# +=================================================+ # | Publish the package to our private NPM registry | # +=================================================+ name: Publish to private NPM registry on: push: branches: - main workflow_dispatch: permissions: contents: write # Allows the workflow to push changes to the repository (e.g. for tagging) jobs: # Publishes the package to the private NPM registry publish: runs-on: self-hosted outputs: build_and_deploy: ${{ steps.version_check.outputs.build_and_deploy }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 # Check if this is a "significant" commit that should trigger a new publish # This is done by checking if the latest git tag matches the version in the `package.json` file - name: Version Check id: version_check run: | # Get the latest version from the `package.json` file # This should be updated if a new publish is desired LATEST_VERSION=$(jq -r '.version' package.json) echo "LATEST_VERSION=$LATEST_VERSION" >> $GITHUB_ENV # Get the latest Git tag from the repository LATEST_TAG=$(git describe --tags --abbrev=0) echo "LATEST_TAG=$LATEST_TAG" >> $GITHUB_ENV # If the git tag and the version ARE the same, this is a commit that SHOULD NOT trigger a publish # Inversely, if the git tag and the version are NOT the same, this is a commit that SHOULD trigger a publish if [[ "$LATEST_TAG" == "v$LATEST_VERSION" ]]; then echo "Latest tag matches the version in package.json, SHOULD NOT publish" echo "publish=false" >> $GITHUB_OUTPUT else echo "Latest tag does not match the version in package.json, SHOULD publish" echo "publish=true" >> $GITHUB_OUTPUT fi # Conditional step to create a new Git tag # This is required because after we've published the package we rely on the latest git tag to know it's happened (and not re-publish) # We do it this way so that ONLY situations where the git tag and the last package version are mal-aligned do we create a new tag - name: Add Git Tag (if needed) if: steps.version_check.outputs.publish == 'true' run: | # Update remote URL to use the GITHUB_TOKEN for authentication git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@git.bridgemanaccessible.ca/${{ github.repository }}.git # Setup git user details for committing the version change and tag git config user.name "Forgjo Actions" git config user.email "actions@git.bridgemanaccessible.ca" # Create a new tag with the updated version number git tag -a "v${{ env.LATEST_VERSION }}" -m "Version ${{ env.LATEST_VERSION }}" # Push the new tag to the repository git push --tags # Publish the package to the private NPM registry - name: Publish Package if: steps.version_check.outputs.publish == 'true' run: | # Not necessarily needed but keeping track of the current directory (so that we can return to it is just a good practice) CURR_DIR="$PWD" # Change into the repository directory cd "$GITHUB_WORKSPACE" # Transpile from TypeScript to JavaScript yarn build # Copy the package file into the output (`dist`) directory # This is because it's required for publishing the package to the NPM registry cp package.json dist/package.json # Create a .npmrc file in the output (`dist`) directory with proper values # This is so we can authenticate with the private NPM registry cp .npmrc.example dist/.npmrc sed -i "s||${{ secrets.NPM_PRIVATE_REGISTRY_AUTH_TOKEN }}|g" dist/.npmrc cd dist # Create a .npmignore file to exclude the .npmrc file from being published # This is necessary because the .npmrc file contains sensitive information (like the auth token) # However, we can't just leave the .npmrc out entirely because we need it to authenticate with the private NPM registry echo ".npmrc" > .npmignore # Publish the package to the private NPM registry npm publish --registry http://npm.pkg.bridgemanaccessible.ca/ # Clean up the extra files related to publishing the package rm .npmignore rm .npmrc rm package.json cd ../ # Clean up the output directory rm -rf dist # Return to the original directory cd "$CURR_DIR"