Skip to content

feat: update WFs (#117) #64

feat: update WFs (#117)

feat: update WFs (#117) #64

Workflow file for this run

name: CI
on:
push:
branches:
- main
repository_dispatch:
types: [semantic-release]
env:
THIRD_PARTY_GIT_AUTHOR_EMAIL: [email protected]
THIRD_PARTY_GIT_AUTHOR_NAME: nr-opensource-bot
jobs:
job-checkout-and-build:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v2
with:
persist-credentials: false
- name: Setup Node.js
uses: actions/setup-node@v1
with:
node-version: 16
- name: Cache node_modules
id: cache-node-modules
uses: actions/cache@v1
env:
cache-name: node-modules
with:
path: ~/.npm
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-${{ env.cache-name }}-
- name: Install Dependencies
run: npm ci
- name: Install NR1 CLI
run: curl -s https://cli.nr-ext.net/installer.sh | sudo bash
- name: NR1 Nerdpack Build
run: |
nr1 nerdpack:build
nr1 nerdpack:validate
job-generate-third-party-notices:
runs-on: ubuntu-latest
needs: job-checkout-and-build
steps:
# Checkout fetch-depth: 2 because there's a check to see if package.json
# was updated, and need at least 2 commits for the check to function properly
- name: Checkout repo
uses: actions/checkout@v2
with:
fetch-depth: 2
persist-credentials: false
- name: Setup Node.js
uses: actions/setup-node@v1
with:
node-version: 16
- name: Download Cached Deps
id: cache-node-modules
uses: actions/cache@v1
env:
cache-name: node-modules
with:
path: ~/.npm
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-${{ env.cache-name }}-
- name: Install Dependencies
run: npm ci
- name: Install OSS CLI
run: |
sudo npm install -g @newrelic/newrelic-oss-cli
- name: Generate Third Party Notices
id: generate-notices
run: |
if [ ! -f "third_party_manifest.json" ]; then
echo "::error::third_party_manifest.json is missing. Must generate using the newrelic-oss-cli."
exit 1
fi
# latest commit
LATEST_COMMIT=$(git rev-parse HEAD)
# latest commit where package.json was changed
LAST_CHANGED_COMMIT=$(git log -1 --format=format:%H --full-diff package.json)
if [ $LAST_CHANGED_COMMIT = $LATEST_COMMIT ]; then
git config user.email "${{ env.THIRD_PARTY_GIT_AUTHOR_EMAIL }}"
git config user.name "${{ env.THIRD_PARTY_GIT_AUTHOR_NAME }}"
oss third-party manifest
oss third-party notices
git add third_party_manifest.json
git add THIRD_PARTY_NOTICES.md
git commit -m 'chore: update third-party manifest and notices [skip ci]'
echo "::set-output name=commit::true"
else
echo "No change in package.json, not regenerating third-party notices"
fi
- name: Temporarily disable "required_pull_request_reviews" branch protection
id: disable-branch-protection
if: always()
uses: actions/github-script@v1
with:
github-token: ${{ secrets.OPENSOURCE_BOT_TOKEN }}
previews: luke-cage-preview
script: |
const result = await github.repos.updateBranchProtection({
owner: context.repo.owner,
repo: context.repo.repo,
branch: 'main',
required_status_checks: null,
restrictions: null,
enforce_admins: null,
required_pull_request_reviews: null
})
console.log("Result:", result)
- name: Push Commit
if: steps.generate-notices.outputs.commit == 'true'
uses: ad-m/[email protected]
with:
github_token: ${{ secrets.OPENSOURCE_BOT_TOKEN }}
branch: main
- name: Re-enable "required_pull_request_reviews" branch protection
id: enable-branch-protection
if: always()
uses: actions/github-script@v1
with:
github-token: ${{ secrets.OPENSOURCE_BOT_TOKEN }}
previews: luke-cage-preview
script: |
const result = await github.repos.updateBranchProtection({
owner: context.repo.owner,
repo: context.repo.repo,
branch: 'main',
required_status_checks: null,
restrictions: null,
enforce_admins: null,
required_pull_request_reviews: {
required_approving_review_count: 1
}
})
console.log("Result:", result)
job-generate-release:
runs-on: ubuntu-latest
needs: [job-checkout-and-build, job-generate-third-party-notices]
steps:
# Checkout ref: main because previous job committed third_party_notices and
# we need to checkout main to pick up that commit
- name: Checkout repo
uses: actions/checkout@v2
with:
ref: main
persist-credentials: false
- name: Setup Node.js
uses: actions/setup-node@v1
with:
node-version: 16
- name: Install dependencies
run: npm ci
- name: Temporarily disable "required_pull_request_reviews" branch protection
id: disable-branch-protection
if: always()
uses: actions/github-script@v1
with:
github-token: ${{ secrets.OPENSOURCE_BOT_TOKEN }}
previews: luke-cage-preview
script: |
const result = await github.repos.updateBranchProtection({
owner: context.repo.owner,
repo: context.repo.repo,
branch: 'main',
required_status_checks: null,
restrictions: null,
enforce_admins: null,
required_pull_request_reviews: null
})
console.log("Result:", result)
- name: Run semantic-release
env:
# Use nr-opensource-bot for authoring commits done by
# semantic-release (rather than using @semantic-release-bot)
GIT_AUTHOR_NAME: 'nr-opensource-bot'
GIT_AUTHOR_EMAIL: '[email protected]'
GIT_COMMITTER_NAME: 'nr-opensource-bot'
GIT_COMMITTER_EMAIL: '[email protected]'
GITHUB_TOKEN: ${{ secrets.OPENSOURCE_BOT_TOKEN }}
run: npx semantic-release@^18.0.0
- name: Re-enable "required_pull_request_reviews" branch protection
id: enable-branch-protection
if: always()
uses: actions/github-script@v1
with:
github-token: ${{ secrets.OPENSOURCE_BOT_TOKEN }}
previews: luke-cage-preview
script: |
const result = await github.repos.updateBranchProtection({
owner: context.repo.owner,
repo: context.repo.repo,
branch: 'main',
required_status_checks: null,
restrictions: null,
enforce_admins: null,
required_pull_request_reviews: {
required_approving_review_count: 1
}
})
console.log("Result:", result)