-
Notifications
You must be signed in to change notification settings - Fork 629
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate publish to gh actions #1312
Conversation
75f0209
to
6025147
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1312 +/- ##
=======================================
Coverage 83.91% 83.91%
=======================================
Files 208 208
Lines 10942 10942
Branches 2752 2752
=======================================
Hits 9182 9182
Misses 1760 1760 ☔ View full report in Codecov by Sentry. |
8306e95
to
7a03b2c
Compare
7a03b2c
to
eaa41dc
Compare
# head_ref is per PR, so this ensures that updating the latest PR commit | ||
# will cancel the previous run of the workflow and trigger a new one | ||
concurrency: | ||
group: "build-test-and-deploy-${{ github.head_ref }}" | ||
cancel-in-progress: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the effect of this if the trigger is a tag push?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. Updated to github.ref
that is unique per tag/pr and updated the comment
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: ./.github/actions/yarn-install | ||
- run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> ~/.npmrc |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just to check, will NPM_TOKEN
be exposed to the code under test at all, e.g. as an env var? Is this secure e.g. against third-party PRs that modify the workflow yaml itself?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As opposed to Circle CI the GH Actions default to be available to this top level yml only. Any secrets that are needed in actions (such as actions/checkout@v4
or even ./.github/actions/yarn-install
above) has to be passed explicitly by passing them as action input or by passing using secrets: inherit
to the job
043b47c
to
38381d1
Compare
@vzaidman has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator. |
Summary: 2/2 commit converting Circle CI to Github actions. Removed Circle CI to ensure we don't try to publish a version twice. * Added the "deploy" step that only runs for tag pushes * It waits for testing and validation, and fails if either of them fails * This PR uses `--dry-run` to ensure no publish happens unexpectedly. This arg will be removed in a subsequent PR. Pull Request resolved: #1312 Test Plan: Successful CI with no deployment step when a PR is updated- https://github.com/facebook/metro/actions/runs/10269830075 {F1796157419} Successful **DRY RUN** deploy from a hotfix branch (works pretty much the same on main)- https://github.com/facebook/metro/actions/runs/10269576329/job/28415382215 {F1796157706} Deploy fails for a wrongly formatted tag (used tag "bad-tag-name") with a clear error- https://github.com/facebook/metro/actions/runs/10269509288/job/28415186326 {F1796157882} Deploy fails for a tag pushed from a branch **not following** the Metro's release branch naming conventions {F1796158249} Differential Revision: D60961268 Pulled By: vzaidman
This pull request was exported from Phabricator. Differential Revision: D60961268 |
38381d1
to
501b149
Compare
LGTM, thanks! |
2/2 commit converting Circle CI to Github actions.
Removed Circle CI to ensure we don't try to publish a version twice.
--dry-run
to ensure no publish happens unexpectedly. This arg will be removed in a subsequent PR.Successful CI with no deployment step when a PR is updated-
https://github.com/facebook/metro/actions/runs/10269830075
Successful DRY RUN deploy from a hotfix branch (works pretty much the same on main)-
https://github.com/facebook/metro/actions/runs/10269576329/job/28415382215
Deploy fails for a wrongly formatted tag (used tag "bad-tag-name") with a clear error-
https://github.com/facebook/metro/actions/runs/10269509288/job/28415186326
Deploy fails for a tag pushed from a branch not following the Metro's release branch naming conventions