forked from aws/aws-encryption-sdk-javascript
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathprod-release.yml
68 lines (64 loc) · 2.5 KB
/
prod-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
version: 0.2
env:
variables:
NODE_OPTIONS: "--max-old-space-size=4096"
BRANCH: "master"
secrets-manager:
OTP_SECRET_KEY: npm/aws-crypto-tools-ci-bot/2FA:OTP_SECRET_KEY
NPM_TOKEN: npm/aws-crypto-tools-ci-bot/2FA:NPM_TOKEN
git-credential-helper: yes
phases:
install:
commands:
- npm ci --unsafe-perm
# Install `otplib` to extract the OTP from the npm 2FA secret
- npm install otplib --no-save
- npm run build
runtime-versions:
nodejs: 14
pre_build:
commands:
- git config --global user.name "aws-crypto-tools-ci-bot"
- git config --global user.email "[email protected]"
- git checkout $BRANCH
build:
commands:
# Pre-check, make sure everything is happy
- npm test
- npm run test_conditions
# Publish to a local verdaccio server and run all tests against it
- npm run verdaccio
# Generate new version and CHANGELOG entry and push it
- npx lerna version --conventional-commits --git-remote origin --yes
# Log the commit for posterity
- git log -n 1
# Extract the otp using the secrets environment variables from above.
# This will wait for the next token. This is because npm uses
# TOTP and the tokens time out after 30 seconds. If the process just
# extracted the token then the lifetime for this token
# would be very random. This will maximize the amount of time
# available on the OTP to publish.
- >-
OTP=`node -e "
auth=require('otplib').authenticator;
setTimeout(() =>
console.log(auth.generate(process.env.OTP_SECRET_KEY)),
auth.timeRemaining() * 1000);
"`
# Now we publish to npm.
# This is going to use the OTP generated above and the NPM_TOKEN
# environment variable. This will only publish things that are
# missing from npm. It is therefore safe to run repeatedly.
- npx lerna publish from-package --yes --otp $OTP
# Clear out the verdaccio cache so that we get the latest version
# of everything from public npm
- rm -rf verdaccio/storage/
# Since the cache is empty, and we don't call `verdaccio-publish`
# this will run the integrations from the public code in npm
- npx run-s verdaccio-publish-*
# Batching is technically unnecessary for now since we have just the one
# buildspec, but leaving it in place makes it easier to extend later on
batch:
fast-fail: true
build-graph:
- identifier: release_to_prod