From f6c3434a5c675ee794fc2ff81d5e16038e9acb20 Mon Sep 17 00:00:00 2001 From: GigiaJ Date: Mon, 24 Nov 2025 02:20:28 -0600 Subject: [PATCH] Fuck Github. --- .github/workflows/generate.yml | 44 +++++++++++++++++++-------------- .github/workflows/publisher.yml | 30 ---------------------- 2 files changed, 26 insertions(+), 48 deletions(-) delete mode 100644 .github/workflows/publisher.yml diff --git a/.github/workflows/generate.yml b/.github/workflows/generate.yml index 6307cf3..4faa904 100644 --- a/.github/workflows/generate.yml +++ b/.github/workflows/generate.yml @@ -4,23 +4,30 @@ on: workflow_dispatch: schedule: - cron: "0 3 * * 1" + push: + branches: [ main ] + +permissions: + contents: write + id-token: write jobs: - generate-crds: + generate-and-publish: runs-on: ubuntu-latest + steps: - name: Checkout repo uses: actions/checkout@v4 - with: - # VITAL: This token makes the push trigger the NEXT workflow - token: ${{ secrets.GH_PAT }} - - - run: npm install -g npm@latest - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '20' + registry-url: 'https://registry.npmjs.org' + + # Force latest NPM to support OIDC correctly + - name: Update NPM + run: npm install -g npm@latest - name: Install dependencies run: | @@ -29,7 +36,12 @@ jobs: - name: Fetch binaries & Generate run: | - # (Simplified for brevity - keep your existing binary fetch logic here) + GW_VERSION=$(curl -s https://api.github.com/repos/kubernetes-sigs/gateway-api/releases/latest | jq -r .tag_name) + echo "GW_VERSION=$GW_VERSION" >> $GITHUB_ENV + + CM_VERSION=$(curl -s https://api.github.com/repos/cert-manager/cert-manager/releases/latest | jq -r .tag_name) + echo "CM_VERSION=$CM_VERSION" >> $GITHUB_ENV + CRD2PULUMI_VERSION=1.6.0 curl -L "https://github.com/pulumi/crd2pulumi/releases/download/v${CRD2PULUMI_VERSION}/crd2pulumi-v${CRD2PULUMI_VERSION}-linux-amd64.tar.gz" -o crd2pulumi.tar.gz tar -xzf crd2pulumi.tar.gz @@ -38,22 +50,18 @@ jobs: node generate-crds.js - - name: Check for changes - id: git-check - run: | - git diff --exit-code || echo "changes=true" >> $GITHUB_OUTPUT - - - name: Bump Version and Push - if: steps.git-check.outputs.changes == 'true' + - name: Bump version and Commit run: | git config --global user.name "github-actions[bot]" git config --global user.email "github-actions[bot]@users.noreply.github.com" - # Bump version in package.json + # Bump version (updates package.json) npm version patch --no-git-tag-version git add . git commit -m "Update CRDs and bump version" - - # This push (authenticated by GH_PAT) will trigger the publish.yml workflow - git push \ No newline at end of file + git push + + - name: Publish to npm (Trusted Publishing) + if: github.ref == 'refs/heads/main' + run: npm publish --provenance --access public \ No newline at end of file diff --git a/.github/workflows/publisher.yml b/.github/workflows/publisher.yml deleted file mode 100644 index 95c420f..0000000 --- a/.github/workflows/publisher.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Publish to NPM - -on: - push: - branches: [ main ] - -jobs: - publish: - runs-on: ubuntu-latest - permissions: - contents: read - id-token: write - - steps: - - name: Checkout repo - uses: actions/checkout@v4 - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: '20' - registry-url: 'https://registry.npmjs.org' - - - name: Install dependencies - run: npm install - - - name: Publish to npm (Trusted Publishing) - run: npm publish --provenance --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file