Fuck Github.

2025-11-24 02:20:28 -06:00
parent e8d4966441
commit f6c3434a5c
2 changed files with 26 additions and 48 deletions
--- a/.github/workflows/generate.yml
+++ b/.github/workflows/generate.yml
@@ -4,23 +4,30 @@ on:
  workflow_dispatch:
  schedule:
    - cron: "0 3 * * 1"
+  push:
+    branches: [ main ]
+
+permissions:
+  contents: write
+  id-token: write 

 jobs:
-  generate-crds:
+  generate-and-publish:
    runs-on: ubuntu-latest
+
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
-        with:
-          # VITAL: This token makes the push trigger the NEXT workflow
-          token: ${{ secrets.GH_PAT }}
-
-      - run: npm install -g npm@latest

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'
+          registry-url: 'https://registry.npmjs.org'
+
+      # Force latest NPM to support OIDC correctly
+      - name: Update NPM
+        run: npm install -g npm@latest

      - name: Install dependencies
        run: |
@@ -29,7 +36,12 @@ jobs:

      - name: Fetch binaries & Generate
        run: |
-          # (Simplified for brevity - keep your existing binary fetch logic here)
+          GW_VERSION=$(curl -s https://api.github.com/repos/kubernetes-sigs/gateway-api/releases/latest | jq -r .tag_name)
+          echo "GW_VERSION=$GW_VERSION" >> $GITHUB_ENV
+          
+          CM_VERSION=$(curl -s https://api.github.com/repos/cert-manager/cert-manager/releases/latest | jq -r .tag_name)
+          echo "CM_VERSION=$CM_VERSION" >> $GITHUB_ENV
+          
          CRD2PULUMI_VERSION=1.6.0
          curl -L "https://github.com/pulumi/crd2pulumi/releases/download/v${CRD2PULUMI_VERSION}/crd2pulumi-v${CRD2PULUMI_VERSION}-linux-amd64.tar.gz" -o crd2pulumi.tar.gz
          tar -xzf crd2pulumi.tar.gz
@@ -38,22 +50,18 @@ jobs:
          
          node generate-crds.js

-      - name: Check for changes
-        id: git-check
-        run: |
-          git diff --exit-code || echo "changes=true" >> $GITHUB_OUTPUT
-
-      - name: Bump Version and Push
-        if: steps.git-check.outputs.changes == 'true'
+      - name: Bump version and Commit
        run: |
          git config --global user.name "github-actions[bot]"
          git config --global user.email "github-actions[bot]@users.noreply.github.com"
          
-          # Bump version in package.json
+          # Bump version (updates package.json)
          npm version patch --no-git-tag-version
          
          git add .
          git commit -m "Update CRDs and bump version"
-          
-          # This push (authenticated by GH_PAT) will trigger the publish.yml workflow
-          git push
+          git push
+
+      - name: Publish to npm (Trusted Publishing)
+        if: github.ref == 'refs/heads/main'
+        run: npm publish --provenance --access public
--- a/.github/workflows/publisher.yml
+++ b/.github/workflows/publisher.yml
@@ -1,30 +0,0 @@
-name: Publish to NPM
-
-on:
-  push:
-    branches: [ main ]
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
-
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-          registry-url: 'https://registry.npmjs.org'
-
-      - name: Install dependencies
-        run: npm install
-
-      - name: Publish to npm (Trusted Publishing)
-        run: npm publish --provenance --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}