GitHub Actions 自动构建 并发布到 NPM

2022-04-01 15:53:32 浏览数 (1)

引言

npm-push.yml

代码语言:javascript复制
name: npm Push

on: 
  push:
    tags:
      - 'v*'

jobs:
  build-push:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout Source
      uses: actions/checkout@v2
    
    - name: Setup Node.js
      uses: actions/setup-node@v2
      with:
        node-version: 12

    - name: Build
      run: |
        npm install
        npm run build:prod
        npm run build:cdn
        
    - name: Publish to npm
      run: |
        npm config set registry https://registry.npmjs.org
        npm publish
      env:
        NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

    - name: Publish to GitHub Package
      run: |
        npm config set registry https://npm.pkg.github.com
        npm publish
      env:
        NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

补充

代码语言:javascript复制
- name: Publish to npm
  run: |
    npm config set registry https://registry.npmjs.org
    npm publish

也可以改为如下:

代码语言:javascript复制
- name: Publish to npm
  run: npm publish --registry https://registry.npmjs.org

注意 如果之间 npm 上没有此包,需要在本地先 npm login 的方式 npm publish 此包, 以创建此包,经过测试,似乎,npm access token 没有创建包的权限 TODO: 失败,不是这个原因

npm-release.yml

代码语言:javascript复制
name: npm Release

on: 
  push:
    tags:
      - 'v*'

jobs:
  build-release:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout Source
      uses: actions/checkout@v2
    
    - name: Setup Node.js
      uses: actions/setup-node@v2
      with:
        node-version: 12

    - name: Build
      run: |
        npm install
        npm run build:prod
        npm run build:cdn

    - name: Zip the Build
      run: |
        zip -r dist.zip ./dist/ 
        zip -r dist-cdn.zip ./dist-cdn/

    - name: Create Release and Upload Release Asset
      uses: softprops/action-gh-release@v1
      if: startsWith(github.ref, 'refs/tags/')
      with:
        #tag_name: ${{ github.ref }}
        #name: ${{ github.ref }}
        body: TODO New Release.
        #body_path: CHANGELOG.txt
        draft: false
        prerelease: false
        files: |
          dist.zip
          dist-cdn.zip
          LICENSE

补充

GitHub 同步 Gitee

参考:

  • vant/sync-gitee.yml at dev · youzan/vant
  • githubactions进行github仓库和gitee仓库同步 - 知乎

sync-gitee.yml

代码语言:javascript复制
name: Sync to Gitee

on:
  push:
    branches: [dev, 2.x, gh-pages]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Sync to Gitee
        uses: wearerequired/git-mirror-action@master
        env:
          # 在 Settings->Secrets 配置 GITEE_RSA_PRIVATE_KEY
          SSH_PRIVATE_KEY: ${{ secrets.GITEE_RSA_PRIVATE_KEY }}
        with:
          # GitHub 源仓库地址
          source-repo: git@github.com:youzan/vant.git
          # Gitee 目标仓库地址
          destination-repo: git@gitee.com:vant-contrib/vant.git

创建 SSH 秘钥

注意: 使用这个需要一个 没有密码短语的SSH 密钥

因为我的需要密码,因此再创建一个 SSH秘钥,用于同步

参考:

  • Generating a new SSH key and adding it to the ssh-agent - GitHub Docs
  • wearerequired/git-mirror-action: ⏭ A GitHub Action for mirroring a git repository to another location via SSH.

1.打开 Git Bash

代码语言:javascript复制
ssh-keygen -t ed25519 -C "your_email@example.com"

注意:如果您使用的是不支持 Ed25519 算法的旧系统,请使用:

代码语言:javascript复制
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

这将创建一个新的 ssh 密钥,使用提供的电子邮件作为标签。

2.当系统提示您“输入要保存密钥的文件”时,按 Enter。这接受默认文件位置。

3.在提示下,键入安全密码。有关更多信息,请参阅“使用 SSH 密钥密码”。

代码语言:javascript复制
> Enter passphrase (empty for no passphrase): [Type a passphrase]
> Enter same passphrase again: [Type passphrase again]

注意 关键在这一步,需要直接按 Enter,这样就无需密码

代码语言:javascript复制
/c/Users/yiyun/.ssh/id_ed25519  # 私钥文件
/c/Users/yiyun/.ssh/id_ed25519.pub # 公钥文件

Settings->Secrets 配置 GITEE_RSA_PRIVATE_KEY, 内容为私钥文件内容,

Gitee, GitHub 添加公钥

CodeQL

参考:

  • vant/codeql-analysis.yml at dev · youzan/vant
  • github/codeql-action: Actions for running CodeQL analysis

codeql-analysis.yml

代码语言:javascript复制
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"

on:
  push:
    branches: [ dev ]
  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ dev ]
  schedule:
    - cron: '36 21 * * 2'

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write

    strategy:
      fail-fast: false
      matrix:
        language: [ 'javascript' ]
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
        # Learn more:
        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
        # By default, queries listed here will override any specified in a config file.
        # Prefix the list here with " " to use these queries and those in the config file.
        # queries: ./path/to/local/query, your-org/your-repo/queries@main

    # Autobuild attempts to build any compiled languages  (C/C  , C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
      uses: github/codeql-action/autobuild@v1

    # ℹ️ Command-line programs to run using the OS shell.
    # 


	


npm github git ssh 开源 




	






	

 0 人点赞