From 43530c087fb86e8632c31451744a2e334b1e2aaf Mon Sep 17 00:00:00 2001 From: Varun Sharma Date: Fri, 14 Oct 2022 11:25:15 -0700 Subject: [PATCH] Address review comments Signed-off-by: Varun Sharma --- .github/workflows/npm-publish.yml | 39 ++++++++++++++++--------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml index f94f9b4fe4..acb9d31f03 100644 --- a/.github/workflows/npm-publish.yml +++ b/.github/workflows/npm-publish.yml @@ -19,31 +19,30 @@ jobs: with: ref: ${{ github.event.inputs.tag }} - - name: Match semver pattern - uses: actions-ecosystem/action-regex-match@v2 - id: regex-match - with: - text: ${{ github.event.inputs.tag }} - regex: '^v((([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?)$' - - name: Check package version id: cpv uses: PostHog/check-package-version@v2 + - run: npm install semver + - name: Validate tag uses: actions/github-script@v6 with: script: | - const match = `${{ steps.regex-match.outputs.match }}`; - if(match === '') { - core.setFailed(`Tag ${context.payload.inputs.tag} does not match semver pattern`); - } else { + const semver = require('semver') + + const tag = `${context.payload.inputs.tag}`; + const version = tag.substring(1); + + if (semver.valid(version)) { const isNewVersion = `${{ steps.cpv.outputs.is-new-version }}`; - if(isNewVersion === 'true') { + if (isNewVersion === 'true') { console.log(`Version ${context.payload.inputs.tag} has not been published yet`); } else { core.setFailed(`Version ${context.payload.inputs.tag} is already published`); } + } else { + core.setFailed(`Tag ${context.payload.inputs.tag} does not match semver pattern`); } check-status: needs: check-version @@ -86,7 +85,7 @@ jobs: }); for (const check_run of check_runs.data.check_runs) { - if (!(check_run.status === 'completed' && check_run.conclusion === 'success')){ + if (check_run.status !== 'completed' || check_run.conclusion !== 'success') { console.log(`${check_run.name} check failed`); core.setFailed(`Required status check ${check_run.name} did not succeed`); } @@ -107,6 +106,7 @@ jobs: allowed-endpoints: > github.com:443 hooks.slack.com:443 + nodejs.org:443 prod.api.stepsecurity.io:443 registry.npmjs.org:443 @@ -114,12 +114,15 @@ jobs: with: ref: ${{ github.event.inputs.tag }} - - uses: actions/setup-node@v3 + - uses: ljharb/actions/node/install@main + name: "nvm install lts/* && npm install" with: - node-version: "16.x" - registry-url: "https://registry.npmjs.org" + node-version: "lts/*" + env: + NPM_CONFIG_LEGACY_PEER_DEPS: true - - run: npm install + - run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NODE_AUTH_TOKEN }}" >> .npmrc + - run: npm publish --dry-run - uses: step-security/wait-for-secrets@v1 id: wait-for-secrets @@ -131,5 +134,3 @@ jobs: description: 'OTP from authenticator app' - run: npm publish --access public --otp ${{ steps.wait-for-secrets.outputs.OTP }} - env: - NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}