Skip to content

fix: rotate access token and store in github repository secrets #41

fix: rotate access token and store in github repository secrets

fix: rotate access token and store in github repository secrets #41

Workflow file for this run

name: CI
on:
push:
branches:
- main
pull_request:
permissions:
actions: read
contents: read
env:
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
jobs:
main:
runs-on: ubuntu-latest
permissions:
packages: write
contents: write
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.head_ref }}
- name: Setup git
id: git
uses: ./.github/actions/setup-git
# This enables task distribution via Nx Cloud
# Run this command as early as possible, before dependencies are installed
# Learn more at https://nx.dev/ci/reference/nx-cloud-cli#npx-nxcloud-startcirun
# - run: npx nx-cloud start-ci-run --distribute-on="3 linux-medium-js" --stop-agents-after="build"
# Cache node_modules
- uses: actions/setup-node@v4
with:
node-version: 20
cache: 'npm'
- run: npm ci --legacy-peer-deps
- uses: nrwl/nx-set-shas@v4
# Prepend any command with "nx-cloud record --" to record its logs to Nx Cloud
# - run: npx nx-cloud record -- echo Hello World
# Nx Affected runs only tasks affected by the changes in this PR/commit. Learn more: https://nx.dev/ci/features/affected
- run: npx nx affected -t lint test build typecheck docker-build
- name: Version
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
THDK_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if [[ "${{ steps.git.outputs.branch-name }}" == "main" ]]; then
npx nx release --skip-publish --verbose
else
npx nx release version --preid ${{ steps.git.outputs.commit-sha-short }} --no-git-commit --no-git-tag --verbose
fi
- name: Push version bumps, tags and changelogs
if: ${{ steps.git.outputs.branch-name == 'main' }}
run: |
git push
git push --tags
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Publish
run: |
npx nx release publish --yes --verbose
env:
THDK_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}