---
- job:
    name: elastic+eui+npm-publish
    display-name: elastic / eui - npm-publish
    description: "Publish a version of EUI to @inoft/eui on npm"
    scm:
      - git:
          refspec: +refs/heads/*:refs/remotes/origin/*
    triggers: []
    node: linux && immutable && docker
    vault:
      # auth/approle/role/kibana-issues/role-id
      role_id: 443f9500-f443-19ba-d698-1a48e104f8ba
    parameters:
      - choice:
          name: version_type
          description: What semantic version change should be published
          choices:
            - major
            - minor
            - patch
    builders:
      - shell: |-
          #!/usr/local/bin/runbld
          set -eo pipefail

          # initialize nvm
          export NVM_DIR="/var/lib/jenkins/.nvm"
          [[ -s "$NVM_DIR/nvm.sh" ]] && . "$NVM_DIR/nvm.sh" --no-use

          # install correct Node.js version (commands assume presence of .nvmrc)
          nvm install
          nvm use --delete-prefix
          npm install -g yarn
          yarn

          npm run release -- --type=${version_type} --steps=test,build,version,tag

          set +x

          export VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID")

          # add ssh keys to ensure tags can push to Github
          /usr/local/bin/ssh-add-from-vault elastic

          # write npm auth to .npmrc
          NPM_TOKEN=$(vault read -field=token secret/jenkins-ci/npmjs/elasticmachine)
          echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc

          # get 2FA code
          export NPM_OTP=$(vault read --field=code totp/code/npmjs-elasticmachine)

          unset VAULT_ROLE_ID VAULT_SECRET_ID VAULT_ADDR VAULT_TOKEN VAULT_ACCOUNT

          set -x

          npm run release -- --type=${version_type} --steps=publish,docs