ci: polish publishing via ci pipelines

.changeset/pre.json

@@ -14,7 +14,6 @@
     "@openstapps/minimal-deployment": "2.0.0",
     "@openstapps/minimal-plugin": "2.0.0",
     "@openstapps/app": "2.0.0",
-    "@openstapps/app-release-template": "2.0.0",
     "@openstapps/api": "2.0.0",
     "@openstapps/api-cli": "2.0.0",
     "@openstapps/api-plugin": "2.0.0",

.changeset/silent-maps-float.md

@@ -1,7 +1,6 @@
 ---
 '@openstapps/projectmanagement': patch
 '@openstapps/prettier-config': patch
-'@openstapps/app-release-template': patch
 '@openstapps/es-mapping-generator': patch
 '@openstapps/backend-config': patch
 '@openstapps/eslint-config': patch

.gitlab-ci.yml

@@ -7,14 +7,18 @@
 # ```
 # To your pipeline.
 # https://docs.gitlab.com/ee/ci/pipelines/merge_request_pipelines.html#use-rules-to-add-jobs
+
+.limit_pipelines:
+  rules:
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event' || $CI_COMMIT_BRANCH == 'main' || $CI_COMMIT_BRANCH == 'develop'
+      when: on_success
+    - when: never
+
 include:
   - local: /backend/backend/.gitlab-ci.yml
   - local: /frontend/app/.gitlab-ci.yml
   - local: /.gitlab/schedules.gitlab-ci.yml
   - local: /.gitlab/publishing.gitlab-ci.yml
-    rules:
-      - if: '$CI_COMMIT_MESSAGE =~ /ci: publish release$/'
-        when: always
 
 variables:
   TURBO_CACHE_BYPASS:
@@ -83,6 +87,7 @@ build:
     - if: $CI_COMMIT_BRANCH == 'develop'
       variables:
         DEPLOY_ID: staging
+    - !reference [.limit_pipelines, rules]
 
 stop review:
   stage: build
@@ -121,15 +126,15 @@ unit:
         coverage_format: cobertura
         path: coverage.xml
   rules:
-    - if: $CI_PIPELINE_SOURCE == 'merge_request_event' || $CI_COMMIT_BRANCH == 'main' || $CI_COMMIT_BRANCH == 'develop'
+    - !reference [.limit_pipelines, rules]
 
 audit:
   stage: audit
+  allow_failure: true
   needs: []
   script:
     - pnpm audit --prod
   rules:
-    - if: $CI_PIPELINE_SOURCE == 'merge_request_event' || $CI_COMMIT_BRANCH == 'develop'
-      allow_failure: true
     - if: $CI_COMMIT_BRANCH == 'main'
       allow_failure: false
+    - !reference [.limit_pipelines, rules]

.gitlab/publishing.gitlab-ci.yml

@@ -1,6 +1,6 @@
-.limit_publishing:
-    - if: $CI_PIPELINE_SOURCE != "schedule"
-      when: on_success
+.limit_publish_pipelines:
+  rules:
+      - if: '($CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "develop") && $CI_COMMIT_MESSAGE =~ /^ci: publish release/ && $CI_PIPELINE_SOURCE != "schedule"'
 
 deploy:
   stage: publish
@@ -12,7 +12,8 @@ deploy:
     paths:
       - ./.deploy
       - ./frontend/app/www
-  rules: !reference [.limit_publishing]
+  rules:
+    - !reference [.limit_publish_pipelines, rules]
 
 publish image:
   stage: publish
@@ -23,14 +24,15 @@ publish image:
   image:
     name: gcr.io/kaniko-project/executor:v1.12.1-debug
     entrypoint: [""]
+  variables:
+    PUBLISH_TAG: next
   script:
     - >
        /kaniko/executor
        --context "${CI_PROJECT_DIR}/${DEPLOY_DIR}"
        --dockerfile "${CI_PROJECT_DIR}/${DEPLOY_DIR}/Dockerfile"
        --destination "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:$(grep -o '"version": "[^"]*' "${DEPLOY_DIR}/package.json" | cut -d'"' -f4)"
-       --destination "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:latest"
-  rules: !reference [.limit_publishing]
+       --destination "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${PUBLISH_TAG}"
   parallel:
     matrix:
       - IMAGE_NAME: database
@@ -47,6 +49,11 @@ publish image:
         DEPLOY_DIR: .deploy/minimal-plugin
       - IMAGE_NAME: app
         DEPLOY_DIR: frontend/app
+  rules:
+    - if: $CI_COMMIT_BRANCH == 'main'
+      variables:
+        PUBLISH_TAG: latest
+    - !reference [.limit_publish_pipelines, rules]
 
 publish packages:
   stage: publish
@@ -54,18 +61,17 @@ publish packages:
   variables:
     GIT_STRATEGY: clone
     GIT_DEPTH: 0
+    PUBLISH_TAG: next
   script:
     - pnpm install
     - pnpm build
-    - pnpm publish -r --publish-branch ${PUBLISH_BRANCH} --tag ${PUBLISH_TAG} --no-git-checks # TODO: Git checks...
+    - pnpm config set '//registry.npmjs.org/:_authToken' "${NPM_AUTH_TOKEN}"
+    - pnpm publish -r --publish-branch ${CI_COMMIT_BRANCH} --tag ${PUBLISH_TAG} --no-git-checks # TODO: Git checks...
   rules:
     - if: $CI_COMMIT_BRANCH == 'main'
       variables:
-        PUBLISH_BRANCH: main
         PUBLISH_TAG: latest
-    - variables:
-        PUBLISH_BRANCH: $CI_COMMIT_BRANCH
-        PUBLISH_TAG: next
+    - !reference [.limit_publish_pipelines, rules]
 
 publish docs:
   stage: publish
@@ -77,3 +83,6 @@ publish docs:
   artifacts:
     paths:
       - public
+  rules:
+    - if: $CI_COMMIT_BRANCH == 'main'
+    - !reference [.limit_publish_pipelines, rules]

.gitlab/schedules.gitlab-ci.yml

@@ -1,6 +1,6 @@
-.limit_base_image_publishing:
-    - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == 'main' 
-      when: always
+.limit_scheduled_pipelines:
+  rules:
+    - if: $CI_COMMIT_BRANCH == 'main' && $CI_PIPELINE_SOURCE == "schedule" 
 
 base image:
   image: docker
@@ -21,7 +21,6 @@ base image:
       docker push "${CI_REGISTRY_IMAGE}/${IMAGE_NAME}"
   cache: {} # disable irrelevant cache for this job
   before_script: [] # do not run irrelevant before script for this job
-  rules: !reference [.limit_base_image_publishing]
   parallel:
     matrix:
       - IMAGE_NAME: node-base
@@ -30,4 +29,5 @@ base image:
         DEPLOY_DIR: images/node-builder
       - IMAGE_NAME: app-builder
         DEPLOY_DIR: images/app-builder
-
+  rules:
+    - !reference [.limit_scheduled_pipelines, rules]

backend/backend/.gitlab-ci.yml

@@ -19,4 +19,4 @@ integration:
       junit:
         - backend/backend/coverage/integration-report-junit.xml
   rules:
-    - if: $CI_PIPELINE_SOURCE == 'merge_request_event' || $CI_COMMIT_BRANCH == 'main' || $CI_COMMIT_BRANCH == 'develop'
+    - !reference [.limit_pipelines, rules]

frontend/app/.gitlab-ci.yml

@@ -19,4 +19,4 @@ e2e:
       - BROWSER: chrome
       - BROWSER: firefox
   rules:
-    - if: $CI_PIPELINE_SOURCE == 'merge_request_event' || $CI_COMMIT_BRANCH == 'main' || $CI_COMMIT_BRANCH == 'develop'
+    - !reference [.limit_pipelines, rules]