|
| 1 | +name: Publish UI Components Package |
| 2 | + |
| 3 | +on: |
| 4 | + workflow_run: |
| 5 | + workflows: ['Linting and Tests'] |
| 6 | + types: [completed] |
| 7 | + branches: [main] |
| 8 | + workflow_dispatch: |
| 9 | + inputs: |
| 10 | + skip_github_check: |
| 11 | + description: 'Skip GitHub commit author check' |
| 12 | + required: false |
| 13 | + default: false |
| 14 | + type: boolean |
| 15 | + |
| 16 | +permissions: |
| 17 | + contents: read |
| 18 | + packages: write |
| 19 | + |
| 20 | +env: |
| 21 | + COMMIT_SHA: ${{ github.event.workflow_run.head_sha || github.sha }} |
| 22 | + |
| 23 | +jobs: |
| 24 | + publish: |
| 25 | + if: github.event_name == 'workflow_dispatch' || (github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push') |
| 26 | + runs-on: ubuntu-latest |
| 27 | + steps: |
| 28 | + - name: Checkout repository |
| 29 | + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 |
| 30 | + |
| 31 | + - name: Verify commit authenticity |
| 32 | + run: | |
| 33 | + COMMIT_DATA=$(gh api repos/${{ github.repository }}/commits/$COMMIT_SHA) |
| 34 | + VERIFIED=$(echo "$COMMIT_DATA" | jq -r '.commit.verification.verified') |
| 35 | + COMMITTER=$(echo "$COMMIT_DATA" | jq -r '.commit.committer.email') |
| 36 | +
|
| 37 | + if [[ "$VERIFIED" != "true" ]]; then |
| 38 | + echo "❌ Unverified commit! Aborting." |
| 39 | + exit 1 |
| 40 | + fi |
| 41 | +
|
| 42 | + if [[ "${{ github.event.inputs.skip_github_check }}" != "true" && "$COMMITTER" != *"[email protected]" ]]; then |
| 43 | + echo "❌ Unauthorized committer! Aborting." |
| 44 | + exit 1 |
| 45 | + fi |
| 46 | +
|
| 47 | + echo "✅ Commit is verified and trusted." |
| 48 | + env: |
| 49 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 50 | + |
| 51 | + - name: Check for UI component changes |
| 52 | + if: github.event_name != 'workflow_dispatch' |
| 53 | + id: check_changes |
| 54 | + run: | |
| 55 | + if git diff --quiet $COMMIT_SHA~1 $COMMIT_SHA -- packages/ui-components/; then |
| 56 | + echo "changed=false" >> $GITHUB_OUTPUT |
| 57 | + else |
| 58 | + echo "changed=true" >> $GITHUB_OUTPUT |
| 59 | + fi |
| 60 | +
|
| 61 | + - name: Setup Node.js |
| 62 | + if: github.event_name == 'workflow_dispatch' || steps.check_changes.outputs.changed == 'true' |
| 63 | + uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 |
| 64 | + with: |
| 65 | + cache: npm |
| 66 | + registry-url: https://npm.pkg.github.com/ |
| 67 | + |
| 68 | + - name: Generate version |
| 69 | + if: github.event_name == 'workflow_dispatch' || steps.check_changes.outputs.changed == 'true' |
| 70 | + run: npm version --no-git-tag-version 0.0.0-$COMMIT_SHA --workspace=packages/ui-components |
| 71 | + |
| 72 | + - name: Publish package |
| 73 | + if: github.event_name == 'workflow_dispatch' || steps.check_changes.outputs.changed == 'true' |
| 74 | + run: npm publish --workspace=packages/ui-components |
| 75 | + env: |
| 76 | + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
0 commit comments