86 @@ +#!/usr/bin/env bash +set -euo pipefail + +registry="${PUBLISH_REGISTRY:-https://gitea.bytelyst.com/api/packages/bytelyst/npm/}" +userconfig="${PUBLISH_NPMRC:-/tmp/publish.npmrc}" +package_filter="${PACKAGE_FILTER:-@bytelyst/errors}" +dry_run="${DRY_RUN:-false}" + +case "$dry_run" in + true|false) ;; + *) echo "DRY_RUN must be 'true' or 'false'; got '$dry_run'" >&2; exit 1 ;; +esac + +echo "Using package filter: $package_filter" +echo "Dry run mode: $dry_run" +echo "Publish registry: $registry" + +mkdir -p /tmp/tarballs +: > /tmp/packages-to-publish.tsv + +for pkg_json in packages/*/package.json; do + name=$(node -p "require('./$pkg_json').name") + version=$(node -p "require('./$pkg_json').version") + dir=$(dirname "$pkg_json") + + case "$name" in + @bytelyst/*) ;; + *) continue ;; + esac + + case "$package_filter" in + '@bytelyst/*'|'') ;; + "$name") ;; + *) continue ;; + esac + + if npm view "$name@$version" version --userconfig "$userconfig" --registry "$registry" >/dev/null 2>&1; then + echo "SKIP already published: $name@$version" + else + echo "QUEUE publish: $name@$version ($dir)" + printf '%s\t%s\t%s\n' "$name" "$version" "$dir" >> /tmp/packages-to-publish.tsv + fi +done + +echo "Queued packages:" +cat /tmp/packages-to-publish.tsv || true + +if [ ! -s /tmp/packages-to-publish.tsv ]; then + echo "No unpublished packages matched the filter; nothing to do." + exit 0 +fi + +while IFS=$'\t' read -r name version dir; do + echo "=== $name@$version ===" + pnpm --filter "$name" run build + + if node -e "const s=require('./$dir/package.json').scripts||{}; process.exit(s.test ? 0 : 1)"; then + pnpm --filter "$name" test + else + echo "SKIP test: $name has no package.json scripts.test" + fi + + (cd "$dir" && pnpm pack --pack-destination /tmp/tarballs) + + if [ "$dry_run" = "true" ]; then + echo "DRY RUN: would publish $name@$version" + else + cp "$userconfig" "$dir/.npmrc" + trap "rm -f '$dir/.npmrc'" EXIT + (cd "$dir" && pnpm publish --no-git-checks --registry "$registry") + rm -f "$dir/.npmrc" + trap - EXIT + + npm view "$name@$version" version dist.shasum dist.tarball --userconfig "$userconfig" --registry "$registry" + + consumer_name="consumer-${name//@/}-${version}" + consumer_name="${consumer_name//\//-}" + consumer_dir="/tmp/$consumer_name" + rm -rf "$consumer_dir" + mkdir -p "$consumer_dir" + cp "$userconfig" "$consumer_dir/.npmrc" + printf '{"name":"publish-consumer-verify","private":true,"type":"module","dependencies":{"%s":"%s"}}\n' "$name" "$version" > "$consumer_dir/package.json" + (cd "$consumer_dir" && pnpm install --no-frozen-lockfile) + (cd "$consumer_dir" && node --input-type=module -e "const m=await import('$name'); console.log(Object.keys(m).sort().join(','));") + fi +done < /tmp/packages-to-publish.tsv