fix: code reuse and correctness of token build script (#618) #1433
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Delivery | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| jobs: | |
| install: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 | |
| - name: Set up Node.js version | |
| uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| node-version-file: .nvmrc | |
| - name: Check for known security issues with npm packages | |
| run: | | |
| echo "Auditing npm dependencies before installing them. For more information, see: https://nldesignsystem.nl/pnpm-audit" | |
| pnpm audit --audit-level critical | |
| - name: Install dependencies | |
| run: | | |
| pnpm install --frozen-lockfile | |
| pnpm ls --recursive | |
| lint: | |
| runs-on: ubuntu-latest | |
| needs: install | |
| steps: | |
| - name: Checkout branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 | |
| - name: Set up Node.js version | |
| uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| node-version-file: .nvmrc | |
| - name: Check for known security issues with npm packages | |
| run: | | |
| echo "Auditing npm dependencies before installing them. For more information, see: https://nldesignsystem.nl/pnpm-audit" | |
| pnpm audit --audit-level critical | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: "Continuous Integration: lint" | |
| run: pnpm run --if-present lint | |
| merge-tokens: | |
| runs-on: ubuntu-latest | |
| needs: install | |
| steps: | |
| - name: Checkout branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 | |
| - name: Set up Node.js version | |
| uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| node-version-file: .nvmrc | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Check if merge-token-sets is required | |
| id: needtokenmerge | |
| run: | | |
| if git diff --name-only ${{ github.event.before }} ${{ github.sha }} | grep '^proprietary/lux-community-design-tokens/src/.*\.json'; then | |
| echo "changed=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "changed=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Merge RHC tokens with LUX community overrides | |
| if: steps.needtokenmerge.outputs.changed == 'true' | |
| run: pnpm --filter @lux-design-system/lux-community-design-tokens merge-token-sets | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: [merge-tokens, install] | |
| steps: | |
| - name: Checkout branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 | |
| - name: Set up Node.js version | |
| uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| node-version-file: .nvmrc | |
| - name: Check for known security issues with npm packages | |
| run: | | |
| echo "Auditing npm dependencies before installing them. For more information, see: https://nldesignsystem.nl/pnpm-audit" | |
| pnpm audit --audit-level critical | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: "Continuous Integration: build" | |
| env: | |
| BASE_URL: "/utrecht/" | |
| run: pnpm run --if-present build | |
| - name: "Continuous Integration: lint build" | |
| env: | |
| BASE_URL: "/utrecht/" | |
| run: pnpm run --if-present lint-build | |
| - name: "Continuous Integration: test build" | |
| env: | |
| BASE_URL: "/utrecht/" | |
| run: pnpm run --if-present test-build | |
| - name: "Retain build artifact: storybook" | |
| uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
| with: | |
| name: storybook | |
| path: packages/storybook/dist/ | |
| retention-days: 1 | |
| - name: Upload artifact for GitHub Pages | |
| uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0 | |
| with: | |
| path: packages/storybook/dist/ | |
| test: | |
| runs-on: ubuntu-latest | |
| needs: install | |
| steps: | |
| - name: Checkout branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 | |
| - name: Set up Node.js version | |
| uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| node-version-file: .nvmrc | |
| - name: Check for known security issues with npm packages | |
| run: | | |
| echo "Auditing npm dependencies before installing them. For more information, see: https://nldesignsystem.nl/pnpm-audit" | |
| pnpm audit --audit-level critical | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: "Continuous Integration: test" | |
| run: pnpm run --if-present test | |
| regression: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Checkout release branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: "Restore build artifact: Storybook" | |
| uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
| with: | |
| name: storybook | |
| path: packages/storybook/dist/ | |
| - name: "Publish to Chromatic" | |
| uses: chromaui/action@13180b77f984a874c7a7eca8b35027d6e613e8c2 # v11.5.6 | |
| if: | | |
| github.event.pull_request.draft == false && | |
| github.actor != 'dependabot[bot]' | |
| with: | |
| autoAcceptChanges: main | |
| projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }} | |
| storybookBuildDir: packages/storybook/dist/ | |
| exitZeroOnChanges: "!(main)" | |
| publish-website: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: github.ref == 'refs/heads/main' | |
| environment: | |
| name: github-pages | |
| url: ${{ steps.deploy-pages.outputs.page_url }} | |
| permissions: | |
| id-token: write | |
| pages: write | |
| steps: | |
| - name: Deploy to GitHub Pages | |
| uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 | |
| id: deploy-pages | |
| publish-npm: | |
| runs-on: ubuntu-latest | |
| needs: [lint, test] | |
| if: github.ref == 'refs/heads/main' | |
| environment: | |
| name: publish | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout release branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| token: ${{ secrets.GH_TOKEN }} | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 | |
| - name: Set up Node.js version | |
| uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| node-version-file: .nvmrc | |
| - name: "Continuous Deployment: install" | |
| run: | | |
| pnpm install --frozen-lockfile | |
| pnpm ls --recursive | |
| - name: "Continuous Deployment: build" | |
| run: pnpm run --if-present build | |
| - name: Publish to npm Registry | |
| uses: changesets/action@6a0a831ff30acef54f2c6aa1cbbc1096b066edaf # v1.7.0 | |
| id: changeset | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
| GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }} | |
| GIT_AUTHOR_NAME: "NL Design System" | |
| GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }} | |
| GIT_COMMITTER_NAME: "NL Design System" | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| with: | |
| commit: "docs(release): design system packages" | |
| setupGitUser: false | |
| title: "docs(release): design system packages" | |
| publish: "pnpm run publish" | |
| version: "pnpm run version" | |
| # Publish canary releases only if the packages weren't published already | |
| - name: Publishing canary releases to npm | |
| if: steps.changeset.outputs.published != 'true' | |
| run: | | |
| git checkout main | |
| pnpm run version:canary | |
| pnpm config set "//registry.npmjs.org/:_authToken" "${NPM_TOKEN}" | |
| pnpm run publish:canary | |
| pnpm config delete "//registry.npmjs.org/:_authToken" | |
| env: | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| # - name: "Continuous Deployment: publish to npm" | |
| # env: | |
| # NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| # NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| # run: | | |
| # pnpm config set "//registry.npmjs.org/:_authToken" "${NPM_TOKEN}" | |
| # pnpm run publish | |
| # pnpm config delete "//registry.npmjs.org/:_authToken" |