2016-03-15 16:21:50 +00:00
|
|
|
/**
|
2018-09-11 22:27:47 +00:00
|
|
|
* Copyright (c) Facebook, Inc. and its affiliates.
|
2016-03-15 16:21:50 +00:00
|
|
|
*
|
2018-02-17 02:24:55 +00:00
|
|
|
* This source code is licensed under the MIT license found in the
|
|
|
|
* LICENSE file in the root directory of this source tree.
|
2018-05-11 20:32:37 +00:00
|
|
|
*
|
|
|
|
* @format
|
2016-03-15 16:21:50 +00:00
|
|
|
*/
|
2018-05-11 20:32:37 +00:00
|
|
|
|
2016-03-15 16:21:50 +00:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This script publishes a new version of react-native to NPM.
|
|
|
|
* It is supposed to run in CI environment, not on a developer's machine.
|
|
|
|
*
|
2018-09-22 16:03:57 +00:00
|
|
|
* To make it easier for developers it uses some logic to identify with which
|
|
|
|
* version to publish the package.
|
2016-03-15 16:21:50 +00:00
|
|
|
*
|
|
|
|
* To cut a branch (and release RC):
|
|
|
|
* - Developer: `git checkout -b 0.XY-stable`
|
2018-09-22 16:03:57 +00:00
|
|
|
* - Developer: `./scripts/bump-oss-version.js v0.XY.0-rc.0`
|
|
|
|
* - CI: test and deploy to npm (run this script) with version `0.XY.0-rc.0`
|
|
|
|
* with tag "next"
|
2016-03-15 16:21:50 +00:00
|
|
|
*
|
|
|
|
* To update RC release:
|
|
|
|
* - Developer: `git checkout 0.XY-stable`
|
|
|
|
* - Developer: cherry-pick whatever changes needed
|
2018-09-22 16:03:57 +00:00
|
|
|
* - Developer: `./scripts/bump-oss-version.js v0.XY.0-rc.1`
|
|
|
|
* - CI: test and deploy to npm (run this script) with version `0.XY.0-rc.1`
|
|
|
|
* with tag "next"
|
2016-03-15 16:21:50 +00:00
|
|
|
*
|
|
|
|
* To publish a release:
|
|
|
|
* - Developer: `git checkout 0.XY-stable`
|
|
|
|
* - Developer: cherry-pick whatever changes needed
|
2018-09-22 16:03:57 +00:00
|
|
|
* - Developer: `./scripts/bump-oss-version.js v0.XY.0`
|
|
|
|
* - CI: test and deploy to npm (run this script) with version `0.XY.0`
|
|
|
|
* and no tag ("latest" is implied by npm)
|
2016-03-15 16:21:50 +00:00
|
|
|
*
|
|
|
|
* To patch old release:
|
|
|
|
* - Developer: `git checkout 0.XY-stable`
|
|
|
|
* - Developer: cherry-pick whatever changes needed
|
|
|
|
* - Developer: `git tag v0.XY.Z`
|
|
|
|
* - Developer: `git push` to git@github.com:facebook/react-native.git (or merge as pull request)
|
|
|
|
* - CI: test and deploy to npm (run this script) with version 0.XY.Z with no tag, npm will not mark it as latest if
|
|
|
|
* there is a version higher than XY
|
|
|
|
*
|
|
|
|
* Important tags:
|
2018-09-22 16:03:57 +00:00
|
|
|
* If tag v0.XY.0-rc.Z is present on the commit then publish to npm with version 0.XY.0-rc.Z and tag next
|
2016-03-15 16:21:50 +00:00
|
|
|
* If tag v0.XY.Z is present on the commit then publish to npm with version 0.XY.Z and no tag (npm will consider it latest)
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*eslint-disable no-undef */
|
2017-10-10 00:37:08 +00:00
|
|
|
require('shelljs/global');
|
2016-03-15 16:21:50 +00:00
|
|
|
|
2018-09-22 16:03:57 +00:00
|
|
|
const buildTag = process.env.CIRCLE_TAG;
|
Use one time password when publishing to npm (#20701)
Summary:
This pull request addresses the failing publish-npm.js script from earlier this week. For background, last month we reset all npm access tokens for any package related to Facebook, and we now require all accounts with publish permissions to have two factor enabled.
The publish-npm.js script relied on one such token that is configured in Circle CI as a envvar. The token has been updated in Circle CI, but we now need a way of passing the one time password to npm.
With this PR, we can now grab the otp from Circle CI's envvars. Considering otps are ephemeral, this requires the NPM_CONFIG_OTP envvar to be set by someone with publishing permissions anytime a new release will be pushed to npm. The token is short lived, but it would still be good to clear the envvar after the package is published. Circle CI envvars are not passed on to PR/forked builds.
This PR is effectively a breaking change for the release process, as the publish step will not succeed if the OTP is not valid.
OTPs are short-lived, and the publish_npm_package job will definitely outlive the token. Unfortunately this will require some timing to get right, but the alternative is to ssh into the Circle CI machine and re-run the `npm publish --otp` command, which again would still require someone with publish access to provide the otp.
Pull Request resolved: https://github.com/facebook/react-native/pull/20701
Differential Revision: D9478488
Pulled By: hramos
fbshipit-source-id: 6af631a9cb425271b98c03d158aec390ebc95304
2018-08-23 06:20:05 +00:00
|
|
|
const otp = process.env.NPM_CONFIG_OTP;
|
2016-03-15 16:21:50 +00:00
|
|
|
|
2018-09-22 16:03:57 +00:00
|
|
|
if (!buildTag) {
|
|
|
|
echo('Error: We publish only from git tags');
|
|
|
|
exit(1);
|
2016-03-15 16:21:50 +00:00
|
|
|
}
|
|
|
|
|
2018-09-22 16:03:57 +00:00
|
|
|
let match = buildTag.match(/^v(\d+\.\d+)\.\d+(?:-.+)?$/);
|
|
|
|
if (!match) {
|
|
|
|
echo('Error: We publish only from release version git tags');
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
// 0.33
|
|
|
|
let [, branchVersion] = match;
|
|
|
|
|
2016-05-23 13:44:37 +00:00
|
|
|
// 34c034298dc9cad5a4553964a5a324450fda0385
|
2017-10-10 00:37:08 +00:00
|
|
|
const currentCommit = exec('git rev-parse HEAD', {silent: true}).stdout.trim();
|
2016-05-23 13:44:37 +00:00
|
|
|
// [34c034298dc9cad5a4553964a5a324450fda0385, refs/heads/0.33-stable, refs/tags/latest, refs/tags/v0.33.1, refs/tags/v0.34.1-rc]
|
2018-05-11 20:32:37 +00:00
|
|
|
const tagsWithVersion = exec(`git ls-remote origin | grep ${currentCommit}`, {
|
|
|
|
silent: true,
|
|
|
|
})
|
2016-05-23 13:44:37 +00:00
|
|
|
.stdout.split(/\s/)
|
|
|
|
// ['refs/tags/v0.33.0', 'refs/tags/v0.33.0-rc', 'refs/tags/v0.33.0-rc1', 'refs/tags/v0.33.0-rc2', 'refs/tags/v0.34.0']
|
2018-05-11 20:32:37 +00:00
|
|
|
.filter(
|
|
|
|
version =>
|
|
|
|
!!version && version.indexOf(`refs/tags/v${branchVersion}`) === 0,
|
|
|
|
)
|
2016-05-23 13:44:37 +00:00
|
|
|
// ['refs/tags/v0.33.0', 'refs/tags/v0.33.0-rc', 'refs/tags/v0.33.0-rc1', 'refs/tags/v0.33.0-rc2']
|
|
|
|
.filter(version => version.indexOf(branchVersion) !== -1)
|
2016-03-15 16:21:50 +00:00
|
|
|
// ['v0.33.0', 'v0.33.0-rc', 'v0.33.0-rc1', 'v0.33.0-rc2']
|
2017-10-10 00:37:08 +00:00
|
|
|
.map(version => version.slice('refs/tags/'.length));
|
2016-03-15 16:21:50 +00:00
|
|
|
|
|
|
|
if (tagsWithVersion.length === 0) {
|
2018-05-11 20:32:37 +00:00
|
|
|
echo(
|
Use one time password when publishing to npm (#20701)
Summary:
This pull request addresses the failing publish-npm.js script from earlier this week. For background, last month we reset all npm access tokens for any package related to Facebook, and we now require all accounts with publish permissions to have two factor enabled.
The publish-npm.js script relied on one such token that is configured in Circle CI as a envvar. The token has been updated in Circle CI, but we now need a way of passing the one time password to npm.
With this PR, we can now grab the otp from Circle CI's envvars. Considering otps are ephemeral, this requires the NPM_CONFIG_OTP envvar to be set by someone with publishing permissions anytime a new release will be pushed to npm. The token is short lived, but it would still be good to clear the envvar after the package is published. Circle CI envvars are not passed on to PR/forked builds.
This PR is effectively a breaking change for the release process, as the publish step will not succeed if the OTP is not valid.
OTPs are short-lived, and the publish_npm_package job will definitely outlive the token. Unfortunately this will require some timing to get right, but the alternative is to ssh into the Circle CI machine and re-run the `npm publish --otp` command, which again would still require someone with publish access to provide the otp.
Pull Request resolved: https://github.com/facebook/react-native/pull/20701
Differential Revision: D9478488
Pulled By: hramos
fbshipit-source-id: 6af631a9cb425271b98c03d158aec390ebc95304
2018-08-23 06:20:05 +00:00
|
|
|
'Error: Cannot find version tag in current commit. To deploy to NPM you must add tag v0.XY.Z[-rc] to your commit',
|
2018-05-11 20:32:37 +00:00
|
|
|
);
|
2016-03-15 16:21:50 +00:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
let releaseVersion;
|
2017-10-10 00:37:08 +00:00
|
|
|
if (tagsWithVersion[0].indexOf('-rc') === -1) {
|
2016-03-15 16:21:50 +00:00
|
|
|
// if first tag on this commit is non -rc then we are making a stable release
|
|
|
|
// '0.33.0'
|
|
|
|
releaseVersion = tagsWithVersion[0].slice(1);
|
|
|
|
} else {
|
|
|
|
// otherwise pick last -rc tag alphabetically
|
|
|
|
// 0.33.0-rc2
|
|
|
|
releaseVersion = tagsWithVersion[tagsWithVersion.length - 1].slice(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
// -------- Generating Android Artifacts with JavaDoc
|
2017-10-10 00:37:08 +00:00
|
|
|
if (exec('./gradlew :ReactAndroid:installArchives').code) {
|
Use one time password when publishing to npm (#20701)
Summary:
This pull request addresses the failing publish-npm.js script from earlier this week. For background, last month we reset all npm access tokens for any package related to Facebook, and we now require all accounts with publish permissions to have two factor enabled.
The publish-npm.js script relied on one such token that is configured in Circle CI as a envvar. The token has been updated in Circle CI, but we now need a way of passing the one time password to npm.
With this PR, we can now grab the otp from Circle CI's envvars. Considering otps are ephemeral, this requires the NPM_CONFIG_OTP envvar to be set by someone with publishing permissions anytime a new release will be pushed to npm. The token is short lived, but it would still be good to clear the envvar after the package is published. Circle CI envvars are not passed on to PR/forked builds.
This PR is effectively a breaking change for the release process, as the publish step will not succeed if the OTP is not valid.
OTPs are short-lived, and the publish_npm_package job will definitely outlive the token. Unfortunately this will require some timing to get right, but the alternative is to ssh into the Circle CI machine and re-run the `npm publish --otp` command, which again would still require someone with publish access to provide the otp.
Pull Request resolved: https://github.com/facebook/react-native/pull/20701
Differential Revision: D9478488
Pulled By: hramos
fbshipit-source-id: 6af631a9cb425271b98c03d158aec390ebc95304
2018-08-23 06:20:05 +00:00
|
|
|
echo('Could not generate artifacts');
|
2016-03-15 16:21:50 +00:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
2016-03-24 15:40:38 +00:00
|
|
|
// undo uncommenting javadoc setting
|
2017-10-10 00:37:08 +00:00
|
|
|
exec('git checkout ReactAndroid/gradle.properties');
|
2016-03-24 15:40:38 +00:00
|
|
|
|
2017-10-10 00:37:08 +00:00
|
|
|
echo('Generated artifacts for Maven');
|
2016-03-15 16:21:50 +00:00
|
|
|
|
2018-05-11 20:32:37 +00:00
|
|
|
let artifacts = ['-javadoc.jar', '-sources.jar', '.aar', '.pom'].map(suffix => {
|
2016-03-15 16:21:50 +00:00
|
|
|
return `react-native-${releaseVersion}${suffix}`;
|
|
|
|
});
|
|
|
|
|
2018-05-11 20:32:37 +00:00
|
|
|
artifacts.forEach(name => {
|
|
|
|
if (
|
|
|
|
!test(
|
|
|
|
'-e',
|
|
|
|
`./android/com/facebook/react/react-native/${releaseVersion}/${name}`,
|
|
|
|
)
|
|
|
|
) {
|
2016-03-15 16:21:50 +00:00
|
|
|
echo(`file ${name} was not generated`);
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
Use one time password when publishing to npm (#20701)
Summary:
This pull request addresses the failing publish-npm.js script from earlier this week. For background, last month we reset all npm access tokens for any package related to Facebook, and we now require all accounts with publish permissions to have two factor enabled.
The publish-npm.js script relied on one such token that is configured in Circle CI as a envvar. The token has been updated in Circle CI, but we now need a way of passing the one time password to npm.
With this PR, we can now grab the otp from Circle CI's envvars. Considering otps are ephemeral, this requires the NPM_CONFIG_OTP envvar to be set by someone with publishing permissions anytime a new release will be pushed to npm. The token is short lived, but it would still be good to clear the envvar after the package is published. Circle CI envvars are not passed on to PR/forked builds.
This PR is effectively a breaking change for the release process, as the publish step will not succeed if the OTP is not valid.
OTPs are short-lived, and the publish_npm_package job will definitely outlive the token. Unfortunately this will require some timing to get right, but the alternative is to ssh into the Circle CI machine and re-run the `npm publish --otp` command, which again would still require someone with publish access to provide the otp.
Pull Request resolved: https://github.com/facebook/react-native/pull/20701
Differential Revision: D9478488
Pulled By: hramos
fbshipit-source-id: 6af631a9cb425271b98c03d158aec390ebc95304
2018-08-23 06:20:05 +00:00
|
|
|
// if version contains -rc, tag as prerelease
|
|
|
|
const tagFlag = releaseVersion.indexOf('-rc') === -1 ? '' : '--tag next';
|
|
|
|
|
|
|
|
// use otp from envvars if available
|
|
|
|
const otpFlag = otp ? `--otp ${otp}` : '';
|
|
|
|
|
|
|
|
if (exec(`npm publish ${tagFlag} ${otpFlag}`).code) {
|
|
|
|
echo('Failed to publish package to npm');
|
|
|
|
exit(1);
|
2016-03-15 16:21:50 +00:00
|
|
|
} else {
|
Use one time password when publishing to npm (#20701)
Summary:
This pull request addresses the failing publish-npm.js script from earlier this week. For background, last month we reset all npm access tokens for any package related to Facebook, and we now require all accounts with publish permissions to have two factor enabled.
The publish-npm.js script relied on one such token that is configured in Circle CI as a envvar. The token has been updated in Circle CI, but we now need a way of passing the one time password to npm.
With this PR, we can now grab the otp from Circle CI's envvars. Considering otps are ephemeral, this requires the NPM_CONFIG_OTP envvar to be set by someone with publishing permissions anytime a new release will be pushed to npm. The token is short lived, but it would still be good to clear the envvar after the package is published. Circle CI envvars are not passed on to PR/forked builds.
This PR is effectively a breaking change for the release process, as the publish step will not succeed if the OTP is not valid.
OTPs are short-lived, and the publish_npm_package job will definitely outlive the token. Unfortunately this will require some timing to get right, but the alternative is to ssh into the Circle CI machine and re-run the `npm publish --otp` command, which again would still require someone with publish access to provide the otp.
Pull Request resolved: https://github.com/facebook/react-native/pull/20701
Differential Revision: D9478488
Pulled By: hramos
fbshipit-source-id: 6af631a9cb425271b98c03d158aec390ebc95304
2018-08-23 06:20:05 +00:00
|
|
|
echo(`Published to npm ${releaseVersion}`);
|
|
|
|
exit(0);
|
2016-03-15 16:21:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*eslint-enable no-undef */
|