Packages Release #319
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Packages Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: # For dev publishing | |
| concurrency: ${{ github.workflow }}-${{ github.ref }} | |
| permissions: | |
| id-token: write # Required for OIDC / trusted publishing | |
| contents: write # Required for changesets pushing commits | |
| pull-requests: write # Required for changesets creating PRs | |
| jobs: | |
| release-packages: | |
| name: Release Packages | |
| runs-on: ubuntu-latest | |
| outputs: | |
| imagePackageReleaseCreated: ${{ steps.check_image_package_release.outputs.release_created }} | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v5 | |
| with: | |
| # check out full history. development packages need this for changesets | |
| fetch-depth: 0 | |
| - name: Enable Corepack | |
| run: corepack enable | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version-file: '.nvmrc' | |
| cache: pnpm | |
| - name: Install dependencies | |
| run: pnpm install | |
| - name: Update npm | |
| run: | | |
| npm install -g npm@latest | |
| npm --version | |
| - name: Build | |
| run: pnpm build:production | |
| - name: Create Release Pull Request or Publish to npm | |
| id: changesets | |
| uses: changesets/action@v1 | |
| if: ${{ github.event_name == 'push' }} | |
| with: | |
| # This expects you to have a script called release which does a build for your packages and calls changeset publish | |
| publish: pnpm release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Check if @powersync/service-image Released | |
| id: check_image_package_release | |
| if: ${{ github.event_name == 'push' && steps.changesets.outputs.published == 'true' }} | |
| run: | | |
| packages="${{ toJson(steps.changesets.outputs.publishedPackages) }}" | |
| echo "Packages: $packages" # Debugging output | |
| # Use jq to check if the specific package is in the array | |
| # Ensure the JSON is valid by echoing it into jq | |
| set +e # Disable immediate exit on non-zero return | |
| echo "$packages" | jq -e '[.[] | select(.name == "@powersync/service-image")] | length > 0' > /dev/null | |
| jq_exit_code=$? | |
| set -e # Re-enable immediate exit | |
| if [ $jq_exit_code -eq 0 ]; then | |
| echo "release_created=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "release_created=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Debug Outputs | |
| if: ${{ github.event_name == 'push' }} | |
| run: | | |
| echo "Published Packages: ${{ steps.changesets.outputs.publishedPackages }}" | |
| echo "Released Docker Image: ${{ steps.check_image_package_release.outputs.release_created }}" | |
| - name: Dev publish | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| run: | | |
| # If no changesets are available the status check will fail | |
| # We should not continue if there are no changesets | |
| pnpm changeset status | |
| pnpm changeset version --no-git-tag --snapshot dev | |
| pnpm changeset publish --tag dev | |
| release-docker-image: | |
| name: Build and Release powersync-service Docker Image | |
| runs-on: ubuntu-latest | |
| needs: release-packages | |
| # Only run this job if the previous release job created a release for @powersync/service-image | |
| if: github.event_name == 'push' && needs.release-packages.outputs.imagePackageReleaseCreated == 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| # check out full history | |
| # Temporarily needed for changesets | |
| fetch-depth: 0 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # This uses the service's package.json version for the Docker Image tag | |
| - name: Get Service Version from package.json | |
| id: get_version | |
| run: echo "SERVICE_VERSION=$(node -p "require('./service/package.json').version")" >> $GITHUB_OUTPUT | |
| - name: Extract metadata for the image | |
| uses: docker/metadata-action@v5 | |
| id: meta | |
| with: | |
| images: ${{ vars.DOCKER_REGISTRY }} | |
| labels: | | |
| org.opencontainers.image.licenses=FSL-1.1-ALv2 | |
| org.opencontainers.image.version=${{ steps.get_version.outputs.SERVICE_VERSION }} | |
| org.opencontainers.image.vendor=Journey Mobile, Inc | |
| annotations: | | |
| org.opencontainers.image.licenses=FSL-1.1-ALv2 | |
| org.opencontainers.image.version=${{ steps.get_version.outputs.SERVICE_VERSION }} | |
| org.opencontainers.image.vendor=Journey Mobile, Inc | |
| env: | |
| DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index | |
| - name: Build Image and Push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| platforms: linux/arm64,linux/amd64 | |
| cache-from: type=registry,ref=${{vars.DOCKER_REGISTRY}}:latest | |
| context: . | |
| tags: ${{vars.DOCKER_REGISTRY}}:latest,${{vars.DOCKER_REGISTRY}}:${{steps.get_version.outputs.SERVICE_VERSION}} | |
| push: true | |
| file: ./service/Dockerfile | |
| # Add labels and annotations from metadata-action above. | |
| labels: ${{ steps.meta.outputs.labels }} | |
| annotations: ${{ steps.meta.outputs.annotations }} | |
| # Note: This includes build args in the published provenance. | |
| # Do not use this if secrets are passed in as args. | |
| provenance: mode=max | |
| # Pre-generate an SBOM file, which can be used for vulnerability scanning or listing licenses. | |
| sbom: true | |
| # Updates the README section on the DockerHub page | |
| - name: Update repo description | |
| # Note that this 3rd party extention is recommended in the DockerHub docs: | |
| # https://docs.docker.com/build/ci/github-actions/update-dockerhub-desc/ | |
| uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| repository: ${{vars.DOCKER_REGISTRY}} | |
| # This is the contents of what will be shown on DockerHub | |
| readme-filepath: ./service/README.md |