viaprog/shaka-player
1
0
Fork 0
mirror of https://github.com/shaka-project/shaka-player.git synced 2026-06-26 17:46:26 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
c2bd00a5e7f5b547a0aabcbcf0068d76b7906177
shaka-player/.github/workflows/release-please.yaml
T
Joey Parrish 2dd811d3e5 chore: Add missing comment in release workflow (#9800) 
This tripped me up in another repo, and it was already solved in Shaka,
but not called out. This comment might have saved me some grief.
2026-03-06 10:20:05 -08:00

247 lines
8.8 KiB
YAML
Raw Blame History

name: Release
on:
push:
branches:
- main
- v[0-9]*
jobs:
release:
runs-on: ubuntu-latest
outputs:
release_created: ${{ steps.release.outputs.release_created }}
tag_name: ${{ steps.release.outputs.tag_name }}
patch: ${{ steps.release.outputs.patch }}
permissions:
# Write to "contents" is needed to create a release
contents: write
# Write to pull-requests is needed to create and update the release PR
pull-requests: write
steps:
# Create/update release PR
- uses: googleapis/release-please-action@v4
id: release
with:
# Make sure we create the PR against the correct branch.
target-branch: ${{ github.ref_name }}
# Use a special shaka-bot access token for releases.
token: ${{ secrets.RELEASE_PLEASE_TOKEN }}
# See also settings in these files:
manifest-file: .release-please-manifest.json
config-file: .release-please-config.json
# The jobs below are all conditional on a release having been created by
# someone merging the release PR. They all run in parallel.
tag-main:
runs-on: ubuntu-latest
needs: release
if: needs.release.outputs.release_created && needs.release.outputs.patch != '0'
steps:
- uses: actions/checkout@v4
with:
# Check out the origin repo, and do it at main, not the PR branch.
ref: main
# Use a special shaka-bot access token for releases.
token: ${{ secrets.RELEASE_PLEASE_TOKEN }}
# We want to explicitly use these credentials to push a tag.
# The job is only one more step, so they don't leak.
persist-credentials: true
- name: Tag the main branch
run: |
# Set missing git config for the tag.
git config user.name "shaka-bot"
git config user.email "shaka-bot@users.noreply.github.com"
# Tag the main branch.
VERSION=${{ needs.release.outputs.tag_name }}
git tag -m "$VERSION-main" "$VERSION-main"
git push origin "$VERSION-main"
npm:
runs-on: ubuntu-latest
needs: release
if: needs.release.outputs.release_created
permissions:
# Required for OIDC ("trusted publishing")
id-token: write
# Write to "contents" is needed to attach files to the release
contents: write
steps:
- uses: actions/checkout@v4
with:
ref: refs/tags/${{ needs.release.outputs.tag_name }}
persist-credentials: false
# Needed to view all tags and correctly compute the latest tag:
fetch-depth: 0
- uses: actions/setup-java@v4
with:
distribution: zulu
java-version: 21
- uses: actions/setup-node@v4
with:
# NOTE: OIDC fails with node less than 24.
node-version: 24
registry-url: 'https://registry.npmjs.org'
# NOTE: OIDC fails with npm less than 11.5.1.
- name: Update npm
run: sudo npm install -g npm@11.7
- name: Compute NPM tags
run: |
# NPM publish always sets a tag. If you don't provide an explicit
# tag, you get the "latest" tag by default, but we want "latest" to
# always point to the highest version number. So we set an explicit
# tag on every "publish" command, either "latest" for the latest, or
# a dummy tag otherwise.
# We only tag the NPM package as "latest" if this release is the
# highest version to date.
GIT_TAG_NAME=${{ needs.release.outputs.tag_name }}
RELEASE_TAGS=$(git tag | grep ^v[0-9] | grep -Ev -- '-(master|main)')
LATEST_RELEASE=$(echo "$RELEASE_TAGS" | sort --version-sort | tail -1)
if [[ "$GIT_TAG_NAME" == "$LATEST_RELEASE" ]]; then
NPM_LATEST=true
else
NPM_LATEST=false
fi
echo NPM_LATEST=$NPM_LATEST >> $GITHUB_ENV
# Debug the decisions made here.
echo "Latest release: $LATEST_RELEASE"
echo "This release: $GIT_TAG_NAME"
echo "NPM latest: $NPM_LATEST"
- run: npm ci
# NOTE: OIDC fails if the repository URL doesn't match package.json, but
# Shaka Player's prepublish checks will reject any local changes beyond
# the tag. So if you fork this package, update repository.url in
# package.json to match.
- name: Publish
run: |
set -x
# Publish with an explicit tag.
# NOTE: --access public is required for scoped forks.
if [[ "$NPM_LATEST" == "true" ]]; then
# The "latest" tag is implied and automatic.
npm publish --access public
else
# You can't **not** have a tag. So if we don't want to overwrite
# "latest" (implied default), we have to overwrite something else.
# Even with NPM 11, if you don't do this, instead of overwriting
# "latest", it will detect that it's inappropriate, and **fail**.
# See https://github.com/npm/npm/issues/10625
# and https://github.com/npm/cli/issues/7553
# See also https://github.com/npm/cli/issues/8547, which killed our
# system of branch-specific tags.
npm publish --access public --tag tag-required-see-npm-bug-10625
fi
# Stores the file name into the file "tarball" (unpredictable for forks).
- run: npm pack --ignore-scripts > tarball
- name: Attach to release
env:
GITHUB_TOKEN: ${{ secrets.RELEASE_PLEASE_TOKEN }}
# Reads the file name from the file "tarball".
run: gh release upload --clobber "${{ needs.release.outputs.tag_name }}" "$(cat tarball)"
appspot:
runs-on: ubuntu-latest
needs: release
if: needs.release.outputs.release_created
steps:
- uses: actions/checkout@v4
with:
ref: refs/tags/${{ needs.release.outputs.tag_name }}
fetch-depth: 0
persist-credentials: false
- uses: actions/setup-node@v4
with:
node-version: 22
registry-url: 'https://registry.npmjs.org'
- uses: actions/setup-java@v4
with:
distribution: zulu
java-version: 21
- name: Compute appspot subdomain and promotion
run: |
# This is the same as the version tag, but with dots replaced by
# dashes. For example, v3.2.2 would have the subdomain v3-2-2.
APPSPOT_SUBDOMAIN=$( echo ${{ needs.release.outputs.tag_name }} | sed -e 's/\./-/g' )
echo APPSPOT_SUBDOMAIN=$APPSPOT_SUBDOMAIN >> $GITHUB_ENV
# "Promoting" an appspot deployment makes it the default which shows
# up on shaka-player-demo.appspot.com (no subdomain). This should be
# done for the latest release version from the latest release branch.
RELEASE_TAGS=$(git tag | grep ^v[0-9] | grep -Ev -- '-(master|main)')
LATEST_RELEASE=$(echo "$RELEASE_TAGS" | sort --version-sort | tail -1)
TAG_NAME=${{ needs.release.outputs.tag_name }}
if [[ "$TAG_NAME" == "$LATEST_RELEASE" ]]; then
APPSPOT_PROMOTE=true
else
APPSPOT_PROMOTE=false
fi
echo APPSPOT_PROMOTE=$APPSPOT_PROMOTE >> $GITHUB_ENV
# Debug the decisions made here.
echo "Subdomain: $APPSPOT_SUBDOMAIN"
echo "Latest release: $LATEST_RELEASE"
echo "This release: $TAG_NAME"
echo "Promote: $APPSPOT_PROMOTE"
- uses: ./.github/workflows/custom-actions/prep-for-appspot
- uses: google-github-actions/auth@v2
with:
credentials_json: '${{ secrets.APPENGINE_DEPLOY_KEY }}'
- uses: google-github-actions/deploy-appengine@v2
with:
project_id: shaka-player-demo
version: ${{ env.APPSPOT_SUBDOMAIN }}
promote: ${{ env.APPSPOT_PROMOTE }}
auto-branch:
runs-on: ubuntu-latest
needs: release
if: needs.release.outputs.release_created && needs.release.outputs.patch == '0'
steps:
- uses: actions/checkout@v4
with:
ref: refs/tags/${{ needs.release.outputs.tag_name }}
fetch-depth: 0
# Use a special shaka-bot access token for releases.
token: ${{ secrets.RELEASE_PLEASE_TOKEN }}
# We want to explicitly use these credentials to create the branch.
# The job is only one more step, so they don't leak.
persist-credentials: true
- name: Create release branch
run: |
TAG=${{ needs.release.outputs.tag_name }}
BRANCH=$(echo "$TAG" | sed -e 's/\.0$/.x/')
git push origin refs/tags/"$TAG"^{commit}:refs/heads/"$BRANCH"
update-demo-index:
name: Deploy Demo Version Index
needs: [appspot]
uses: ./.github/workflows/demo-version-index.yaml
secrets:
APPENGINE_DEPLOY_KEY: '${{ secrets.APPENGINE_DEPLOY_KEY }}'
Reference in New Issue View Git Blame Copy Permalink