diff --git a/.github/workflows/deploy-published-releases.yaml b/.github/workflows/deploy-published-releases.yaml index 5756c75c..d393ba5a 100644 --- a/.github/workflows/deploy-published-releases.yaml +++ b/.github/workflows/deploy-published-releases.yaml @@ -14,7 +14,26 @@ env: PREVIEW_WIDGET_URL: https://cdn.croct.io/js/v1/lib/plug/widget-${{ github.ref_name }}.html jobs: + publish-npm: + uses: croct-tech/github-workflows/.github/workflows/publish-npm-package.yml@unify-workflows + with: + publish-access: "public" + prepare-script: >- + cp LICENSE README.md build/ && + cd build && + find . -type f -path '*/*\.js.map' -exec sed -i -e "s~../src~src~" {} + && + sed -i -e "s~\"version\": \"0.0.0-dev\"~\"version\": \"${GITHUB_REF##*/}\"~" package.json && + sed -i -e "s~<@cdnUrl@>~${CDN_URL}~" constants.* && + sed -i -e "s~<@playgroundOrigin@>~${PLAYGROUND_ORIGIN}~" constants.* && + sed -i -e "s~<@playgroundConnectUrl@>~${PLAYGROUND_CONNECT_URL}~" constants.* && + sed -i -e "s~<@previewWidgetOrigin@>~${PREVIEW_WIDGET_ORIGIN}~" constants.* && + sed -i -e "s~<@previewWidgetUrl@>~${PREVIEW_WIDGET_URL}~" constants.* + secrets: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + deploy-library: + if: ${{ !github.event.release.prerelease }} + needs: publish-npm permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout @@ -37,44 +56,9 @@ jobs: - name: Install dependencies if: steps.cache-dependencies.outputs.cache-hit != 'true' - run: |- - npm ci - rm -rf ~/.npmrc - - - name: Build package - run: |- - npm run build - - - name: Prepare release - run: |- - cp LICENSE README.md build/ - cd build - find . -type f -path '*/*\.js.map' -exec sed -i -e "s~../src~src~" {} + - sed -i -e "s~\"version\": \"0.0.0-dev\"~\"version\": \"${GITHUB_REF##*/}\"~" package.json - sed -i -e "s~<@cdnUrl@>~${CDN_URL}~" constants.* - sed -i -e "s~<@playgroundOrigin@>~${PLAYGROUND_ORIGIN}~" constants.* - sed -i -e "s~<@playgroundConnectUrl@>~${PLAYGROUND_CONNECT_URL}~" constants.* - sed -i -e "s~<@previewWidgetOrigin@>~${PREVIEW_WIDGET_ORIGIN}~" constants.* - sed -i -e "s~<@previewWidgetUrl@>~${PREVIEW_WIDGET_URL}~" constants.* - - - name: Publish pre-release to NPM - if: ${{ github.event.release.prerelease }} - run: |- - cd build - npm publish --access public --tag next - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - - - name: Publish release to NPM - if: ${{ !github.event.release.prerelease }} - run: |- - cd build - npm publish --access public - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + run: npm ci - name: Bundle package - if: ${{ !github.event.release.prerelease }} run: |- rm -rf build npm run bundle -- --config-cdn-url=${CDN_URL} \ @@ -85,7 +69,6 @@ jobs: - id: 'auth' name: 'Authenticate to Google Cloud' - if: ${{ !github.event.release.prerelease }} uses: 'google-github-actions/auth@v3' with: workload_identity_provider: '${{ secrets.GCLOUD_WORKLOAD_IDENTITY }}' @@ -95,7 +78,6 @@ jobs: uses: google-github-actions/setup-gcloud@v3 - name: Deploy to GCS - if: ${{ !github.event.release.prerelease }} env: GCLOUD_BUCKET: ${{ secrets.GCLOUD_BUCKET }} run: |- diff --git a/.github/workflows/library-validations.yaml b/.github/workflows/library-validations.yaml index 9a4c209c..d1b1c412 100644 --- a/.github/workflows/library-validations.yaml +++ b/.github/workflows/library-validations.yaml @@ -12,92 +12,8 @@ on: - opened jobs: - security-checks: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 - with: - node-version: 23 - - - name: Cache dependencies - id: cache-dependencies - uses: actions/cache@v5 - with: - path: node_modules - key: node_modules-${{ hashFiles('package-lock.json') }} - - - name: Install dependencies - if: steps.cache-dependencies.outputs.cache-hit != 'true' - run: npm ci - - - name: Check dependency vulnerabilities - run: npm audit - - validate: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 - with: - node-version: 23 - - - name: Cache dependencies - id: cache-dependencies - uses: actions/cache@v5 - with: - path: node_modules - key: node_modules-${{ hashFiles('package-lock.json') }} - - - name: Install dependencies - if: steps.cache-dependencies.outputs.cache-hit != 'true' - run: npm ci - - - name: Check compilation errors - run: npm run validate - - lint: - runs-on: ubuntu-latest - needs: [ validate ] - steps: - - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 - with: - node-version: 23 - - - name: Cache dependencies - id: cache-dependencies - uses: actions/cache@v5 - with: - path: node_modules - key: node_modules-${{ hashFiles('package-lock.json') }} - - - name: Install dependencies - if: steps.cache-dependencies.outputs.cache-hit != 'true' - run: npm ci - - - name: Check coding standard violations - run: npm run lint - - test: - runs-on: ubuntu-latest - needs: [ validate ] - steps: - - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 - with: - node-version: 23 - - - name: Cache dependencies - id: cache-dependencies - uses: actions/cache@v5 - with: - path: node_modules - key: node_modules-${{ hashFiles('package-lock.json') }} - - - name: Install dependencies - if: steps.cache-dependencies.outputs.cache-hit != 'true' - run: npm ci - - - name: Run tests - run: npm run test + validations: + uses: croct-tech/renovate-public-presets/.github/workflows/javascript-validations.yml@unify-workflows + with: + run-security: true + use-private-registry: false