Skip to content

Commit

Permalink
Set main as default (openwallet-foundation#171)
Browse files Browse the repository at this point in the history
Signed-off-by: Lukas.J.Han <[email protected]>
Signed-off-by: Mirko Mollik <[email protected]>
Signed-off-by: Lukas <[email protected]>
Co-authored-by: Lukas.J.Han <[email protected]>
Co-authored-by: github-actions <[email protected]>
  • Loading branch information
3 people authored Mar 12, 2024
1 parent 220e3a6 commit 02f8a6a
Show file tree
Hide file tree
Showing 6 changed files with 205 additions and 45 deletions.
2 changes: 1 addition & 1 deletion .github/settings.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ repository:
homepage: https://sdjwt.js.org/
# A comma-separated list of topics to set on the repository
topics: sd-jwt, jwt
default_branch: next
default_branch: main

# Labels: define labels for Issues and Pull Requests
labels:
Expand Down
31 changes: 9 additions & 22 deletions .github/workflows/build-test-publish-on-push-cached.yaml
Original file line number Diff line number Diff line change
@@ -1,16 +1,11 @@
name: build-test-publish-on-push-cached
on:
workflow_dispatch:
on:
pull_request:
branches:
- 'main'
- 'next'
- 'unstable'
branches:
- 'main'
push:
branches:
- 'main'
- 'next'
- 'unstable'
branches:
- 'main'

jobs:
build:
Expand Down Expand Up @@ -109,12 +104,12 @@ jobs:
node-version: 20
cache: 'pnpm'
# we are not using the github action for biome, but the package.json script. this makes sure we are using the same versions.
- name: Run Biome
- name: Run Biome
run: pnpm run biome:ci

# Only run this job when the push is on main, next or unstable
publish:
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/next' || github.ref == 'refs/heads/unstable')
publish:
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
# needs permissions to write tags to the repository
permissions:
contents: write
Expand Down Expand Up @@ -166,14 +161,6 @@ jobs:
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> .npmrc
npm whoami
- name: 'Publish @latest when on main'
if: github.ref == 'refs/heads/main'
run: pnpm publish:latest

- name: 'Publish @next when on next'
- name: 'Publish next version'
if: github.ref == 'refs/heads/next'
run: pnpm publish:next

- name: 'Publish @unstable when on unstable branch'
if: github.ref == 'refs/heads/unstable'
run: pnpm publish:unstable
185 changes: 185 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,185 @@
name: release
on:
workflow_dispatch:

jobs:
check-author:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Check if user is in CODEOWNERS
id: check_user
run: |
CODEOWNERS_PATH="CODEOWNERS"
if [ ! -f "$CODEOWNERS_PATH" ]; then
echo "CODEOWNERS file not found."
exit 1
fi
# Extract GitHub usernames from CODEOWNERS file (assumes usernames, not emails or teams)
USERS=$(grep '@' $CODEOWNERS_PATH | sed -E 's/.*@([^ ]+).*/\1/' | tr '\n' ' ')
# Check if the actor is in the list of users
if [[ ! " $USERS " =~ " ${{ github.actor }} " ]]; then
echo "Error: Actor ${{ github.actor }} is not listed in CODEOWNERS."
exit 1
else
echo "Actor ${{ github.actor }} is listed in CODEOWNERS."
fi
# we can add an approval stage with the environment so it can only be run when accepted by two authorized users.
build:
needs: check-author
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: false
- uses: pnpm/action-setup@v3
with:
version: 8
- run: pnpm add -g pnpm
- name: 'Setup Node.js with pnpm cache'
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'pnpm'

- run: pnpm install
- run: pnpm build
- name: 'Save build output'
uses: actions/cache/save@v4
with:
path: ${{ github.workspace }}
key: ${{ runner.os }}-build-${{ github.sha }}-${{ github.run_id }}

test:
needs: build
runs-on: ubuntu-latest
strategy:
matrix:
node-version: ['16.x', '18.x', '20.x']
steps:
- uses: pnpm/action-setup@v3
with:
version: 8
- run: pnpm add -g pnpm
- name: 'Restore build output'
uses: actions/cache/restore@v4
with:
path: ${{ github.workspace }}
key: ${{ runner.os }}-build-${{ github.sha }}-${{ github.run_id }}
restore-keys: ${{ runner.os }}-build-${{ github.sha }}
fail-on-cache-miss: true
- name: 'Setup Node.js with pnpm cache'
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'pnpm'
- name: 'Run node'
run: pnpm test
- uses: actions/upload-artifact@v4
# we are only uploading the 20 coverage report so we do not have to merge them in the next step.
if: matrix.node-version == '20.x'
with:
name: coverage-artifacts
path: coverage/

report-coverage:
runs-on: ubuntu-latest
needs: [test]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: false
- uses: actions/download-artifact@v4
with:
name: coverage-artifacts
path: coverage
- uses: codecov/codecov-action@v4
with:
fail_ci_if_error: true
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

lint:
needs: build
runs-on: ubuntu-latest
steps:
- uses: pnpm/action-setup@v3
with:
version: 8
- run: pnpm add -g pnpm
- name: 'Restore build output'
uses: actions/cache/restore@v4
with:
path: ${{ github.workspace }}
key: ${{ runner.os }}-build-${{ github.sha }}-${{ github.run_id }}
restore-keys: ${{ runner.os }}-build-${{ github.sha }}
fail-on-cache-miss: true
- name: 'Setup Node.js with pnpm cache'
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'pnpm'
# we are not using the github action for biome, but the package.json script. this makes sure we are using the same versions.
- name: Run Biome
run: pnpm run biome:ci

publish:
# needs permissions to write tags to the repository
permissions:
contents: write
needs:
- build
- test
- lint
env:
NPM_TOKEN: ${{secrets.NPM_TOKEN }}
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN }}
GH_TOKEN: ${{secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN }}
GH_USER: github-actions
GH_EMAIL: [email protected]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{secrets.GITHUB_TOKEN }}
- uses: pnpm/action-setup@v3
with:
version: 8
- run: pnpm add -g pnpm
- name: 'Setup Node.js with pnpm cache'
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'pnpm'

- name: 'Restore build output'
uses: actions/cache/restore@v4
with:
path: ${{ github.workspace }}
key: ${{ runner.os }}-build-${{ github.sha }}-${{ github.run_id }}
restore-keys: ${{ runner.os }}-build-${{ github.sha }}
fail-on-cache-miss: true

- name: 'Setup git coordinates'
run: |
git remote set-url origin https://${{github.actor}}:${{secrets.GITHUB_TOKEN}}@github.com/${{ github.repository }}.git
git config user.name $GH_USER
git config user.email $GH_EMAIL
- name: 'Setup npm registry'
run: |
echo "@sd-jwt:registry=https://registry.npmjs.org/" > .npmrc
echo "registry=https://registry.npmjs.org/" >> .npmrc
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> .npmrc
npm whoami
- name: 'Publish latest version'
run: pnpm publish:latest
22 changes: 0 additions & 22 deletions .github/workflows/sync-next-with-latest.yml

This file was deleted.

9 changes: 9 additions & 0 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,3 +42,12 @@ We use GitHub issues to track public bugs. Report a bug by opening a new issue i
- What you expected would happen
- What actually happens
- Notes (possibly including why you think this might be happening, or stuff you tried that didn't work)

## Release procedure

Each PR to the `main` branch has to pass the `build`, `test`, `lint` and `code coverage` steps from the CI. The PR also needs a review from one authorized person.
All commits needs to be signed to pass the DCO check.

After the PR is merged, a new `next` version is build and deployed to `npmjs` for all packages with the `next` tag.

The release of a new version is done by running the `release` workflow manually. This workflow can only be triggered successfully by an authorized person that is listed inside the `CODEOWNERS` file. The test and coverage steps are executed again and the new version is published to `npmjs` for all packages with the `latest` tag. The version number is calculated based on the commits since the last release and the `semver` rules.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
![Coverage](https://img.shields.io/codecov/c/github/openwallet-foundation-labs/sd-jwt-js)
![License](https://img.shields.io/github/license/openwallet-foundation-labs/sd-jwt-js.svg)
![NPM](https://img.shields.io/npm/v/%40sd-jwt%2Fcore)
![NPM-Downloads](https://img.shields.io/endpoint?&url=https://runkit.io/thetarnav/combined-weekly-npm-downloads/1.0.3/@sd-jwt/core,@sd-jwt/types,@sd-jwt/decode,@sd-jwt/utils,@sd-jwt/sd-jwt-vc,@sd-jwt/crypto-nodejs,@sd-jwt/crypto-browser,@sd-jwt/hash&label=npm%20downloads&color=ff7724)
![Release](https://img.shields.io/github/v/release/openwallet-foundation-labs/sd-jwt-js)
![Stars](https://img.shields.io/github/stars/openwallet-foundation-labs/sd-jwt-js)

Expand Down

0 comments on commit 02f8a6a

Please sign in to comment.