From c2099bf3481f4e85e7f839adb30e1b1f261f930c Mon Sep 17 00:00:00 2001 From: David Sanders Date: Wed, 4 Sep 2024 13:36:12 -0400 Subject: [PATCH] ci: use GHA for CFA releases (#149) --- .circleci/config.yml | 94 ------------------------------- .github/workflows/publish-npm.yml | 62 ++++++++++++++++++++ .github/workflows/release.yml | 40 +++++-------- .github/workflows/test.yml | 60 ++++++++++++++++++++ README.md | 2 +- package-lock.json | 14 ++--- package.json | 2 +- 7 files changed, 146 insertions(+), 128 deletions(-) delete mode 100644 .circleci/config.yml create mode 100644 .github/workflows/publish-npm.yml create mode 100644 .github/workflows/test.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index bde590e..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,94 +0,0 @@ -version: 2.1 - -orbs: - node: electronjs/node@2.3.0 - -jobs: - release: - docker: - - image: cimg/node:18.17 - steps: - - checkout - - run: - name: Update Version - command: node script/update-version.js << pipeline.git.tag >> - - run: - name: Install Dependencies - command: npm ci - - run: - name: Obtain Publishing Credentials - command: npx @continuous-auth/circleci-oidc-github-auth@1.0.4 - - run: - name: Confirm Version Updated - command: node -e "if (require('./package.json').version === '0.0.0-development') process.exit(1)" - - run: - name: Set NPM Credentials - command: echo //registry.npmjs.org/:_authToken=${NPM_TOKEN} > ~/.npmrc - - run: - name: Check NPM Credentials - command: npm whoami - - run: - name: CFA Publish - command: node script/publish.js - no_output_timeout: 30m - -workflows: - test_and_release: - jobs: - - node/test: - name: test-<< matrix.executor >>-<< matrix.node-version >> - pkg-manager: npm - post-node-js-install-steps: - - when: - condition: - equal: [node/linux, << matrix.executor >>] - steps: - - run: - name: Linux specific setup - command: | - sudo apt-get update - sudo apt-get install -y \ - --no-install-recommends \ - libnss3 - - when: - condition: << pipeline.git.tag >> - steps: - - run: - name: Update Version - command: node script/update-version.js << pipeline.git.tag >> - - unless: - condition: << pipeline.git.tag >> - steps: - - run: echo 'export ELECTRON_CHROMEDRIVER_STABLE_FALLBACK=1' >> $BASH_ENV - test-steps: - - run: node --version - - run: npm --version - - run: npm test - use-test-steps: true - matrix: - alias: test - parameters: - executor: - - node/linux - - node/macos - - node/windows - node-version: - - '20.5.1' - - '18.17.0' - - '16.20.1' - - '14.21.3' - exclude: - - executor: node/macos - node-version: '14.21.3' - filters: - tags: - only: /.*/ - - release: - requires: - - test - filters: - tags: - only: /^v.*/ - branches: - ignore: /.*/ - context: cfa-release diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml new file mode 100644 index 0000000..932a7b3 --- /dev/null +++ b/.github/workflows/publish-npm.yml @@ -0,0 +1,62 @@ +name: Publish npm Release + +on: + push: + tags: + - v[0-9]+.[0-9]+.[0-9]+ + +jobs: + test: + uses: ./.github/workflows/test.yml + with: + electron-version: ${{ github.ref_name }} + release: + runs-on: ubuntu-latest + needs: test + environment: npm + permissions: + contents: write # for creating new release + id-token: write # for CFA + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: "Use Node.js ${{ matrix.node-version }}" + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + with: + node-version: "20.16.0" + - name: Update Version + run: node script/update-version.js ${{ github.ref_name }} + - name: Confirm Version Updated + run: node -e "if (require('./package.json').version === '0.0.0-development') process.exit(1)" + - name: Install Dependencies + run: npm ci + - name: Obtain OIDC token + id: oidc + run: | + token=$(curl --fail -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \ + "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=continuousauth.dev" | jq -r '.value') + echo "::add-mask::${token}" + echo "token=${token}" >> $GITHUB_OUTPUT + - name: Obtain GitHub credentials + id: github_creds + run: | + token=$(curl --fail "https://continuousauth.dev/api/request/${{ secrets.CFA_PROJECT_ID }}/github/credentials" \ + -X POST \ + -H "Content-Type: application/json" \ + -H "Authorization: bearer ${{ secrets.CFA_SECRET }}" \ + --data "{\"token\":\"${{ steps.oidc.outputs.token }}\"}" | jq -r '.GITHUB_TOKEN') + echo "::add-mask::${token}" + echo "token=${token}" >> $GITHUB_OUTPUT + - name: Set NPM Credentials + run: echo //registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }} > ~/.npmrc + - name: Check NPM Credentials + run: npm whoami + - name: CFA Publish + env: + CFA_PROJECT_ID: ${{ secrets.CFA_PROJECT_ID }} + CFA_SECRET: ${{ secrets.CFA_SECRET }} + GITHUB_OIDC_TOKEN: ${{ steps.oidc.outputs.token }} + run: node script/publish.js + - name: Create Release + env: + GITHUB_TOKEN: ${{ steps.github_creds.outputs.token }} + run: gh release create ${{ github.ref_name }} -t ${{ github.ref_name }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fb42466..70dc309 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,36 +7,26 @@ on: description: Electron version to use with "v" prefix (e.g. v30.0.0) required: true -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - jobs: - smoke_test: + test: + uses: ./.github/workflows/test.yml + with: + electron-version: ${{ github.event.inputs.version }} + tag_new_version: runs-on: ubuntu-latest + environment: deps-releaser + needs: test steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Setup Node.js - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1 + - name: Generate GitHub App token + uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1 + id: generate-token with: - node-version: "20.10.0" - - name: Update Version - run: node script/update-version.js ${{ github.event.inputs.version }} - - name: Install Dependencies - run: npm i - - name: Run Tests - run: npm test - create_new_version: - runs-on: ubuntu-latest - needs: smoke_test - permissions: - contents: write - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - # Tag here, the CircleCI workflow will trigger on the new tag and do the CFA publish + creds: ${{ secrets.DEPS_RELEASER_GH_APP_CREDS }} + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + token: ${{ steps.generate-token.outputs.token }} + # Tag here, the publish-npm.yml workflow will trigger on the new tag and do the CFA publish - name: Push New Tag run: | git tag ${{ github.event.inputs.version }} git push origin ${{ github.event.inputs.version }} - - name: Create Release - run: | - gh release create ${{ github.event.inputs.version }} -t ${{ github.event.inputs.version }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..95986d7 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,60 @@ +name: Test + +on: + workflow_call: + inputs: + electron-version: + required: true + type: string + workflow_dispatch: + schedule: + - cron: '0 19 * * 1-5' + push: + branches: + - main + pull_request: + branches: + - main + +permissions: + contents: read + +jobs: + test: + defaults: + run: + shell: bash + strategy: + matrix: + node-version: + - '20.16.0' + - '18.20.4' + - '16.20.2' + - '14.21.3' + os: + - macos-latest + - ubuntu-latest + - windows-latest + exclude: + - os: macos-latest + node-version: 14.21.3 + runs-on: "${{ matrix.os }}" + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: "Use Node.js ${{ matrix.node-version }}" + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + with: + node-version: "${{ matrix.node-version }}" + - name: Update Version + if: ${{ inputs.electron-version != '' }} + run: node script/update-version.js ${{ inputs.electron-version }} + - name: Use Latest Electron Version + if: ${{ inputs.electron-version == '' }} + run: echo "ELECTRON_CHROMEDRIVER_STABLE_FALLBACK=1" >> $GITHUB_ENV + - name: Install Dependencies + run: npm ci + - name: Run Tests + run: | + node --version + npm --version + npm test diff --git a/README.md b/README.md index a40be49..86fa757 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Electron ChromeDriver -[![CircleCI Status](https://circleci.com/gh/electron/chromedriver/tree/main.svg?style=shield)](https://circleci.com/gh/electron/chromedriver/tree/main) +[![Test](https://github.com/electron/chromedriver/actions/workflows/test.yml/badge.svg)](https://github.com/electron/chromedriver/actions/workflows/test.yml) [![npm:](https://img.shields.io/npm/v/electron-chromedriver.svg)](https://www.npmjs.com/package/electron-chromedriver)
[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](https://standardjs.com/) diff --git a/package-lock.json b/package-lock.json index a3f261b..85c2eb3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,7 +17,7 @@ "chromedriver": "chromedriver.js" }, "devDependencies": { - "@continuous-auth/client": "^2.2.2", + "@continuous-auth/client": "^2.3.0", "@electron/fiddle-core": "^1.3.3", "mocha": "^10.1.0", "standard": "^13.1.0" @@ -47,9 +47,9 @@ } }, "node_modules/@continuous-auth/client": { - "version": "2.2.3", - "resolved": "https://registry.npmjs.org/@continuous-auth/client/-/client-2.2.3.tgz", - "integrity": "sha512-UyKldKkntlaQyoDjURX42a5H6BiCpw/IPueLjbDUQX9UxJfI+duu4BTk/rbl8Z2jJaoRHWP74AQKyFmA48I3Ew==", + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/@continuous-auth/client/-/client-2.3.2.tgz", + "integrity": "sha512-/QG87OYqFbNkM7fxEf53QN6KKvXQF4SyBp4eQk4uCM2O24dNj2fBfEUNS2NYgEoGCtu9YHGn3dcCLrgNAcBaGw==", "dev": true, "dependencies": { "axios": "^1.6.2" @@ -4299,9 +4299,9 @@ } }, "@continuous-auth/client": { - "version": "2.2.3", - "resolved": "https://registry.npmjs.org/@continuous-auth/client/-/client-2.2.3.tgz", - "integrity": "sha512-UyKldKkntlaQyoDjURX42a5H6BiCpw/IPueLjbDUQX9UxJfI+duu4BTk/rbl8Z2jJaoRHWP74AQKyFmA48I3Ew==", + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/@continuous-auth/client/-/client-2.3.2.tgz", + "integrity": "sha512-/QG87OYqFbNkM7fxEf53QN6KKvXQF4SyBp4eQk4uCM2O24dNj2fBfEUNS2NYgEoGCtu9YHGn3dcCLrgNAcBaGw==", "dev": true, "requires": { "axios": "^1.6.2" diff --git a/package.json b/package.json index 9d6ae43..9695268 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "extract-zip": "^2.0.0" }, "devDependencies": { - "@continuous-auth/client": "^2.2.2", + "@continuous-auth/client": "^2.3.0", "@electron/fiddle-core": "^1.3.3", "mocha": "^10.1.0", "standard": "^13.1.0"