ci: run CI on GitHub workflow, not Cloud Build

.github/workflows/ci.yaml

@@ -22,49 +22,69 @@ jobs:
     steps:
       - name: 🛎️ Check out repo
         uses: actions/checkout@v3
+
       - name: ⚙️ Set up Node.js ${{ matrix.node }}
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node }}
-      # TODO: fix trigger for Cloud Build. DO NOT build/test here.
+
       - name: ⚙️ Install dependencies
         run: npm ci
+
       - name: 🔧 Build packages
         run: npm run build
+
       - name: 🔍 Test library @jackdbd/checks
         run: npm run test:ci -w packages/checks
+
+      - name: 🔍 Test library @jackdbd/hapi-healthcheck-plugin
+        run: npm run test:ci -w packages/hapi-healthcheck-plugin
+
+      - name: 🔍 Test library @jackdbd/hapi-ip-whitelist-plugin
+        run: npm run test:ci -w packages/hapi-ip-whitelist-plugin
+
+      - name: 🔍 Test library @jackdbd/plausible-client
+        env:
+          PLAUSIBLE: ${{ secrets.PLAUSIBLE }}
+        run: npm run test:ci -w packages/plausible-client
+
+      # - name: 🔍 Test library @jackdbd/secret-manager-utils
+      #   env:
+      #     SA_SECRET_MANAGER_ADMIN_TEST: ${{ secrets.SA_SECRET_MANAGER_ADMIN_TEST }}
+      #   run: npm run test:ci -w packages/secret-manager-utils
+
       - name: 🔍 Test library @jackdbd/telegram-text-messages
         run: npm run test:ci -w packages/telegram-text-messages
+
       - name: 🔍 Test library @jackdbd/utils
         run: npm run test:ci -w packages/utils
 
+      - name: ⬆️ Upload test coverage to Codecov
+        # https://github.com/marketplace/actions/codecov
+        uses: codecov/[email protected]
+        with:
+          fail_ci_if_error: true
+          verbose: true
 
-
-      # - name: ⬆️ Upload test coverage to Codecov
-      #   # https://github.com/marketplace/actions/codecov
-      #   uses: codecov/[email protected]
-      #   with:
-      #     fail_ci_if_error: true
-      #     verbose: true
       # TODO: fix trigger for Cloud Build. DO build on Cloud Build.
-      - name: 🛂 Authenticate to Google Cloud
-        # https://github.com/google-github-actions/auth
-        uses: google-github-actions/auth@v0
-        with:
-          credentials_json: ${{ secrets.SA_GITHUB_WORKFLOWS }}
-      - name: ⚙️ Set up gcloud
-        # https://github.com/marketplace/actions/set-up-gcloud-cloud-sdk-environment
-        uses: google-github-actions/setup-gcloud@v0
-      - name: 🔑 Refresh access token for Artifact Registry
-        run: npx google-artifactregistry-auth --repo-config ./config/repo-config-npmrc-artifact-registry --verbose
-      - run: gcloud info
-      - name: ⚡ Trigger build on Cloud Build
-        # reminder for YAML single-line and multi-line strings
-        # https://stackoverflow.com/a/3790497/3036129
-        run: >
-          gcloud builds submit
-          --config cloudbuild.yaml
-          --project ${{ secrets.GCP_PROJECT_ID }}
-          --async
-          --substitutions _NODE_VERSION=${{ matrix.node }}
-          --timeout 9m59s
+      # - name: 🛂 Authenticate to Google Cloud
+      #   # https://github.com/google-github-actions/auth
+      #   uses: google-github-actions/auth@v0
+      #   with:
+      #     credentials_json: ${{ secrets.SA_GITHUB_WORKFLOWS }}
+      # - name: ⚙️ Set up gcloud
+      #   # https://github.com/marketplace/actions/set-up-gcloud-cloud-sdk-environment
+      #   uses: google-github-actions/setup-gcloud@v0
+      # - name: 🔑 Refresh access token for Artifact Registry
+      #   run: npx google-artifactregistry-auth --repo-config ./config/repo-config-npmrc-artifact-registry --verbose
+      # - run: gcloud info
+      # - name: ⚡ Trigger build on Cloud Build
+      #   # reminder for YAML single-line and multi-line strings
+      #   # https://stackoverflow.com/a/3790497/3036129
+      #   run: >
+      #     gcloud builds submit
+      #     --config cloudbuild.yaml
+      #     --project ${{ secrets.GCP_PROJECT_ID }}
+      #     --async
+      #     --substitutions _NODE_VERSION=${{ matrix.node }}
+      #     --timeout 9m59s

.github/workflows/notify-of-workflow-run-conclusion.yml

@@ -10,12 +10,6 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.event.workflow_run.conclusion == 'failure' }}
     steps:
-      # - name: Dump github.event
-      #   run: echo '${{ toJSON(github.event) }}'
-      - name: Dump TELEGRAM to JSON
-        run: echo '${{ toJSON(secrets.TELEGRAM) }}'
-      - name: Dump TELEGRAM from JSON
-        run: echo '${{ fromJSON(secrets.TELEGRAM) }}'
       - name: 💬 Notify Telegram of workflow run FAILURE
         # https://github.com/appleboy/telegram-action
         uses: appleboy/[email protected]
@@ -30,11 +24,13 @@ jobs:
           disable_web_page_preview: true
           # https://core.telegram.org/bots/api#formatting-options
           message: |
-            <b>⚠️ GitHub workflow ${{ github.event.workflow_run.name }} in ${{ github.event.repository.name }} failed 💔</b>
+            <b>⚠️ GitHub workflow failure 💔</b>
 
             Repository: <a href="${{ github.event.repository.html_url }}">${{ github.event.repository.full_name }}</a>
 
-            Run ID: <a href="${{ github.event.workflow_run.html_url }}">${{ github.event.workflow_run.id }}</a>
+            Workflow: <a href="${{ github.event.workflow_run.html_url }}">${{ github.event.workflow_run.name }}</a>
+
+            Workflow Run ID: <a href="${{ github.event.workflow_run.html_url }}?check_suite_focus=true">${{ github.event.workflow_run.id }}</a>
 
   on-success:
     runs-on: ubuntu-latest
@@ -50,8 +46,10 @@ jobs:
           format: html
           disable_web_page_preview: true
           message: |
-            <b>✅ GitHub workflow ${{ github.event.workflow_run.name }} in ${{ github.event.repository.name }} ran successfully 💖</b>
+            <b>✅ GitHub workflow success 💖</b>
 
             Repository: <a href="${{ github.event.repository.html_url }}">${{ github.event.repository.full_name }}</a>
 
-            Run ID: <a href="${{ github.event.workflow_run.html_url }}">${{ github.event.workflow_run.id }}</a>
+            Workflow: <a href="${{ github.event.workflow_run.html_url }}">${{ github.event.workflow_run.name }}</a>
+
+            Workflow Run ID: <a href="${{ github.event.workflow_run.html_url }}?check_suite_focus=true">${{ github.event.workflow_run.id }}</a>

.github/workflows/release.yaml

@@ -16,34 +16,74 @@ jobs:
     steps:
       - name: 🛎️ Check out repo
         uses: actions/checkout@v3
+
       - name: ⚙️ Set up Node.js ${{ matrix.node }}
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node }}
+
       - name: 🛂 Authenticate to Google Cloud
         # https://github.com/google-github-actions/auth
         uses: google-github-actions/auth@v0
         with:
           credentials_json: ${{ secrets.SA_ARTIFACT_REGISTRY_WRITER }}
+
       - name: ⚙️ Set up gcloud
         # https://github.com/marketplace/actions/set-up-gcloud-cloud-sdk-environment
         uses: google-github-actions/setup-gcloud@v0
+
       - run: gcloud info
+
       - name: 🔑 Refresh access token for Artifact Registry
         run: npx google-artifactregistry-auth --repo-config ./config/repo-config-npmrc-artifact-registry --verbose
+
       # - run: npm cache clean --force
+
       - name: ⬇️ Install dependencies
         run: npm ci
+
       - name: 🛡️ Audit dependencies
         # https://docs.npmjs.com/cli/v8/commands/npm-audit#audit-level
         run: npm audit --audit-level high
+
       - name: 🔧 Build all libraries
         run: npm run build:libs
-      - name: 📋 Copy dotfiles to each package root
-        run: npm run copy-dotfiles
+
+      # - name: 📋 Copy dotfiles to each package root
+      #   run: npm run copy-dotfiles
+      # - name: Dump ARTIFACT REGISTRY
+      #   run: echo 'MY PRIVATE REPO https://${{ fromJSON(secrets.ARTIFACT_REGISTRY).repository_location_id }}-npm.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/${{ fromJSON(secrets.ARTIFACT_REGISTRY).repository_id }}/'
       - name: 🚀 Release to Artifact Registry with multi-semantic-release
         env:
-          # The github token must allow to push to this repository.
+          # The github token must allow to push to this GitHub repository.
           GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_BOT_GITHUB_TOKEN }}
           GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.SA_ARTIFACT_REGISTRY_WRITER }}
+          # https://github.com/semantic-release/npm#npm-configuration
+          NPM_CONFIG_REGISTRY: https://${{ fromJSON(secrets.ARTIFACT_REGISTRY).repository_location_id }}-npm.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/${{ fromJSON(secrets.ARTIFACT_REGISTRY).repository_id }}/
         run: npm run release
+
+      - name: ⚡ Trigger Cloud Build to release to npmjs latest version of @jackdbd/checks
+        continue-on-error: true
+        # reminder for YAML single-line and multi-line strings
+        # https://stackoverflow.com/a/3790497/3036129
+        # We MUST use --async because GCP will not allow to stream logs to
+        # GitHub, unless we do one of the following (I think, I'm not 100% sure):
+        # - we give the appropriate IAM permissions to the service account used
+        #   by Cloud Build, or...
+        # - we set GCS_ONLY in the Cloud Build config file for this build
+        # https://cloud.google.com/build/docs/securing-builds/store-manage-build-logs
+        run: >
+          gcloud builds submit ./cloud-build
+          --config cloud-build/publish-to-npmjs.yaml
+          --substitutions _NODE_VERSION=${{ matrix.node }},_NPM_PACKAGE_NAME=checks
+          --timeout 4m59s
+          --async
+
+      - name: ⚡ Trigger Cloud Build to release to npmjs latest version of @jackdbd/utils
+        continue-on-error: true
+        run: >
+          gcloud builds submit ./cloud-build
+          --config cloud-build/publish-to-npmjs.yaml
+          --substitutions _NODE_VERSION=${{ matrix.node }},_NPM_PACKAGE_NAME=utils
+          --timeout 4m59s
+          --async

.github/workflows/size-report.yaml

@@ -16,29 +16,45 @@ jobs:
     steps:
       - name: 🛎️ Check out repo
         uses: actions/checkout@v3
+
       - name: ⚙️ Set up Node.js ${{ matrix.node }}
         uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node }}
+
       - name: 🛂 Authenticate to Google Cloud
         # https://github.com/google-github-actions/auth
         uses: google-github-actions/auth@v0
         with:
           credentials_json: ${{ secrets.SA_GITHUB_WORKFLOWS }}
+
       - name: ⚙️ Set up gcloud
         # https://github.com/marketplace/actions/set-up-gcloud-cloud-sdk-environment
         uses: google-github-actions/setup-gcloud@v0
+
       - run: gcloud info
+
       - name: 🔑 Refresh access token for Artifact Registry
         run: npx google-artifactregistry-auth --repo-config ./config/repo-config-npmrc-artifact-registry --verbose
+
+      - name: ⚡ Trigger Cloud Build to release to npmjs latest version of @jackdbd/utils
+        continue-on-error: true
+        run: >
+          gcloud builds submit ./cloud-build
+          --config cloud-build/publish-to-npmjs.yaml
+          --substitutions _NODE_VERSION=${{ matrix.node }},_NPM_PACKAGE_NAME=utils
+          --timeout 4m59s
+          --async
+
       - name: 📝 Package size report
         # https://github.com/marketplace/actions/pkg-size-action
         uses: pkg-size/action@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           build-command: 'npm run build'
-          comment-report: false
-          display-size: 'uncompressed,gzip'
+          comment-report: true
+          display-size: 'uncompressed'
+          # display-size: 'uncompressed,gzip'
           # hide-files: '{assets,docs}/**'
           hide-files: '*.{css,js,ts}.map'

assets/templates/library/package.json

@@ -8,7 +8,14 @@
     "url": "https://giacomodebidda.com/"
   },
   "license": "MIT",
+  // this is to prevent accidental publication
+  // https://docs.npmjs.com/cli/v8/configuring-npm/package-json#private
   "private": true,
+  "publishConfig": {
+    // "access" must be "public" if you want to publish scoped packages to npmjs
+    // https://docs.npmjs.com/creating-and-publishing-scoped-public-packages#publishing-scoped-public-packages
+    "access": "public"
+  },
   "keywords": [],
   "repository": {
     "type": "git",
@@ -45,7 +52,6 @@
     "lint": "eslint --config ../../config/eslint.cjs",
     "nuke": "npm run clean && rimraf node_modules 'package-lock.json'",
     "precommit": "lint-staged --config ../../config/lint-staged.cjs",
-    "publish:npm": "../../scripts/publish/npm.mjs",
     "size": "pkg-size ./lib --sort-by=brotli --ignore-files {*.d.ts,*.map}",
     "test": "../../scripts/test.mjs",
     "test:ci": "../../scripts/test.mjs --ci",

cloud-build/README.md

@@ -0,0 +1,20 @@
+# Cloud Build conmfig files and triggers
+
+TODO: add brief explanation
+
+Artifact Registry Repository Administrator
+Cloud Build Service Account
+Cloud Build Service Agent
+Cloud Functions Developer
+<!-- Cloud Run Admin -->
+Secret Manager Secret Accessor
+Service Account User
+
+Cloud Build service account permissions
+https://console.cloud.google.com/cloud-build/settings/service-account?project=prj-kitchen-sink
+
+IAM section of the project
+https://console.cloud.google.com/iam-admin/iam?project=prj-kitchen-sink
+
+Cloud Build Service Account vs Cloud Build Service Agent?
+https://stackoverflow.com/questions/58752932/what-is-the-difference-between-the-cloud-build-service-account-and-service-agent

cloud-build/extract-npm-package.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# https://vaneyckt.io/posts/safer_bash_scripts_with_set_euxo_pipefail/
+set -euxo pipefail
+
+### Uncomment this section to try out the script on my computer ################
+# NPM_SCOPE=jackdbd
+# NPM_PACKAGE_NAME=checks
+# NPM_PACKAGE_VERSION=latest
+# DOWNLOAD_DIR=$(mktemp -d -t npm-pkg-XXXXXXXXXX)
+
+# echo "Download @${NPM_SCOPE}/${NPM_PACKAGE_NAME}@${NPM_PACKAGE_VERSION}"
+# npm pack "@${NPM_SCOPE}/${NPM_PACKAGE_NAME}@${NPM_PACKAGE_VERSION}" \
+#   --pack-destination="${DOWNLOAD_DIR}"
+################################################################################
+
+cd "${DOWNLOAD_DIR}"
+
+tar_filename_with_extension=$(ls -C)
+# https://stackoverflow.com/questions/23431895/how-do-i-split-string-on-last-in-bash
+# https://cloud.google.com/build/docs/configuring-builds/use-bash-and-bindings-in-substitutions#bash_parameter_expansions
+version_with_extension="${tar_filename_with_extension##*-}"
+# echo "version_with_extension ${version_with_extension}"
+version="${version_with_extension%.*}"
+
+echo "Extract ${DOWNLOAD_DIR}/${NPM_SCOPE}-${NPM_PACKAGE_NAME}-${version}"
+tar -xvf "${NPM_SCOPE}-${NPM_PACKAGE_NAME}-${version_with_extension}"
+
+echo "which wget"
+echo which wget
+
+echo "which curl"
+echo which curl

cloud-build/latest-npm-package-version.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# https://vaneyckt.io/posts/safer_bash_scripts_with_set_euxo_pipefail/
+set -euxo pipefail
+
+### Uncomment this section to try out the script on my computer ################
+# NPM_SCOPE=jackdbd
+# NPM_PACKAGE_NAME=checks
+# NPM_PACKAGE_VERSION_FILE=latest-npm-package-version.txt
+# REPO_ID=npm-registry
+# REPO_LOCATION_ID=europe-west3
+################################################################################
+
+echo "Retrieve latest version of @${NPM_SCOPE}/${NPM_PACKAGE_NAME} from Artifact Registry repository \"${REPO_ID}\" (${REPO_LOCATION_ID})"
+
+latest_version=$(gcloud artifacts versions list \
+  --sort-by ~UPDATE_TIME \
+  --limit 1 \
+  --format 'value(format("{0}",name))' \
+  --location ${REPO_LOCATION_ID} \
+  --repository ${REPO_ID} \
+  --package "@${NPM_SCOPE}/${NPM_PACKAGE_NAME}")
+
+echo "write latest version of package @${NPM_SCOPE}/${NPM_PACKAGE_NAME} to ${NPM_PACKAGE_VERSION_FILE}"
+echo "${latest_version}" > ${NPM_PACKAGE_VERSION_FILE}
+cat ${NPM_PACKAGE_VERSION_FILE}