v1.1.0 #8
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish Extension | |
on: | |
release: | |
# This limits the workflow to releases that are not pre-releases. | |
# From the docs: A release was published, or a pre-release was changed to a release. | |
types: [released] | |
# Button for publishing main branch in case there's a failure on the release. | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: Tag to be published | |
type: string | |
required: true | |
jobs: | |
validate-release-environment: | |
runs-on: ubuntu-latest | |
# The `publish` environment is inherited from the org level, and means the job | |
# can't proceed until someone with appropriate permissions approves it. | |
environment: publish | |
steps: | |
# Check out the main branch and get its head commit as output for later. | |
- uses: actions/checkout@v4 | |
with: | |
ref: 'main' | |
- id: get-main-head | |
run: echo "COMMIT_ID=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
# Check out the tag to be released and get its head commit as output for later. | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.release.tag_name || inputs.tag }} | |
- id: get-tag-head | |
run: echo "COMMIT_ID=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
# If the two commits aren't identical, the tag isn't eligible for release. | |
- name: Fail non-matching commits | |
if: ${{ steps.get-main-head.outputs.COMMIT_ID != steps.get-tag-head.outputs.COMMIT_ID }} | |
run: | | |
echo "Tag commit must match latest commit in main branch. Branch head is ${{ steps.get-main-head.outputs.COMMIT_ID }}. Tag head is ${{ steps.get-tag-head.outputs.COMMIT_ID }}." | |
exit 1 | |
# Get the `version` property from `package.json` as output for later. | |
- name: Get package.json version property | |
id: get-package-version | |
run: | | |
echo "PACKAGE_VERSION=$(cat package.json | jq '.version' | xargs)" >> $GITHUB_OUTPUT | |
- run: echo "Package Version is ${{ steps.get-package-version.outputs.PACKAGE_VERSION }}" | |
# Verify that the tag is of the format "vX.Y.Z", exactly matching the corresponding values in the `package.json` version property. | |
- name: Compare tag to package.json | |
run: | | |
TAG=${{ github.event.release.tag_name || inputs.tag }} | |
PACKAGE_VERSION=v${{ steps.get-package-version.outputs.PACKAGE_VERSION }} | |
[[ ${TAG} == ${PACKAGE_VERSION} ]] || (echo "Tag name must match package.json version, prefixed by lowercase v" && exit 1) | |
# Set other miscellaneous environment variables as outputs for later. | |
run-tests: | |
name: 'Test against production scanner' | |
needs: [ 'validate-release-environment' ] | |
uses: ./.github/workflows/run-tests.yml | |
with: | |
# Before publishing, we want to test the extension against whatever | |
# version of the scanner is currently live. | |
use-scanner-tarball: false | |
publish-vscode: | |
name: 'Publish to VSCode Marketplace' | |
needs: [ 'run-tests' ] | |
runs-on: ubuntu-latest | |
env: | |
VSCE_PERSONAL_ACCESS_TOKEN: ${{ secrets.VSCE_PERSONAL_ACCESS_TOKEN }} | |
GITHUB_TOKEN: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }} | |
steps: | |
- name: Checkout the release tag | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.release.tag_name || inputs.tag }} | |
token: ${{ env.GITHUB_TOKEN }} | |
# Set up node and install dependencies. | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 'lts/*' | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
- run: yarn install --frozen-lockfile | |
# Download the .vsix attached to the release. | |
- name: Download Extension From Release | |
run: | | |
mkdir ./extensions | |
gh release download ${{ github.event.release.tag_name || inputs.tag }} -D ./extensions | |
- name: Display downloaded VSIX | |
run: ls -R ./extensions | |
- name: Publish the VSIX | |
run: find ./extensions -type f -name "*.vsix" -exec npx vsce publish --pat ${{ env.VSCE_PERSONAL_ACCESS_TOKEN }} --packagePath {} \; | |
- run: echo "SUCCESSFULLY PUBLISHED" | |
publish-openvsx: | |
name: 'Publish to OpenVSX marketplace' | |
needs: [ 'run-tests' ] | |
runs-on: ubuntu-latest | |
env: | |
IDEE_OVSX_PAT: ${{ secrets.IDEE_OVSX_PAT }} | |
GITHUB_TOKEN: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }} | |
steps: | |
- name: Checkout the release tag | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.release.tag_name || inputs.tag }} | |
token: ${{ env.GITHUB_TOKEN }} | |
# Set up node and install dependencies. | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 'lts/*' | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
- run: yarn install --frozen-lockfile | |
# Download the .vsix attached to the release. | |
- name: Download Extension From Release | |
run: | | |
mkdir ./extensions | |
gh release download ${{ github.event.release.tag_name || inputs.tag }} -D ./extensions | |
- name: Display downloaded VSIX | |
run: ls -R ./extensions | |
- name: Publish the VSIX | |
run: find ./extensions -type f -name "*.vsix" -exec npx ovsx publish {} -p ${{ env.IDEE_OVSX_PAT }} \; | |
- run: echo "SUCCESSFULLY PUBLISHED" | |
create-main2dev-pull-request: | |
needs: [publish-openvsx, publish-vscode] | |
runs-on: macos-latest | |
env: | |
GH_TOKEN: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }} | |
permissions: | |
contents: write | |
pull-requests: write | |
steps: | |
# Check out `main` | |
- uses: actions/checkout@v4 | |
with: | |
ref: 'main' | |
# Create a new branch based on `main`, so that merge conflicts can be resolved manually if need be. | |
- run: | | |
NEW_VERSION=$(jq -r ".version" package.json) | |
git checkout -b m2d/v$NEW_VERSION | |
git push --set-upstream origin m2d/v$NEW_VERSION | |
# Download the VSIX attached to the release, get its SHA sum, and update the SHA file accordingly. | |
- name: Download Extension From Release | |
run: | | |
mkdir ./extensions | |
gh release download ${{ github.event.release.tag_name || inputs.tag }} -D ./extensions | |
find . -type f -name "*.vsix" -exec shasum -a 256 {} \; >> SHA_INFO | |
SHA_INFO=$(cat SHA_INFO) | |
cat templates/SHA256.md > SHA256.md | |
sed -i -e "s|<<SHA_VALUE>>|$SHA_INFO|g" SHA256.md | |
# Use the GraphQL API to create a signed commit that updates SHA256.md as appropriate | |
- run: | | |
# GraphQL needs to know what branch to push to. | |
BRANCH=$(git rev-parse --abbrev-ref HEAD) | |
# GraphQL needs a message for the commit. | |
NEW_VERSION=$(jq -r ".version" package.json) | |
MESSAGE="Updating SHA256.md after $NEW_VERSION release" | |
# GraphQL needs the latest version of the file we changed, as a Base64 encoded string. | |
NEW_SHA256="$(cat SHA256.md | base64)" | |
gh api graphql -F message="$MESSAGE" -F branch="$BRANCH" -F newSha="$NEW_SHA256" \ | |
-F oldOid=`git rev-parse HEAD` -f query=' | |
mutation ($message: String!, $branch: String!, $newSha: Base64String!, $oldOid: GitObjectID!) { | |
createCommitOnBranch(input: { | |
branch: { | |
repositoryNameWithOwner: "forcedotcom/sfdx-code-analyzer-vscode", | |
branchName: $branch | |
}, | |
message: { | |
headline: $message | |
}, | |
fileChanges: { | |
additions: [ | |
{ | |
path: "SHA256.md", | |
contents: $newSha | |
} | |
] | |
}, | |
expectedHeadOid: $oldOid | |
}) { | |
commit { | |
id | |
} | |
} | |
}' | |
# Create the pull request between branches | |
- run: | | |
NEW_VERSION=$(jq -r ".version" package.json) | |
# For whatever reason, the version of 'echo' on GHAs doesn't process backspace by default. | |
# The non-POSIX-standard -e flag causes it to do that. | |
echo -e "This branch and PR were automatically created following the successful release of v$NEW_VERSION.\n\ | |
It must be MERGED into dev, NOT SQUASHED OR REBASED. Squashing or rebasing this branch onto dev can cause potentially irreconcilable merge conflicts later.\n\ | |
As an additional safeguard and reminder, the title of this PR MUST include the word 'merging' in the description portion of the PR title, e.g., 'Main2Dev @W-XXXXXX@ Merging main to dev after vX.Y.Z'.\n\ | |
If there are conflicts between dev and this branch, you should do the following locally:\n\ | |
- $ git checkout dev\n\ | |
- $ git pull\n\ | |
- $ git fetch --all\n\ | |
- $ git checkout m2d/v$NEW_VERSION\n\ | |
- $ git pull origin dev --no-rebase # You MUST include this flag, or someone's day will be ruined.\n\ | |
- Resolve the merge conflicts manually. When in doubt, ask the code's author for help.\n\ | |
- $ git commit\n\ | |
- $ git push" > body.txt | |
# Create the pull request | |
gh pr create -B dev -H m2d/v$NEW_VERSION --title "Filler title. Read description and rename." -F body.txt | |