Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(actions): publish @node-core/ui-components #7566

Closed
wants to merge 2 commits into from
Closed

feat(actions): publish @node-core/ui-components #7566

wants to merge 2 commits into from
+76 −0

Conversation

avivkeller
Copy link
Member

@avivkeller avivkeller commented Mar 24, 2025
edited
Loading

It's hard to properly test this, as it makes use of GitHub tokens, but based on my testing of each step independently, this'll publish the @node-core/ui-components package.

This PR publishes `@node-core/ui-components to the GitHub registry. Before merging, we need to verify that we have access to this scope.

For security reasons, several checks are in place to prevent malicious execution:

  • The commit must've passed all checks on main's Linting and Tests workflow, and that check must've been triggered by a push event to main, or the workflow was manually dispatched
  • The commit must be verified.
  • Unless explicitly specified in the workflow_dispatch event, the commit must come from the merge queue.
    • i.e. a push directly to main will not be published automatically

Additionally, the commit must've modified something in packages/ui-components.

Ref: #7401
Closes nodejs/api-docs-tooling#236

@Copilot Copilot bot review requested due to automatic review settings March 24, 2025 23:05
@avivkeller avivkeller requested a review from a team as a code owner March 24, 2025 23:05
@vercel Vercel
Copy link

vercel bot commented Mar 24, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
nodejs-org ✅ Ready (Inspect) Visit Preview Mar 24, 2025 11:08pm

Copilot
Copilot AI reviewed Mar 24, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request adds a new GitHub Actions workflow to publish the @node-core/ui-components package after successful tests and additional security validations. Key changes include:

  • Triggering the workflow via a completed Linting and Tests workflow or by workflow_dispatch.
  • Introducing commit authenticity checks to enforce verified commit and authorized committer requirements.
  • Setting up Node.js, generating versions using the commit SHA, and publishing the package if changes occur in the packages/ui-components directory.

@avivkeller avivkeller added the github_actions:pull-request Trigger Pull Request Checks label Mar 24, 2025
@github-actions github-actions bot removed the github_actions:pull-request Trigger Pull Request Checks label Mar 24, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 24, 2025
edited
Loading

Lighthouse Results

URL Performance Accessibility Best Practices SEO Report
/en 🟢 95 🟢 100 🟢 100 🟢 91 🔗
/en/about 🟠 81 🟢 100 🟢 100 🟢 91 🔗
/en/about/previous-releases 🟢 94 🟢 100 🟢 100 🟢 92 🔗
/en/download 🟠 83 🟢 100 🟢 100 🟢 91 🔗
/en/blog 🟠 88 🟢 100 🟢 96 🟢 92 🔗

@github-actions GitHub Actions
Copy link
Contributor

Unit Test Coverage Report

Title Lines Statements Branches Functions
@node-core/ui-components Coverage: 95%
 95.83% (161/168) 77.86% (102/131) 88.57% (31/35)
@nodejs/website Coverage: 87%
 84.74% (500/590) 76.03% (165/217) 87.09% (108/124)
Title Tests Skipped Failures Errors Time
@node-core/ui-components 24 0 💤 0 ❌ 0 🔥 4.895s ⏱️
@nodejs/website 157 0 💤 0 ❌ 0 🔥 6.527s ⏱️

AugustinMauroy
AugustinMauroy reviewed Mar 25, 2025
View reviewed changes
Copy link
Member

@AugustinMauroy AugustinMauroy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't get if you are trying to publish it npm registry or GitHub packages

@avivkeller
Copy link
Member Author

I didn't get if you are trying to publish it npm registry or GitHub packages

We are publishing to GitHub Packages.

@avivkeller
Copy link
Member Author

We don't control the @node-core scope on Github Packages, see nodejs/api-docs-tooling#236 (comment)

@avivkeller avivkeller closed this Mar 26, 2025
@avivkeller avivkeller deleted the feat/publish-ui-components branch March 26, 2025 10:32
@avivkeller
Copy link
Member Author

Per discussion in other thread

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AugustinMauroy AugustinMauroy AugustinMauroy left review comments

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
on hold
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

How are we going to import @node-core/ui-components?
2 participants
@avivkeller @AugustinMauroy