Create workflows to release Node.js adapter from own repo #521
Conversation
There was a problem hiding this comment.
Couple of notes:
- I think this workflow doesn't need individual jobs, this could all be handled in a single job entirely. This also reduces the amount of re-downloading artifacts and settig up tooling, and makes it all easier to follow.
- We can probably remove release related scripts such as
set-version.shandrelease.shfrom the project root.
| run: git tag --force ${{ inputs.tag }} | ||
|
|
||
| - name: Push changes | ||
| run: git push --force origin refs/tags/${{ inputs.tag }} |
There was a problem hiding this comment.
This would only push the tag right? Don't we also want to push the commit itself?
There was a problem hiding this comment.
The commit itself is pushed just into the tag. But it is not pushed to the main branch (or release/X.Y branch) itself. I think it is done intentionally that way and it is the approach used in all Keycloak repositories.
For example last commit in the 26.0.7 tag contains the version commit: https://github.com/keycloak/keycloak-nodejs-connect/commits/26.0.7/ .
But the release/26.0 branch itself, from which the tag was created, does not contain that version commit: https://github.com/keycloak/keycloak-nodejs-connect/commits/release/26.0 .
I prefer to be consistent with other Keycloak repositories and hence keep put the version commit just to the tag. Or did you mean something different?
There was a problem hiding this comment.
Hmmm, yeah I guess this makes sense. The question is if we want to do trunk based development for the Node.js adapter and have all the version commits there. I agree that we can keep it like this for now.
mposolda
force-pushed
the
520-release-wf
branch
from
10dc7df to
0a8a83e
Compare
+1 for the point 1. I will rewrite that to use the steps only and not individual jobs. Was trying to be consistent with For (2), I will remove |
closes keycloak#520 Signed-off-by: mposolda <[email protected]> Co-authored-by: Jon Koops <[email protected]> Signed-off-by: Marek Posolda <[email protected]>
mposolda
force-pushed
the
520-release-wf
branch
from
efeafcb to
9e81c9f
Compare
|
@jonkoops Updated a PR to:
Re-review welcome |
|
@jonkoops Thanks! I guess we can wait after Keycloak 26.1.0 release (we can merge beforehand as well if you prefer, but I suppose Keycloak 26.1 release would be still done from |
closes #520
Ability to release node.js adapter from it's own repository. PR introduces 2 workflows:
Release nightly- for trigger nightly releases of node.js adapterRelease- for trigger regular release of node.js adapterWorkflows are doing same steps like the related workflows in
keycloak-rel. There is related PR to keycloak-rel, which removes the node.js related workflows fromkeycloak-rel: keycloak-rel-testing/keycloak-rel#45 (So far only PR to the "testing" fork of keycloak-rel)Secrets needed
The workflows require secret present in the repository, which is not there yet:
NPM_TOKEN- Token needed to be able to publish to npm registry like https://www.npmjs.com/package/keycloak-connect/v/26.0.7 . Needed only forRelease(not needed forRelease nightly)Note that
GH_TOKENorGITHUB_TOKENis not needed as a secret in the repository due it is created automatically and has the needed permissions.Testing
Workflows tested in my own fork (everything work as expected, but publishing to NPM was only executed with
--dry-run, so did not publish anything. I don't have properNPM_TOKENanyway in my repository):https://github.com/mposolda/keycloak-nodejs-connect/actions/runs/12242029832
https://github.com/mposolda/keycloak-nodejs-connect/actions/runs/12242053798