listmonk-nodejs-client/.forgejo/workflows/publish.yml

# +=================================================+
# | Publish the package to our private NPM registry |
# +=================================================+

name: Publish to private NPM registry

on:
  push:
    branches:
      - main
  workflow_dispatch:

permissions:
  contents: write # Allows the workflow to push changes to the repository (e.g. for tagging)

jobs:
  # Publishes the package to the private NPM registry
  publish:
    runs-on: self-hosted
    outputs:
      build_and_deploy: ${{ steps.version_check.outputs.build_and_deploy }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      
      # Check if this is a "significant" commit that should trigger a new publish
      # This is done by checking if the latest git tag matches the version in the `package.json` file
      - name: Version Check
        id: version_check
        run: |
          # Get the latest version from the `package.json` file
          # This should be updated if a new publish is desired
          LATEST_VERSION=$(jq -r '.version' package.json)
          echo "LATEST_VERSION=$LATEST_VERSION" >> $GITHUB_ENV

          # Get the latest Git tag from the repository
          LATEST_TAG=$(git describe --tags --abbrev=0)
          echo "LATEST_TAG=$LATEST_TAG" >> $GITHUB_ENV

          # If the git tag and the version ARE the same, this is a commit that SHOULD NOT trigger a publish
          # Inversely, if the git tag and the version are NOT the same, this is a commit that SHOULD trigger a publish
          if [[ "$LATEST_TAG" == "v$LATEST_VERSION" ]]; then
            echo "Latest tag matches the version in package.json, SHOULD NOT publish"
            echo "publish=false" >> $GITHUB_OUTPUT
          else
            echo "Latest tag does not match the version in package.json, SHOULD publish"
            echo "publish=true" >> $GITHUB_OUTPUT
          fi
      
      # Conditional step to create a new Git tag
      # This is required because after we've published the package we rely on the latest git tag to know it's happened (and not re-publish)
      # We do it this way so that ONLY situations where the git tag and the last package version are mal-aligned do we create a new tag
      - name: Add Git Tag (if needed)
        if: steps.version_check.outputs.publish == 'true'
        run: |
          # Update remote URL to use the GITHUB_TOKEN for authentication
          git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@git.bridgemanaccessible.ca/${{ github.repository }}.git
      
          # Setup git user details for committing the version change and tag
          git config user.name "Forgjo Actions"
          git config user.email "actions@git.bridgemanaccessible.ca"
      
          # Create a new tag with the updated version number
          git tag -a "v${{ env.LATEST_VERSION }}" -m "Version ${{ env.LATEST_VERSION }}"
      
          # Push the new tag to the repository
          git push --tags
      
      # Publish the package to the private NPM registry
      - name: Publish Package
        if: steps.version_check.outputs.publish == 'true'
        run: |
          # Not necessarily needed but keeping track of the current directory (so that we can return to it is just a good practice)
          CURR_DIR="$PWD"

          # Change into the repository directory
          cd "$GITHUB_WORKSPACE"

          # Transpile from TypeScript to JavaScript
          yarn build
          
          # Copy the package file into the output (`dist`) directory
          # This is because it's required for publishing the package to the NPM registry
          cp package.json dist/package.json

          # Create a .npmrc file in the output (`dist`) directory with proper values
          # This is so we can authenticate with the private NPM registry
          cp .npmrc.example dist/.npmrc
          sed -i "s|<token>|${{ secrets.NPM_PRIVATE_REGISTRY_AUTH_TOKEN }}|g" dist/.npmrc

          cd dist

          # Create a .npmignore file to exclude the .npmrc file from being published
          # This is necessary because the .npmrc file contains sensitive information (like the auth token)
          # However, we can't just leave the .npmrc out entirely because we need it to authenticate with the private NPM registry
          echo ".npmrc" > .npmignore

          # Publish the package to the private NPM registry
          npm publish --registry http://npm.pkg.bridgemanaccessible.ca/

          # Clean up the extra files related to publishing the package
          rm .npmignore
          rm .npmrc
          rm package.json
          
          cd ../

          # Clean up the output directory
          rm -rf dist
          
          # Return to the original directory
          cd "$CURR_DIR"