Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: support provenance #1489

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

ci: support provenance #1489

wants to merge 5 commits into from

Conversation

v1v
Copy link
Member

@v1v v1v commented Mar 25, 2024
edited

What does this pull request do?

  • Skip the release steps for the CDN if dry-run=true
  • Enable provenance for the generated files in packages/rum/dist/bundles/*.js
  • Enable provenance in npm
  • Bump lerna from 4 to 6

Provenance is fully supported with GH actions and NPM, see https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions

Further details

See lerna/lerna#3657

Lerna breaking changes for 5 in https://github.com/lerna/lerna/blob/main/CHANGELOG.md#500-2022-05-24 and for 6 in https://github.com/lerna/lerna/blob/main/CHANGELOG.md#600-2022-10-12

Related issues

Closes #ISSUE

Test

See this build but it's not doing much since no changes are found in lerna :/

@v1v v1v marked this pull request as ready for review April 29, 2024 10:40
@v1v v1v requested review from vigneshshanmugam, devcorpio and a team April 29, 2024 10:41
@v1v v1v self-assigned this Apr 29, 2024
@v1v v1v changed the title ci: support provenance phase 1 ci: support provenance Apr 29, 2024
vigneshshanmugam
vigneshshanmugam reviewed Apr 29, 2024
View reviewed changes
package.json
@@ -151,7 +151,7 @@
"karma-sourcemap-loader": "^0.3.7",
"karma-spec-reporter": "^0.0.31",
"karma-webpack": "^5.0.0",
"lerna": "^4.0.0",
"lerna": "^6.6.2",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hopefully this upgrade doesn't cause lots of headache 🚨 Sorry about that.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, I tried to use the oldest with support for provenance... and I don't know if we are ready to support this

@v1v @reakaleek
Update .github/workflows/release.yml
b7820a7 
Co-authored-by: Jan Calanog <jan.calanog@elastic.co>
reakaleek
reakaleek reviewed May 6, 2024
View reviewed changes
.github/workflows/release.yml
@@ -109,8 +113,14 @@ jobs:
name: 'Prepare CDN release'
run: echo "versions=$(npm run --silent ci:prepare-release)" >> ${GITHUB_OUTPUT}

- name: generate build provenance
if: ${{ always() && hashFiles('packages/rum/dist/bundles/*.js')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, there were missing }} in the suggestion.

Suggested change
if: ${{ always() && hashFiles('packages/rum/dist/bundles/*.js')
if: ${{ always() && hashFiles('packages/rum/dist/bundles/*.js') }}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vigneshshanmugam vigneshshanmugam vigneshshanmugam left review comments

@reakaleek reakaleek reakaleek left review comments

@devcorpio devcorpio Awaiting requested review from devcorpio

At least 1 approving review is required to merge this pull request.

Assignees

@v1v v1v

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@v1v @vigneshshanmugam @reakaleek