fm453/nocobase
1
0
Fork 0
mirror of https://gitee.com/nocobase/nocobase.git synced 2025-05-05 05:29:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(publish): publish pro repos (#5129)

Browse Source 
* feat(publish): publish pro repos

* feat: use app token

* chore: add trigger branch

* chore: ref main

* chore: add owner

* chore: change owner

* chore: set repos

* chore: get repo name

* chore: update

* chore: update

* chore: update

* chore: update

* chore: update branch

* fix: bug

* fix: bug

* fix: private key

* feat: encrypt github app token

* fix: bug

* fix: token

* fix: output

* fix: base64

* fix: error

* fix: token cut

* fix: base64

* fix: repo name

* chore: print token

* chore: skip token revoke

* fix: clone

* fix: clone

* fix: job

* chore: shell bash

* fix: ignore

* fix: ignore

* fix: invalid

* fix: branch

* fix: bug

* fix: jq

* fix: jq

* fix: jq

* fix: remove quotes

* fix: directory

* fix: directory

* chore: update

* chore: update

* fix: invalid

* fix: branch
This commit is contained in:
YANG QIA 2024-08-26 23:40:48 +08:00 committed by GitHub
parent 97096f8a6a
commit c069fbebd4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 192 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
.github/workflows/get-nocobase-app-token.yml vendored Normal file
View File

@ -0,0 +1,40 @@
name: Get nocobase app github token
on:
workflow_call:
outputs:
token:
value: ${{ jobs.get-app-token.outputs.token }}
user-id:
value: ${{ jobs.get-app-token.outputs.user-id }}
app-slug:
value: ${{ jobs.get-app-token.outputs.app-slug }}
jobs:
get-app-token:
runs-on: ubuntu-latest
outputs:
token: ${{ steps.encrypt-token.outputs.token }}
app-slug: ${{ steps.app-token.outputs.app-slug }}
user-id: ${{ steps.get-user-id.outputs.user-id }}
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.NOCOBASE_APP_ID }}
private-key: ${{ secrets.NOCOBASE_APP_PRIVATE_KEY }}
repositories: nocobase,pro-plugins,${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ',') }}
skip-token-revoke: true
- name: Encrypt token
id: encrypt-token
shell: bash
run: |
APP_TOKEN=${{ steps.app-token.outputs.token }};
BINARY_ENCRYPTED_SECRET=$(echo -n "$APP_TOKEN" | openssl enc -aes-256-cbc -pbkdf2 -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}");
ENCRYPTED_SECRET=$(echo -n "$BINARY_ENCRYPTED_SECRET" | base64 -w 0);
echo "token=$ENCRYPTED_SECRET" >> $GITHUB_OUTPUT
- name: Get GitHub App User ID
id: get-user-id
run: echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}

177
.github/workflows/manual-release.yml vendored
View File

@ -12,14 +12,62 @@ on:
type: boolean
jobs:
push-commit:
app-token:
uses: nocobase/nocobase/.github/workflows/get-nocobase-app-token.yml@main
secrets: inherit
pre-merge-main-into-next:
runs-on: ubuntu-latest
needs: app-token
strategy:
matrix:
repo:
- 'nocobase'
- 'pro-plugins'
- ${{ fromJSON(vars.PRO_PLUGIN_REPOS) }}
steps:
- name: Decrypt app token
id: app-token
shell: bash
run: |
ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }};
BINARY_ENCRYPTED_SECRET=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode);
APP_TOKEN=$(echo -n "$BINARY_ENCRYPTED_SECRET" | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}");
echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT
- name: Checkout
uses: actions/checkout@v4
with:
# ref: 'main'
repository: nocobase/${{ matrix.repo }}
fetch-depth: 0
token: ${{ steps.app-token.outputs.token }}
- name: main -> next (nocobase/${{ matrix.repo }})
run: |
git config --global user.name '${{ needs.app-token.outputs.app-slug }}[bot]'
git config --global user.email '${{ needs.app-token.outputs.user-id }}+${{ needs.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
git checkout main
git pull origin main
git checkout next
git merge main
git push origin next --tags --atomic
update-version:
needs:
- app-token
- pre-merge-main-into-next
runs-on: ubuntu-latest
steps:
- name: Decrypt app token
id: app-token
shell: bash
run: |
ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }};
BINARY_ENCRYPTED_SECRET=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode);
APP_TOKEN=$(echo -n "$BINARY_ENCRYPTED_SECRET" | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}");
echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT
- name: Checkout
uses: actions/checkout@v4
with:
repository: nocobase/nocobase
ssh-key: ${{ secrets.NOCOBASE_DEPLOY_KEY }}
token: ${{ steps.app-token.outputs.token }}
persist-credentials: true
fetch-depth: 0
- name: Checkout pro-plugins
@ -28,43 +76,15 @@ jobs:
repository: nocobase/pro-plugins
path: packages/pro-plugins
fetch-depth: 0
ssh-key: ${{ secrets.PRO_PLUGINS_DEPLOY_KEY }}
token: ${{ steps.app-token.outputs.token }}
persist-credentials: true
- name: main -> next(nocobase)
- name: Clone pro repos
shell: bash
run: |
git config --global user.email "actions@github.com"
git config --global user.name "GitHub Actions Bot"
git checkout main
git pull origin main
git checkout next
git merge main
git push origin next
- name: main -> next(pro-plugins)
run: |
cd ./packages/pro-plugins
git checkout main
git pull origin main
git checkout next
git merge main
git push origin next
- name: push pro plugins(next)
continue-on-error: true
uses: ad-m/github-push-action@master
with:
ssh: true
branch: next
directory: packages/pro-plugins
repository: nocobase/pro-plugins
tags: true
atomic: true
- name: push nocobase(next)
uses: ad-m/github-push-action@master
with:
branch: next
ssh: true
repository: nocobase/nocobase
tags: true
atomic: true
for repo in ${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ' ') }}
do
git clone -b main https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/nocobase/$repo.git packages/pro-plugins/@nocobase/$repo
done
- name: Set Node.js 18
uses: actions/setup-node@v3
with:
@ -72,17 +92,33 @@ jobs:
- name: Install Lerna
run: npm install -g lerna@4 auto-changelog@2
- name: Run release.sh
shell: bash
run: |
cd ./packages/pro-plugins
git checkout main
git rm -rf --cached .
for repo in ${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ' ') }}
do
echo "@nocobase/$repo" >> .git/info/exclude
done
echo "$(<.git/info/exclude )"
cd ./../..
git checkout main
git config --global user.email "actions@github.com"
git config --global user.name "GitHub Actions Bot"
echo "packages/pro-plugins/" >> .git/info/exclude
git config --global user.name '${{ needs.app-token.outputs.app-slug }}[bot]'
git config --global user.email '${{ needs.app-token.outputs.user-id }}+${{ needs.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
echo "packages/pro-plugins" >> .git/info/exclude
bash release.sh $IS_FEAT
env:
IS_FEAT: ${{ inputs.is_feat && '--is-feat' || '' }}
PRO_PLUGIN_REPOS: ${{ vars.PRO_PLUGIN_REPOS }}
- name: push pro repos
run: |
for repo in ${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ' ') }}
do
cd ./packages/pro-plugins/@nocobase/$repo
git push origin main --atomic --tags
cd ../../../../
done
- name: push pro plugins
continue-on-error: true
uses: ad-m/github-push-action@master
@ -101,38 +137,39 @@ jobs:
repository: nocobase/nocobase
tags: true
atomic: true
- name: main -> next
post-merge-main-into-next:
needs:
- app-token
- pre-merge-main-into-next
- update-version
runs-on: ubuntu-latest
strategy:
matrix:
repo:
- 'nocobase'
- 'pro-plugins'
- ${{ fromJSON(vars.PRO_PLUGIN_REPOS) }}
steps:
- name: Decrypt app token
id: app-token
shell: bash
run: |
git config --global user.email "actions@github.com"
git config --global user.name "GitHub Actions Bot"
ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }};
BINARY_ENCRYPTED_SECRET=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode);
APP_TOKEN=$(echo -n "$BINARY_ENCRYPTED_SECRET" | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}");
echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT
- name: Checkout
uses: actions/checkout@v4
with:
repository: nocobase/${{ matrix.repo }}
fetch-depth: 0
token: ${{ steps.app-token.outputs.token }}
- name: main -> next (nocobase/${{ matrix.repo }})
run: |
git config --global user.name '${{ needs.app-token.outputs.app-slug }}[bot]'
git config --global user.email '${{ needs.app-token.outputs.user-id }}+${{ needs.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
git checkout main
git pull origin main
git checkout next
git merge -X ours main --no-edit
git push origin next
- name: main -> next
run: |
cd ./packages/pro-plugins
git checkout main
git pull origin main
git checkout next
git merge -X ours main --no-edit
git push origin next
- name: push pro plugins
continue-on-error: true
uses: ad-m/github-push-action@master
with:
ssh: true
branch: next
directory: packages/pro-plugins
repository: nocobase/pro-plugins
tags: true
atomic: true
- name: push nocobase
uses: ad-m/github-push-action@master
with:
branch: next
ssh: true
repository: nocobase/nocobase
tags: true
atomic: true
git push origin next --tags --atomic

20
.github/workflows/release-next.yml vendored
View File

@ -8,6 +8,9 @@ on:
workflow_dispatch:
jobs:
app-token:
uses: nocobase/nocobase/.github/workflows/get-nocobase-app-token.yml@main
secrets: inherit
publish-npm:
runs-on: ubuntu-latest
container: node:18
@ -81,13 +84,28 @@ jobs:
git commit -m "chore(versions): test publish packages xxx"
cat lerna.json
yarn release:force --no-verify-access --no-git-reset --registry https://registry.npmjs.org/ --dist-tag=next
- name: Decrypt app token
id: app-token
shell: bash
run: |
ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }};
BINARY_ENCRYPTED_SECRET=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode);
APP_TOKEN=$(echo -n "$BINARY_ENCRYPTED_SECRET" | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}");
echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT
- name: Checkout pro-plugins
uses: actions/checkout@v3
with:
repository: nocobase/pro-plugins
path: packages/pro-plugins
ref: next
ssh-key: ${{ secrets.SUBMODULE_SSH_KEY }}
token: ${{ steps.app-token.outputs.token }}
- name: Clone pro repos
shell: bash
run: |
for repo in ${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ' ') }}
do
git clone -b next https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/nocobase/$repo.git packages/pro-plugins/@nocobase/$repo
done
- name: Build Pro plugins
continue-on-error: true
run: |

20
.github/workflows/release.yml vendored
View File

@ -10,6 +10,9 @@ on:
- 'v*'
jobs:
app-token:
uses: nocobase/nocobase/.github/workflows/get-nocobase-app-token.yml@main
secrets: inherit
publish-npm:
runs-on: ubuntu-latest
container: node:18
@ -55,12 +58,27 @@ jobs:
yarn config set //registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}
npm whoami
yarn release:force --no-verify-access --no-git-reset --registry https://registry.npmjs.org/
- name: Decrypt app token
id: app-token
shell: bash
run: |
ENCRYPTED_SECRET=${{ needs.app-token.outputs.token }};
BINARY_ENCRYPTED_SECRET=$(echo -n "$ENCRYPTED_SECRET" | base64 --decode);
APP_TOKEN=$(echo -n "$BINARY_ENCRYPTED_SECRET" | openssl enc -aes-256-cbc -pbkdf2 -d -salt -k "${{ secrets.APP_TOKEN_ENCRYPTION_PASSWORD }}");
echo "token=$APP_TOKEN" >> $GITHUB_OUTPUT
- name: Checkout pro-plugins
uses: actions/checkout@v3
with:
repository: nocobase/pro-plugins
path: packages/pro-plugins
ssh-key: ${{ secrets.SUBMODULE_SSH_KEY }}
token: ${{ steps.app-token.outputs.token }}
- name: Clone pro repos
shell: bash
run: |
for repo in ${{ join(fromJSON(vars.PRO_PLUGIN_REPOS), ' ') }}
do
git clone -b main https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/nocobase/$repo.git packages/pro-plugins/@nocobase/$repo
done
- name: Build Pro plugins
continue-on-error: true
run: |

7
release.sh
View File

@ -12,6 +12,13 @@ fi
lerna version $new_version --preid alpha --force-publish=* --no-git-tag-version -y
echo $PRO_PLUGIN_REPOS | jq -r '.[]' | while read i; do
cd ./packages/pro-plugins/@nocobase/$i
git add .
git commit -m "chore(versions): 😊 publish v$(jq -r '.version' ../../../../lerna.json)"
git tag v$(jq -r '.version' ../../../../lerna.json)
cd ../../../../
done
cd ./packages/pro-plugins
git add .
git commit -m "chore(versions): 😊 publish v$(jq -r '.version' ../../lerna.json)"