Skip to content

Commit afd2a1e

Browse files
pdp2121pdp2121
authored
chores: assorted fixes for release.yaml (#3134)
Address some outstanding comments in #3133. Changes include: Use env variable names PKG_NAME, PKG_VERSION, and NPM_DIST_TAG consistently within the script and remove unnecessary intermediate variables. Write package version in line https://github.com/XRPLF/xrpl.js/blob/main/.github/workflows/release.yml#L122 into $GITHUB_OUTPUT instead of $GITHUB_ENV to be used in other jobs (instead of the same job). Fix line https://github.com/XRPLF/xrpl.js/blob/main/.github/workflows/release.yml#L526 to just use ${{ needs.get_version.outputs.package_name }} directly since this should be available and && operator does not make much sense in this context.
1 parent 8abcf5a commit afd2a1e

File tree

1 file changed

+53
-59
lines changed

1 file changed

+53
-59
lines changed

.github/workflows/release.yml

Lines changed: 53 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ jobs:
2222
runs-on: ubuntu-latest
2323
name: Get release version from package.json
2424
outputs:
25-
package_version: ${{ steps.get_version.outputs.version }}
25+
package_version: ${{ steps.get_version.outputs.package_version }}
2626
steps:
2727
- name: Checkout code
2828
uses: actions/checkout@v4
@@ -32,8 +32,8 @@ jobs:
3232
- name: Validate inputs
3333
env:
3434
REF_NAME: ${{ github.ref_name }}
35-
PACKAGE_NAME_INPUT: ${{ github.event.inputs.package_name }}
36-
NPMJS_DIST_TAG_INPUT: ${{ github.event.inputs.npmjs_dist_tag }}
35+
PKG_NAME: ${{ github.event.inputs.package_name }}
36+
NPM_DIST_TAG: ${{ github.event.inputs.npmjs_dist_tag }}
3737
run: |
3838
set -euo pipefail
3939
RELEASE_BRANCH="$(git branch --show-current || true)"
@@ -47,7 +47,6 @@ jobs:
4747
fi
4848
4949
# Validate package_name
50-
PKG_NAME="${PACKAGE_NAME_INPUT}"
5150
if ! [[ "${PKG_NAME}" =~ ^[a-z0-9][a-z0-9-]*$ ]]; then
5251
echo "❌ Invalid package_name '${PKG_NAME}' (allowed: [a-z0-9-], must start with alnum)." >&2
5352
exit 1
@@ -71,37 +70,35 @@ jobs:
7170
fi
7271
7372
# validate dist tag
74-
NPM_DIST_TAG="${NPMJS_DIST_TAG_INPUT}"
75-
7673
# Empty → default to 'latest'
77-
if [ -z "${NPM_DIST_TAG}" ]; then
78-
NPM_DIST_TAG="latest"
74+
DIST_TAG="${NPM_DIST_TAG}"
75+
if [ -z "${DIST_TAG}" ]; then
76+
DIST_TAG="latest"
7977
echo "ℹ️ npmjs_dist_tag empty → defaulting to 'latest'."
8078
fi
8179
8280
# Must start with a lowercase letter; then [a-z0-9._-]; max 128 chars
83-
if ! [[ "${NPM_DIST_TAG}" =~ ^[a-z][a-z0-9._-]{0,127}$ ]]; then
84-
echo "❌ Invalid npm dist-tag '${NPM_DIST_TAG}'. Must start with a lowercase letter and contain only [a-z0-9._-], max 128 chars." >&2
81+
if ! [[ "${DIST_TAG}" =~ ^[a-z][a-z0-9._-]{0,127}$ ]]; then
82+
echo "❌ Invalid npm dist-tag '${DIST_TAG}'. Must start with a lowercase letter and contain only [a-z0-9._-], max 128 chars." >&2
8583
exit 1
8684
fi
8785
8886
# Disallow version-like prefixes (avoid semver/range confusion)
89-
if [[ "${NPM_DIST_TAG}" =~ ^v[0-9] || "${NPM_DIST_TAG}" =~ ^[0-9] ]]; then
90-
echo "❌ Invalid npm dist-tag '${NPM_DIST_TAG}'. Must not start with 'v' + digit or a digit (e.g., 'v1', '1.2.3')." >&2
87+
if [[ "${DIST_TAG}" =~ ^v[0-9] || "${DIST_TAG}" =~ ^[0-9] ]]; then
88+
echo "❌ Invalid npm dist-tag '${DIST_TAG}'. Must not start with 'v' + digit or a digit (e.g., 'v1', '1.2.3')." >&2
9189
exit 1
9290
fi
9391
94-
echo "✅ npmjs_dist_tag '${NPM_DIST_TAG}' is valid."
92+
echo "✅ npmjs_dist_tag '${DIST_TAG}' is valid."
9593
9694
- name: Get package version from package.json
9795
id: get_version
9896
env:
99-
PACKAGE_NAME_INPUT: ${{ github.event.inputs.package_name }}
100-
NPMJS_DIST_TAG_INPUT: ${{ github.event.inputs.npmjs_dist_tag }}
97+
PKG_NAME: ${{ github.event.inputs.package_name }}
98+
NPM_DIST_TAG: ${{ github.event.inputs.npmjs_dist_tag }}
10199
run: |
102100
set -euo pipefail
103-
PACKAGE_NAME="${PACKAGE_NAME_INPUT}"
104-
PKG_JSON="packages/${PACKAGE_NAME}/package.json"
101+
PKG_JSON="packages/${PKG_NAME}/package.json"
105102
if [[ ! -f "${PKG_JSON}" ]]; then
106103
echo "package.json not found at ${PKG_JSON}. Check 'package_name' input." >&2
107104
exit 1
@@ -111,16 +108,15 @@ jobs:
111108
echo "Version is empty or missing in ${PKG_JSON}" >&2
112109
exit 1
113110
fi
114-
NPM_DIST_TAG="${NPMJS_DIST_TAG_INPUT}"
115-
if [ -z "${NPM_DIST_TAG}" ]; then
116-
NPM_DIST_TAG="latest"
111+
DIST_TAG="${NPM_DIST_TAG}"
112+
if [ -z "${DIST_TAG}" ]; then
113+
DIST_TAG="latest"
117114
fi
118-
if [[ "${NPM_DIST_TAG}" == "latest" ]] && ! [[ "${VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
115+
if [[ "${DIST_TAG}" == "latest" ]] && ! [[ "${VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
119116
echo "With npmjs_dist_tag 'latest', version must be of the form x.y.z. Found '${VERSION}'." >&2
120117
exit 1
121118
fi
122-
echo "PACKAGE_VERSION=${VERSION}" >> "$GITHUB_ENV"
123-
echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
119+
echo "package_version=${VERSION}" >> "$GITHUB_OUTPUT"
124120
125121
run_faucet_test:
126122
name: Run faucet tests ${{ needs.get_version.outputs.package_version }}
@@ -149,8 +145,8 @@ jobs:
149145
permissions:
150146
issues: write
151147
env:
152-
PACKAGE_VERSION: "${{ needs.get_version.outputs.package_version }}"
153-
PACKAGE_NAME: "${{ github.event.inputs.package_name }}"
148+
PKG_VERSION: "${{ needs.get_version.outputs.package_version }}"
149+
PKG_NAME: "${{ github.event.inputs.package_name }}"
154150
steps:
155151
- name: Checkout code
156152
uses: actions/checkout@v4
@@ -183,7 +179,7 @@ jobs:
183179
REPO: ${{ github.repository }}
184180
RUN_ID: ${{ github.run_id }}
185181
run: |
186-
MESSAGE="❌ Build failed for xrpl.js ${PACKAGE_VERSION}. Check the logs: https://github.com/${REPO}/actions/runs/${RUN_ID}"
182+
MESSAGE="❌ Build failed for xrpl.js ${PKG_VERSION}. Check the logs: https://github.com/${REPO}/actions/runs/${RUN_ID}"
187183
curl -X POST https://slack.com/api/chat.postMessage \
188184
-H "Authorization: Bearer ${SLACK_TOKEN}" \
189185
-H "Content-Type: application/json" \
@@ -216,7 +212,7 @@ jobs:
216212
-H "X-Api-Key: ${OWASP_TOKEN}" \
217213
-F "autoCreate=true" \
218214
-F "projectName=xrpl-js" \
219-
-F "projectVersion=${PACKAGE_VERSION}" \
215+
-F "projectVersion=${PKG_VERSION}" \
220216
-F "[email protected]" \
221217
https://owasp-dt-api.prod.ripplex.io/api/v1/bom
222218
@@ -269,13 +265,13 @@ jobs:
269265
LABELS: security
270266
run: |
271267
set -euo pipefail
272-
TITLE="🔒 Security vulnerabilities in ${PACKAGE_NAME}@${PACKAGE_VERSION}"
268+
TITLE="🔒 Security vulnerabilities in ${PKG_NAME}@${PKG_VERSION}"
273269
: > issue_body.md
274270
275-
echo "The vulnerability scan has detected **CRITICAL/HIGH** vulnerabilities for \`${PACKAGE_NAME}@${PACKAGE_VERSION}\` on branch \`${REL_BRANCH}\`." >> issue_body.md
271+
echo "The vulnerability scan has detected **CRITICAL/HIGH** vulnerabilities for \`${PKG_NAME}@${PKG_VERSION}\` on branch \`${REL_BRANCH}\`." >> issue_body.md
276272
echo "" >> issue_body.md
277273
echo "**Release Branch:** \`${REL_BRANCH}\`" >> issue_body.md
278-
echo "**Package Version:** \`${PACKAGE_VERSION}\`" >> issue_body.md
274+
echo "**Package Version:** \`${PKG_VERSION}\`" >> issue_body.md
279275
echo "" >> issue_body.md
280276
echo "**Full vulnerability report:** ${VULN_ART_URL}" >> issue_body.md
281277
echo "" >> issue_body.md
@@ -287,20 +283,20 @@ jobs:
287283
288284
- name: Generate lerna.json for choosen the package
289285
run: |
290-
echo "🔧 Updating lerna.json to include only packages/${PACKAGE_NAME}"
286+
echo "🔧 Updating lerna.json to include only packages/${PKG_NAME}"
291287
# Use jq to update the packages field safely
292-
jq --arg pkg "packages/${PACKAGE_NAME}" '.packages = [$pkg]' lerna.json > lerna.tmp.json && mv lerna.tmp.json lerna.json
288+
jq --arg pkg "packages/${PKG_NAME}" '.packages = [$pkg]' lerna.json > lerna.tmp.json && mv lerna.tmp.json lerna.json
293289
echo "✅ lerna.json updated:"
294290
cat lerna.json
295291
296292
- name: Pack tarball
297293
run: |
298294
set -euo pipefail
299-
echo "Packaging ${PACKAGE_NAME}"
300-
find "packages/${PACKAGE_NAME}" -maxdepth 1 -name '*.tgz' -delete || true
301-
FULL_PACKAGE_NAME="$(jq -er '.name' packages/${PACKAGE_NAME}/package.json)"
302-
TARBALL=$(npx lerna exec --scope "${FULL_PACKAGE_NAME}" -- npm pack --json | jq -r '.[0].filename')
303-
echo "TARBALL=packages/${PACKAGE_NAME}/${TARBALL}" >> "$GITHUB_ENV"
295+
echo "Packaging ${PKG_NAME}"
296+
find "packages/${PKG_NAME}" -maxdepth 1 -name '*.tgz' -delete || true
297+
FULL_PKG_NAME="$(jq -er '.name' packages/${PKG_NAME}/package.json)"
298+
TARBALL=$(npx lerna exec --scope "${FULL_PKG_NAME}" -- npm pack --json | jq -r '.[0].filename')
299+
echo "TARBALL=packages/${PKG_NAME}/${TARBALL}" >> "$GITHUB_ENV"
304300
305301
- name: Upload tarball as artifact
306302
uses: actions/upload-artifact@v4
@@ -315,8 +311,8 @@ jobs:
315311
pull-requests: write
316312
name: Print Test/Security scan result and invite Dev team to review
317313
env:
318-
PACKAGE_VERSION: "${{ needs.get_version.outputs.package_version }}"
319-
PACKAGE_NAME: "${{ github.event.inputs.package_name }}"
314+
PKG_VERSION: "${{ needs.get_version.outputs.package_version }}"
315+
PKG_NAME: "${{ github.event.inputs.package_name }}"
320316
RELEASE_BRANCH: "${{ github.ref_name }}"
321317
outputs:
322318
reviewers_dev: ${{ steps.get_reviewers.outputs.reviewers_dev }}
@@ -380,7 +376,6 @@ jobs:
380376
RUN_ID: ${{ github.run_id }}
381377
ENV_DEV_NAME: first-review
382378
ENV_SEC_NAME: official-release
383-
NPMJS_DIST_TAG: ${{ github.event.inputs.npmjs_dist_tag }}
384379
PR_URL: ${{ steps.ensure_pr.outputs.pr_url }}
385380
GITHUB_ACTOR: ${{ github.actor }}
386381
GITHUB_TRIGGERING_ACTOR: ${{ github.triggering_actor }}
@@ -429,7 +424,6 @@ jobs:
429424
REPO: ${{ github.repository }}
430425
RUN_ID: ${{ github.run_id }}
431426
ENV_NAME: official-release
432-
NPMJS_DIST_TAG: ${{ github.event.inputs.npmjs_dist_tag }}
433427
GITHUB_ACTOR: ${{ github.actor }}
434428
GITHUB_TRIGGERING_ACTOR: ${{ github.triggering_actor }}
435429
PR_URL: ${{ steps.ensure_pr.outputs.pr_url }}
@@ -452,8 +446,8 @@ jobs:
452446
fi
453447
454448
echo "🔍 Please review the following details before proceeding:"
455-
echo "📦 Package Name: ${PACKAGE_NAME}"
456-
echo "🔖 Package Version: ${PACKAGE_VERSION}"
449+
echo "📦 Package Name: ${PKG_NAME}"
450+
echo "🔖 Package Version: ${PKG_VERSION}"
457451
echo "🌿 Release Branch: ${RELEASE_BRANCH}"
458452
echo "🔢 Commit SHA: ${COMMIT_SHA}"
459453
echo "🔗 Vulnerabilities: https://github.com/${REPO}/actions/runs/${RUN_ID}/artifacts/${ARTIFACT_ID}"
@@ -473,7 +467,7 @@ jobs:
473467
set -euo pipefail
474468
RUN_URL="https://github.com/${REPO}/actions/runs/${RUN_ID}"
475469
476-
MSG="${EXECUTOR} is releasing ${PACKAGE_NAME}@${PACKAGE_VERSION}. A member from the dev team (${DEV_REVIEWERS}) needs to take the following actions: \n1) Review the release artifacts and approve/reject the release. (${RUN_URL})"
470+
MSG="${EXECUTOR} is releasing ${PKG_NAME}@${PKG_VERSION}. A member from the dev team (${DEV_REVIEWERS}) needs to take the following actions: \n1) Review the release artifacts and approve/reject the release. (${RUN_URL})"
477471
478472
if [ -n "${PR_URL}" ]; then
479473
MSG="${MSG} \n2) Review the package update PR and provide two approvals. DO NOT MERGE — ${EXECUTOR} will verify the package on npm and merge the approved PR. (${PR_URL})"
@@ -523,16 +517,16 @@ jobs:
523517
SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }}
524518
CHANNEL: "#ripplex-security"
525519
EXECUTOR: ${{ github.triggering_actor || github.actor }}
526-
PACKAGE_NAME: ${{ needs.get_version.outputs.package_version && github.event.inputs.package_name }}
527-
PACKAGE_VERSION: ${{ needs.get_version.outputs.package_version }}
520+
PKG_NAME: ${{ github.event.inputs.package_name }}
521+
PKG_VERSION: ${{ needs.get_version.outputs.package_version }}
528522
REPO: ${{ github.repository }}
529523
RUN_ID: ${{ github.run_id }}
530524
SEC_REVIEWERS: ${{ needs.ask_for_dev_team_review.outputs.reviewers_sec }}
531525
run: |
532526
set -euo pipefail
533527
RUN_URL="https://github.com/${REPO}/actions/runs/${RUN_ID}"
534528
535-
MSG="${EXECUTOR} is releasing ${PACKAGE_NAME}@${PACKAGE_VERSION}. A member from the infosec team (${SEC_REVIEWERS}) needs to take the following action:\n Review the release artifacts and approve/reject the release. (${RUN_URL})"
529+
MSG="${EXECUTOR} is releasing ${PKG_NAME}@${PKG_VERSION}. A member from the infosec team (${SEC_REVIEWERS}) needs to take the following action:\n Review the release artifacts and approve/reject the release. (${RUN_URL})"
536530
MSG=$(printf '%b' "${MSG}")
537531
curl -sS -X POST https://slack.com/api/chat.postMessage \
538532
-H "Authorization: Bearer ${SLACK_TOKEN}" \
@@ -557,8 +551,8 @@ jobs:
557551
]
558552
name: Release for ${{ needs.get_version.outputs.package_version }}
559553
env:
560-
PACKAGE_VERSION: "${{ needs.get_version.outputs.package_version }}"
561-
PACKAGE_NAME: "${{ github.event.inputs.package_name }}"
554+
PKG_VERSION: "${{ needs.get_version.outputs.package_version }}"
555+
PKG_NAME: "${{ github.event.inputs.package_name }}"
562556
environment:
563557
name: official-release
564558
url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
@@ -588,27 +582,27 @@ jobs:
588582

589583
- name: Publish to npm
590584
env:
591-
NPMJS_DIST_TAG_INPUT: ${{ github.event.inputs.npmjs_dist_tag }}
585+
NPM_DIST_TAG: ${{ github.event.inputs.npmjs_dist_tag }}
592586
run: |
593587
cd dist
594588
PKG=$(ls *.tgz)
595589
echo ${PKG}
596-
NPM_DIST_TAG="${NPMJS_DIST_TAG_INPUT}"
597-
if [ -z "${NPM_DIST_TAG}" ]; then
598-
NPM_DIST_TAG="latest"
590+
DIST_TAG="${NPM_DIST_TAG}"
591+
if [ -z "${DIST_TAG}" ]; then
592+
DIST_TAG="latest"
599593
fi
600-
if [[ "${NPM_DIST_TAG}" == "latest" ]] && ! [[ "${PACKAGE_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
601-
echo "With npmjs_dist_tag 'latest', version must be of the form x.y.z. Found '${PACKAGE_VERSION}'." >&2
594+
if [[ "${DIST_TAG}" == "latest" ]] && ! [[ "${PKG_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
595+
echo "With npmjs_dist_tag 'latest', version must be of the form x.y.z. Found '${PKG_VERSION}'." >&2
602596
exit 1
603597
fi
604598
npm i -g [email protected]
605-
npm publish "${PKG}" --provenance --access public --registry=https://registry.npmjs.org/ --tag "${NPM_DIST_TAG}"
599+
npm publish "${PKG}" --provenance --access public --registry=https://registry.npmjs.org/ --tag "${DIST_TAG}"
606600
607601
- name: Ensure Git tag exists
608602
id: create_tag
609603
run: |
610604
set -euo pipefail
611-
TAG="${PACKAGE_NAME}@${PACKAGE_VERSION}"
605+
TAG="${PKG_NAME}@${PKG_VERSION}"
612606
613607
git fetch --tags origin
614608
@@ -646,7 +640,7 @@ jobs:
646640
enc_tag="$(printf '%s' "${TAG}" | jq -sRr @uri)"
647641
RELEASE_URL="https://github.com/${REPO}/releases/tag/${enc_tag}"
648642
649-
text="${PACKAGE_NAME} ${PACKAGE_VERSION} has been succesfully released and published to npm.js. Release URL: ${RELEASE_URL}"
643+
text="${PKG_NAME} ${PKG_VERSION} has been succesfully released and published to npm.js. Release URL: ${RELEASE_URL}"
650644
text="${text//\\n/ }"
651645
652646
curl -sS -X POST https://slack.com/api/chat.postMessage \
@@ -661,7 +655,7 @@ jobs:
661655
REPO: ${{ github.repository }}
662656
RUN_ID: ${{ github.run_id }}
663657
run: |
664-
MESSAGE="❌ Release failed for ${PACKAGE_NAME}@${PACKAGE_VERSION}. Check the logs: https://github.com/${REPO}/actions/runs/${RUN_ID}"
658+
MESSAGE="❌ Release failed for ${PKG_NAME}@${PKG_VERSION}. Check the logs: https://github.com/${REPO}/actions/runs/${RUN_ID}"
665659
curl -X POST https://slack.com/api/chat.postMessage \
666660
-H "Authorization: Bearer ${SLACK_TOKEN}" \
667661
-H "Content-Type: application/json" \

0 commit comments

Comments
 (0)