Skip to content
Publish Extension

v1.2.0 #9

Sign in to view logs

v1.2.0

v1.2.0 #9

Workflow file for this run

.github/workflows/publish.yml at 84dcae5
name: Publish Extension
on:
release:
# This limits the workflow to releases that are not pre-releases.
# From the docs: A release was published, or a pre-release was changed to a release.
types: [released]
# Button for publishing main branch in case there's a failure on the release.
workflow_dispatch:
inputs:
tag:
description: Tag to be published
type: string
required: true
jobs:
validate-release-environment:
runs-on: ubuntu-latest
# The `publish` environment is inherited from the org level, and means the job
# can't proceed until someone with appropriate permissions approves it.
environment: publish
steps:
# Check out the main branch and get its head commit as output for later.
- uses: actions/checkout@v4
with:
ref: 'main'
- id: get-main-head
run: echo "COMMIT_ID=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
# Check out the tag to be released and get its head commit as output for later.
- uses: actions/checkout@v4
with:
ref: ${{ github.event.release.tag_name || inputs.tag }}
- id: get-tag-head
run: echo "COMMIT_ID=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
# If the two commits aren't identical, the tag isn't eligible for release.
- name: Fail non-matching commits
if: ${{ steps.get-main-head.outputs.COMMIT_ID != steps.get-tag-head.outputs.COMMIT_ID }}
run: |
echo "Tag commit must match latest commit in main branch. Branch head is ${{ steps.get-main-head.outputs.COMMIT_ID }}. Tag head is ${{ steps.get-tag-head.outputs.COMMIT_ID }}."
exit 1
# Get the `version` property from `package.json` as output for later.
- name: Get package.json version property
id: get-package-version
run: |
echo "PACKAGE_VERSION=$(cat package.json | jq '.version' | xargs)" >> $GITHUB_OUTPUT
- run: echo "Package Version is ${{ steps.get-package-version.outputs.PACKAGE_VERSION }}"
# Verify that the tag is of the format "vX.Y.Z", exactly matching the corresponding values in the `package.json` version property.
- name: Compare tag to package.json
run: |
TAG=${{ github.event.release.tag_name || inputs.tag }}
PACKAGE_VERSION=v${{ steps.get-package-version.outputs.PACKAGE_VERSION }}
[[ ${TAG} == ${PACKAGE_VERSION} ]] || (echo "Tag name must match package.json version, prefixed by lowercase v" && exit 1)
# Set other miscellaneous environment variables as outputs for later.
run-tests:
name: 'Test against production scanner'
needs: [ 'validate-release-environment' ]
uses: ./.github/workflows/run-tests.yml
with:
# Before publishing, we want to test the extension against whatever
# version of the scanner is currently live.
use-scanner-tarball: false
publish-vscode:
name: 'Publish to VSCode Marketplace'
needs: [ 'run-tests' ]
runs-on: ubuntu-latest
env:
VSCE_PERSONAL_ACCESS_TOKEN: ${{ secrets.VSCE_PERSONAL_ACCESS_TOKEN }}
GITHUB_TOKEN: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }}
steps:
- name: Checkout the release tag
uses: actions/checkout@v4
with:
ref: ${{ github.event.release.tag_name || inputs.tag }}
token: ${{ env.GITHUB_TOKEN }}
# Set up node and install dependencies.
- uses: actions/setup-node@v4
with:
node-version: 'lts/*'
- uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '11'
- run: yarn install --frozen-lockfile
# Download the .vsix attached to the release.
- name: Download Extension From Release
run: |
mkdir ./extensions
gh release download ${{ github.event.release.tag_name || inputs.tag }} -D ./extensions
- name: Display downloaded VSIX
run: ls -R ./extensions
- name: Publish the VSIX
run: find ./extensions -type f -name "*.vsix" -exec npx vsce publish --pat ${{ env.VSCE_PERSONAL_ACCESS_TOKEN }} --packagePath {} \;
- run: echo "SUCCESSFULLY PUBLISHED"
publish-openvsx:
name: 'Publish to OpenVSX marketplace'
needs: [ 'run-tests' ]
runs-on: ubuntu-latest
env:
IDEE_OVSX_PAT: ${{ secrets.IDEE_OVSX_PAT }}
GITHUB_TOKEN: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }}
steps:
- name: Checkout the release tag
uses: actions/checkout@v4
with:
ref: ${{ github.event.release.tag_name || inputs.tag }}
token: ${{ env.GITHUB_TOKEN }}
# Set up node and install dependencies.
- uses: actions/setup-node@v4
with:
node-version: 'lts/*'
- uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '11'
- run: yarn install --frozen-lockfile
# Download the .vsix attached to the release.
- name: Download Extension From Release
run: |
mkdir ./extensions
gh release download ${{ github.event.release.tag_name || inputs.tag }} -D ./extensions
- name: Display downloaded VSIX
run: ls -R ./extensions
- name: Publish the VSIX
run: find ./extensions -type f -name "*.vsix" -exec npx ovsx publish {} -p ${{ env.IDEE_OVSX_PAT }} \;
- run: echo "SUCCESSFULLY PUBLISHED"
create-main2dev-pull-request:
needs: [publish-openvsx, publish-vscode]
runs-on: macos-latest
env:
GH_TOKEN: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }}
permissions:
contents: write
pull-requests: write
steps:
# Check out `main`
- uses: actions/checkout@v4
with:
ref: 'main'
# Create a new branch based on `main`, so that merge conflicts can be resolved manually if need be.
- run: |
NEW_VERSION=$(jq -r ".version" package.json)
git checkout -b m2d/v$NEW_VERSION
git push --set-upstream origin m2d/v$NEW_VERSION
# Download the VSIX attached to the release, get its SHA sum, and update the SHA file accordingly.
- name: Download Extension From Release
run: |
mkdir ./extensions
gh release download ${{ github.event.release.tag_name || inputs.tag }} -D ./extensions
find . -type f -name "*.vsix" -exec shasum -a 256 {} \; >> SHA_INFO
SHA_INFO=$(cat SHA_INFO)
cat templates/SHA256.md > SHA256.md
sed -i -e "s|<<SHA_VALUE>>|$SHA_INFO|g" SHA256.md
# Use the GraphQL API to create a signed commit that updates SHA256.md as appropriate
- run: |
# GraphQL needs to know what branch to push to.
BRANCH=$(git rev-parse --abbrev-ref HEAD)
# GraphQL needs a message for the commit.
NEW_VERSION=$(jq -r ".version" package.json)
MESSAGE="Updating SHA256.md after $NEW_VERSION release"
# GraphQL needs the latest version of the file we changed, as a Base64 encoded string.
NEW_SHA256="$(cat SHA256.md | base64)"
gh api graphql -F message="$MESSAGE" -F branch="$BRANCH" -F newSha="$NEW_SHA256" \
-F oldOid=`git rev-parse HEAD` -f query='
mutation ($message: String!, $branch: String!, $newSha: Base64String!, $oldOid: GitObjectID!) {
createCommitOnBranch(input: {
branch: {
repositoryNameWithOwner: "forcedotcom/sfdx-code-analyzer-vscode",
branchName: $branch
},
message: {
headline: $message
},
fileChanges: {
additions: [
{
path: "SHA256.md",
contents: $newSha
}
]
},
expectedHeadOid: $oldOid
}) {
commit {
id
}
}
}'
# Create the pull request between branches
- run: |
NEW_VERSION=$(jq -r ".version" package.json)
# For whatever reason, the version of 'echo' on GHAs doesn't process backspace by default.
# The non-POSIX-standard -e flag causes it to do that.
echo -e "This branch and PR were automatically created following the successful release of v$NEW_VERSION.\n\
It must be MERGED into dev, NOT SQUASHED OR REBASED. Squashing or rebasing this branch onto dev can cause potentially irreconcilable merge conflicts later.\n\
As an additional safeguard and reminder, the title of this PR MUST include the word 'merging' in the description portion of the PR title, e.g., 'Main2Dev @W-XXXXXX@ Merging main to dev after vX.Y.Z'.\n\
If there are conflicts between dev and this branch, you should do the following locally:\n\
- $ git checkout dev\n\
- $ git pull\n\
- $ git fetch --all\n\
- $ git checkout m2d/v$NEW_VERSION\n\
- $ git pull origin dev --no-rebase # You MUST include this flag, or someone's day will be ruined.\n\
- Resolve the merge conflicts manually. When in doubt, ask the code's author for help.\n\
- $ git commit\n\
- $ git push" > body.txt
# Create the pull request
gh pr create -B dev -H m2d/v$NEW_VERSION --title "Filler title. Read description and rename." -F body.txt