Merge pull request #3 from docker/ci-publish

ci: fix publish workflow
docker · Jan 30, 2023 · 5360816 · 5360816
2 parents 581e356 + e39eef3
commit 5360816
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 17 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -12,7 +12,13 @@ jobs:
       -
         name: Checkout
         uses: actions/checkout@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
       -
         name: Publish
-        run: |
-          PUBLISH_VERSION=${} make publish
+        uses: docker/bake-action@v2
+        with:
+          targets: publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}
diff --git a/Makefile b/Makefile
diff --git a/dev.Dockerfile b/dev.Dockerfile
@@ -69,3 +69,24 @@ RUN --mount=type=bind,target=.,rw \
 
 FROM scratch AS test-coverage
 COPY --from=test /tmp/coverage /
+
+FROM base AS publish
+ARG GITHUB_REF
+RUN --mount=type=bind,target=.,rw \
+    --mount=type=cache,target=/src/.yarn/cache \
+    --mount=type=cache,target=/src/node_modules \
+    --mount=type=secret,id=NODE_AUTH_TOKEN <<EOT
+  set -e
+  if ! [[ $GITHUB_REF =~ ^refs/tags/v ]]; then
+    echo "GITHUB_REF is not a tag"
+    exit 1
+  fi
+  yarn install
+  yarn run build
+  npm config set //registry.npmjs.org/:_authToken $(cat /run/secrets/NODE_AUTH_TOKEN)
+  npm version --no-git-tag-version ${GITHUB_REF#refs/tags/v}
+  npm publish --access public
+
+  # FIXME: Can't publish with yarn berry atm: https://github.com/changesets/changesets/pull/674
+  #NODE_AUTH_TOKEN=$(cat /run/secrets/NODE_AUTH_TOKEN) yarn publish --no-git-tag-version --new-version ${GITHUB_REF#refs/tags/v}
+EOT
diff --git a/docker-bake.hcl b/docker-bake.hcl
@@ -53,3 +53,19 @@ target "test-coverage" {
   output = ["./coverage"]
   secret = ["id=GITHUB_TOKEN,env=GITHUB_TOKEN"]
 }
+
+# GITHUB_REF is the actual ref that triggers the workflow and used as version
+# when a tag is pushed: https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
+variable "GITHUB_REF" {
+  default = ""
+}
+
+target "publish" {
+  dockerfile = "dev.Dockerfile"
+  args = {
+    GITHUB_REF = GITHUB_REF
+  }
+  target = "publish"
+  output = ["type=cacheonly"]
+  secret = ["id=NODE_AUTH_TOKEN,env=NODE_AUTH_TOKEN"]
+}
diff --git a/package.json b/package.json
@@ -33,7 +33,8 @@
     "lib"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
   },
   "dependencies": {
     "@actions/core": "^1.10.0",