BUILD-5492: test release workflow

Signed-off-by: Jayadeep Kinavoor Madam <[email protected]>
SonarSource · Jul 22, 2024 · ad0071b · ad0071b
1 parent 4e9f871
commit ad0071b
Show file tree

Hide file tree

Showing 2 changed files with 68 additions and 4 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,7 +11,6 @@ jobs:
     runs-on: ubuntu-latest
     env:
       RELEASE_TAG: ${{ github.event.release.tag_name }}
-      REPOX_URL: 'https://repox.jfrog.io/artifactory'
       ARTIFACTORY_DEPLOY_REPO: sonarsource-npm-public-qa
       NPM_REPOSITORY: 'sonarsource-npm-public'
       SCOPE: ''
@@ -25,7 +24,7 @@ jobs:
             development/artifactory/token/SonarSource-sonar-scanner-npm-qa-deployer access_token  | qa_deployer_access_token;
             development/artifactory/token/SonarSource-sonar-scanner-npm-promoter access_token  | promoter_access_token;
             development/kv/data/npmjs sonartech_npm_token  | npm_token;
-            development/kv/data/repox url  | repox_url;
+            development/kv/data/repox artifactory_url  | repox_url;
       - name: Setup JFrog for deploy
         uses: SonarSource/jfrog-setup-wrapper@907e87c3d2081a98d2ab8cb03284ee6711f1ee83 # tag=3.2.3
         with:
@@ -34,10 +33,11 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           node-version: 18
-      - run: mv .github/workflows/.npmrc .npmrc
+      - run: mv .cirrus/npmrc .npmrc
       - name: Build npm package
         env:
-          NPM_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).npm_token }}
+          ARTIFACTORY_URL: ${{ fromJSON(steps.secrets.outputs.vault).repox_url }}
+          ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).qa_deployer_access_token }}
         run: |
           npm install
           npm run build

diff --git a/.github/workflows/test-release.yaml b/.github/workflows/test-release.yaml
@@ -0,0 +1,64 @@
+on:
+  push:
+    branches:
+      - feat/jd/BUILD-5492-test-release
+
+jobs:
+  publish:
+    permissions:
+      contents: read
+      id-token: write # required for SonarSource/vault-action-wrapper
+    runs-on: ubuntu-latest
+    env:
+      RELEASE_TAG: ${{ github.event.release.tag_name }}
+      ARTIFACTORY_DEPLOY_REPO: sonarsource-npm-public-qa
+      NPM_REPOSITORY: 'sonarsource-npm-public'
+      SCOPE: ''
+      PACKAGE: 'sonarqube-scanner'
+    steps:
+      - name: Vault
+        id: secrets
+        uses: SonarSource/vault-action-wrapper@v3
+        with:
+          secrets:
+            development/artifactory/token/SonarSource-sonar-scanner-npm-qa-deployer access_token  | qa_deployer_access_token;
+            development/artifactory/token/SonarSource-sonar-scanner-npm-promoter access_token  | promoter_access_token;
+            development/kv/data/npmjs sonartech_npm_token  | npm_token;
+            development/kv/data/repox artifactory_url  | repox_url;
+      - name: Setup JFrog for deploy
+        uses: SonarSource/jfrog-setup-wrapper@907e87c3d2081a98d2ab8cb03284ee6711f1ee83 # tag=3.2.3
+        with:
+          jfrogAccessToken: ${{ fromJSON(steps.secrets.outputs.vault).qa_deployer_access_token }}
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 18
+      - run: mv .cirrus/npmrc .npmrc
+      - name: Build npm package
+        env:
+          ARTIFACTORY_URL: ${{ fromJSON(steps.secrets.outputs.vault).repox_url }}
+          ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).qa_deployer_access_token }}
+        run: |
+          npm install
+          npm run build
+      - run: mv .github/workflows/.npmrc .npmrc
+      - name: Publish npm package
+        env:
+          NPM_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).npm_token }}
+        run: |
+          jfrog rt npm-config --repo-resolve npm --repo-deploy $ARTIFACTORY_DEPLOY_REPO
+          jfrog rt npm-ci
+          # Skip publishing, test auth with npm install instead
+          npm install
+          jfrog rt npm-publish --build-name=$PACKAGE --build-number=${{ github.event.release.tag_name }}
+          jfrog rt build-publish $PACKAGE ${{ github.event.release.tag_name }}
+      - name: Promote npm package
+        env:
+          REPOX_URL: ${{ fromJSON(steps.secrets.outputs.vault).repox_url }}
+          PROMOTE_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).promoter_access_token }}
+          CI: true
+        run: |
+          jfrog config add repox --artifactory-url $REPOX_URL --access-token $PROMOTE_ACCESS_TOKEN
+          jfrog config use repox
+          jfrog rt bpr --status it-passed $PACKAGE $RELEASE_TAG sonarsource-npm-public-builds
+          jfrog rt bpr --status released $PACKAGE $RELEASE_TAG sonarsource-npm-public-releases