2 Commits

Author SHA1 Message Date
Michael Bradley, Jr
0ca8635538 ci: adjust Nightlies/release job so NPM credentials are always removed
That is, the file `${HOME}/.npmrc` will be deleted by the "Remove NPM
credentials" step even if a previous step failed.
2020-01-20 11:44:26 -06:00
Michael Bradley, Jr
4c7fc6d8cc ci: implement a nightlies GitHub Actions workflow
Implement a GitHub Actions workflow in `.github/workflows/nightlies.yml` named
*Nightlies*, which is scheduled to run once daily at 00:00 UTC.

At present the workflow includes one job named *release*, which is responsible
for publishing prerelease GitHub releases and NPM packages. Each prerelease
created (per package) will have a `nightly` [semver identifier][preid], and
each successive nightly release will be paired with the `nightly`
[dist-tag][dist-tag] on the NPM registry (per package).

During the release job, actions taken in this GitHub repository (commits, tags,
releases) and on the NPM registry (package publication) will be performed using
credentials associated with the following accounts:

* https://github.com/embarkbot
* https://www.npmjs.com/~embarkbot

For that purpose, corresponding [secrets][secrets] (link requires admin access)
were created in this repository consisting of API tokens generated for the
@embarkbot GitHub and NPM accounts. Logins for the @embarkbot accounts
themselves are protected by 2FA.

Implement `scripts/nightly-release.js` (`npm run release:nightly`), which is
responsible for running `lerna publish` in the GitHub Actions workflow. Also
implement `scripts/stable-release.js` (`npm run release:stable`), which is
intended to be run locally by someone on the Embark Team. Both scripts borrow
heavily from the existing `scripts/release.js`, and the process of authoring
and experimenting with them influenced refactors to the latter.

Use a `--force-publish` major-release strategy to prevent major-version drift
between packages in the monorepo. How it works: when the stable-release script
is run (`npm run release:stable`), if the current prerelease version involves a
major version increase relative to the most recent stable release then **all**
packages are bumped to the new major stable version. Otherwise, only the
packages currently in prerelease are graduated to the new minor/patch stable
version. In either case, the `nightly` dist-tag of each package published is
updated to resolve to the new stable version.

The reason for adopting this strategy *(a decision which can be revisited and
changed any time in the future)* is based on a concern that downstream users
would have a confusing developer UX if across `embark-*` packages there are
differing major versions.

To understand how the major-version drift would happen, consider the following
hypothetical scenario where `--force-publish` *isn't* used in stable releases
and `nightly` dist-tags aren't updated to resolve to the latest stable version:
assume the current stable version is `6.5.4`. A breaking change lands for
`embark-core`. The next nightly release bumps `embark-core` and about 40 other
packages to `7.0.0-nightly.0`. However, `embark-utils` (and others) isn't
bumped because it doesn't depend on `embark-core`. Later, without any
intervening changes to `embark-utils`, the prerelease is graduated so that
`embark-core`, etc. bump to `7.0.0`. So then some `embark-*` packages are at
major version `7` while others are still at `6`. *Note* that this is the case
even though this monorepo uses Lerna's *"fixed"* versioning mode. Inside the
monorepo, `lerna` makes sure that everything is okay, i.e. with respect to
automatically updating dependents' version specifiers for their dependencies
that are within the monorepo. But for downstream users things are a bit more
complex. If someone wanted to use `embark-utils` on its own and specified
`^7.0.0` as the version range (after observing that `embark` itself is in a
`7.x` series) it won't work because `embark-utils` is still in `6.x`. In the
general case, users may have to manually cross-check major versions of various
`embark-*` packages that they specify in their projects' `package.json`
files. There are tools like [npm-check-updates][ncu] that can make the task
easier, but there is still likely to be some confusion, especially given the
large and growing number of packages in this monorepo. Another area of
confusion would exist around the `nightly` dist-tag. In the scenario above,
`embark-core@nightly` (and/or `@nightly` of its dependents, e.g. `embark`)
would resolve to `7.0.0-nightly.0` but `embark-utils@nightly` would resolve to
some `6.5.4-nightly.N` (💣), i.e. a prerelease version that predates the
current stable `6.5.4` release of `embark-utils` (and *might* not include all
changes that landed in `embark-utils` prior to that stable release).

By bumping all packages each time there is a major stable release, and by
having the `nightly` dist-tag always point to a package's most recent
release (whether stable or prerelease), the problems described above are
avoided.

To see the `--force-publish` major-release strategy in action take a look at
the [commit history][history] for the
[nightly-release-workflow-tester][mb-nrwt] repo together with the *Versions*
tab of the NPM pages for the [foo][foo], [bar][bar], [baz][baz], and
[quux][quux] packages. Ignore the version history for `<= 2.0.1` because those
pre/releases were made with a different strategy than the current one.

Refactor the existing `scripts/release.js` to make it more flexible generally
and with respect to options that can be forwarded to `lerna`. In particular,
it's now possible to run `lerna version` instead of `lerna publish` (the
default behavior) by using the `--version-only` cli option; when combining that
usage with `--skip-qa` and `--no-push` it's possible to conveniently and
quickly experiment with the [`bump` positional][bump] and additional options
such as `--force-publish`, `--conventional-prerelease`, and
`--conventional-graduate`, i.e. to better understand how `lerna` will update
package versions. That ability should make it much simpler to figure out the
best course of action to take locally (manually) when a nightly release
completely or partially failed (which could happen for a number of reasons), as
well for other scenarios such as making a minor/patch release in a previous
line of major releases, or when making two/more successive stable releases
without a nightly release having happened in the meantime.

An important change to `scripts/release.js` is that by default it makes use of
the `--create-release github` option for `lerna version|publish`. For that to
work, an environment variable named `GH_TOKEN` must be defined with a properly
[scoped][scopes] GitHub [personal access token][pa-token] (`public_repo` scope
is sufficient for creating releases). The same is true for
`scripts/stable-release.js`.

Delete the `.github/PULL_REQUEST_TEMPLATE` directory and the templates it
contained. Unlike for GitHub issue creation, there is no prompt-page for
picking from a repo's PR templates; to use a PR template a `template=[name]`
[query parameter][template-query] must be appended to the URL of the PR
creation page. So the PR templates ended up unused by the Embark Team and
external contributors because it's not convenient to use them. Restore the
default PR template we had in place some time ago (with some small revisions)
since it seems like a helpful starting point, especially for external
contributors. Consistently use all-lowercase filenames for ISSUE/PR templates.

[preid]: https://semver.org/#spec-item-9
[dist-tag]: https://docs.npmjs.com/cli/dist-tag
[secrets]: https://github.com/embarklabs/embark/settings/secrets
[ncu]: https://www.npmjs.com/package/npm-check-updates
[history]: https://github.com/michaelsbradleyjr/nightly-release-workflow-tester/commits/master
[mb-nrwt]: https://github.com/michaelsbradleyjr/nightly-release-workflow-tester/
[foo]: https://www.npmjs.com/package/nightly-release-workflow-tester-foo?activeTab=versions
[bar]: https://www.npmjs.com/package/nightly-release-workflow-tester-bar?activeTab=versions
[baz]: https://www.npmjs.com/package/nightly-release-workflow-tester-baz?activeTab=versions
[quux]: https://www.npmjs.com/package/nightly-release-workflow-tester-quux?activeTab=versions
[bump]: https://github.com/lerna/lerna/tree/master/commands/version#semver-bump
[scopes]: https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/
[pa-token]: https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
[template-query]: https://help.github.com/en/github/building-a-strong-community/creating-a-pull-request-template-for-your-repository
2020-01-16 17:45:26 -06:00