chore: update release documentation

ancheetah · ancheetah · commit 25ec15babce0 · 2026-03-23T13:06:08.000-04:00
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -5,29 +5,28 @@ on:
       - main
   workflow_dispatch:
     inputs:
-      branch:
-        description: 'Branch/ref to publish from'
-        required: false
-        default: 'main'
-        type: string
-      dist_tag:
-        description: 'npm dist-tag'
+      snapshot_tag:
+        description: 'changesets snapshot tag (beta/canary)'
         required: false
         default: 'beta'
         type: string
-      prerelease:
-        description: 'changesets prerelease tag (beta/canary)'
+      npm_tag:
+        description: 'npm dist-tag for publishing snapshot'
         required: false
         default: 'beta'
         type: string
-      access:
-        description: 'npm access'
+      npm_access:
+        description: 'access level for publishing snapshot to npm'
         required: false
         default: 'public'
-        type: string
+        type: choice
+        options:
+          - public
+          - restricted
 env:
   NX_CLOUD_ENCRYPTION_KEY: ${{ secrets.NX_CLOUD_ENCRYPTION_KEY }}
   NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
+  SLACK_WEBHOOK_URL_BETA: ${{ secrets.SLACK_WEBHOOK_URL_BETA }}
   PNPM_CACHE_FOLDER: .pnpm-store
   CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
   CI: true
@@ -97,7 +96,7 @@ jobs:
 
   snapshot:
     if: ${{ github.event_name == 'workflow_dispatch' }}
-    name: Publish Snapshots
+    name: Publish snapshot/beta to npm
     permissions:
       contents: write
       id-token: write
@@ -107,22 +106,55 @@ jobs:
     env:
       HUSKY: 0
     steps:
-      - uses: actions/checkout@v4
+      - name: Branch name
+        run: |
+          echo "Checking out branch: ${{ github.ref_name }}"
+
+      # Checkout the branch selected when triggering the workflow
+      - name: Checkout repository
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           token: ${{ secrets.GH_TOKEN }}
-          ref: ${{ inputs.branch }}
 
       - name: Setup Project
         uses: ./.github/actions/setup
         with:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
-      - name: Version Packages as prerelease
-        run: pnpm changeset version --snapshot ${{ inputs.prerelease }}
+      - name: Version Packages for snapshot
+        run: pnpm changeset version --snapshot ${{ inputs.snapshot_tag }}
         env:
           GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
 
-      # The actual npm publish that must occur in the authorized file
-      - name: Publish packages with dist-tag
-        run: pnpm publish -r --tag ${{ inputs.dist_tag }} --no-git-checks --access ${{ inputs.access }}
+      - name: Publish packages snapshot with npm_tag
+        id: npmpublish
+        run: pnpm publish -r --tag ${{ inputs.npm_tag }} --no-git-checks --access ${{ inputs.npm_access }}
+
+      - name: Format published packages for Slack
+        if: steps.npmpublish.outcome == 'success'
+        id: format-packages
+        env:
+          NPM_TAG: ${{ inputs.npm_tag }}
+          SNAPSHOT_TAG: ${{ inputs.snapshot_tag }}
+        run: |
+          FORMATTED=$(jq -rs --arg tag "$SNAPSHOT_TAG" '[.[] | select(.version | contains($tag))] | .[] | ":package: *\(.name)* `\(.version)`"' packages/*/package.json)
+          PAYLOAD=$(jq -n --arg packages "$FORMATTED" --arg npmTag "$NPM_TAG" '{"npmTag": $npmTag, "publishedPackages": $packages}')
+          echo "payload<<EOF" >> $GITHUB_OUTPUT
+          echo "$PAYLOAD" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
+      - name: Send GitHub Action data to a Slack workflow
+        if: steps.npmpublish.outcome == 'success'
+        id: slack-notify-beta
+        continue-on-error: true
+        uses: slackapi/slack-github-action@v2.1.1
+        with:
+          webhook: ${{ env.SLACK_WEBHOOK_URL_BETA }}
+          webhook-type: webhook-trigger
+          payload: ${{ steps.format-packages.outputs.payload }}
+
+      - name: Warn if Slack notification failed
+        if: steps.slack-notify-beta.outcome == 'failure'
+        run: |
+          echo "::warning::Slack beta notification failed. Check the webhook URL and payload format."
diff --git a/contributing_docs/releases.md b/contributing_docs/releases.md
@@ -4,6 +4,15 @@ We use changesets to handle publishing of all packages in the repository.
 Please see the changesets repository for documentation on how to use
 changesets. Below will be a brief summary.
 
+## Table of Contents
+
+- [Adding a changeset](#adding-a-changeset)
+- [Versioning](#versioning)
+- [Adding a package to the repository](#adding-a-package-to-the-repository)
+- [Testing a package publish](#testing-a-package-publish)
+- [First time releasing a package](#first-time-releasing-a-package)
+- [Publishing a beta](#publishing-a-beta)
+
 ## Adding a changeset
 
 You can run `pnpm changeset` in order to add a changeset. You then
@@ -55,43 +64,72 @@ This is common for `e2e` related applications. We don't version or care
 about publishing them. You will see in the `.changesets/config.json` these are listed
 in the `ignore` field, and they will all have `private:true` in the package.json
 
+## Testing a package publish
+
+In order to test a package publish, you should use `verdaccio`.
+
+We provide verdaccio two ways:
+
+1. `pnpm nx run local-registry`. This command will spawn a private npm registry. It also _should_ update your local `.npmrc` file to point here.
+
+   You can then publish your package like so:
+
+   ```bash
+     pnpm changeset version
+     pnpm publish packages/{your_package} --dry-run --no-git-checks --registry=http://localhost:4873
+   ```
+
+   **Notes**:
+   - The `changeset` command will version your packages before the test release. To version them as a beta add `--snapshot beta` to the changeset command
+   - I am including the `dry-run` flag here so if you copy paste it, you will "dry-run" the publish.
+   - I also like to add the `registry` flag, as a secondary check to make sure I publish to this registry.
+   - The `-r` flag is necessary if your package requires other workspace packages to be published. This command runs `publish` recursively via pnpm's topological graph. To publish all packages, include the `-r` flag and remove `packages/{yourpackage}` from the publish command.
+   - Include the `--no-git-checks` flag to ignore the changes made by the versioning command
+   - To test publish a beta, add `--tag beta`
+   - If you are publishing from a branch other than `main`, add `--publish-branch {branch-name}`
+
+2. Publishing to a hosted private registry: Please message `@ryan.basmajian` on Slack.
+
 ## First time releasing a package
 
-If your package is ready to be released, and has never been released before,
-(the package.json `name` field does not exist on `npm`), then it is critical that
-your `{packageRoot}/package.json` has the following:
+If your package is ready to be released, and has never been released before, (the package.json `name` field does not exist on `npm`), then it is critical that the package be published manually as a beta first.
 
-```
+First ensure that the `{packageRoot}/package.json` has the following:
+
+```json
 "publishConfig": {
   "access": "public"
 }
 ```
 
-If your package does not contain this information, your package publishing **WILL**
-break the publish pipeline.
+When the package is officially ready for release, you should also delete the `private: true` from the `{projectRoot}/package.json`.
 
-This is because all packages in this repository are published with `npm provenance`.
-You can read about the requirements [here](https://docs.npmjs.com/generating-provenance-statements#prerequisites).
+Then publish the package to npm:
 
-## Testing a package publish
+```bash
+# Version packages for beta
+pnpm changeset version --snapshot beta
+# Check that the beta tag is correct in a dry run
+pnpm publish <package-name> --tag beta --no-git-checks --access public --dry-run
+# Publish beta for the first time
+pnpm publish <package-name> --tag beta --no-git-checks --access public
+```
 
-In order to test a package publish, you should use `verdaccio`.
+If you do not do this, your package publishing **WILL** break the publish pipeline. Publishing manually first prevents the package being published as the default private.
 
-We provide verdaccio two ways:
+Next set up provenance and trusted publishing. With trusted publishing enabled, provenance attestations will be generated automatically. Learn more [here](https://docs.npmjs.com/trusted-publishers#automatic-provenance-generation).
+
+To set up trusted publishing, follow the instructions [here](https://docs.npmjs.com/trusted-publishers#for-github-actions). Configure the following fields:
 
-- `pnpm nx run local-registry`. This command will spawn a private npm registry.
-  It also _should_ update your local `.npmrc` file to point here.
+- **Publisher**: GitHub Actions
+- **Organization**: ForgeRock
+- **Repository**: ping-javascript-sdk
+- **Workflow filename**: publish.yml
 
-  You can then publish your package like so:
+Additionally, set the publishing access to `Require two-factor authentication and disallow tokens`.
 
-  ```bash
-    pnpm publish packages/{your_package} --dry-run --registry=http://localhost:4873
-  ```
+You should now be able to publish with provenance from GitHub Actions. To learn how to publish a beta from GitHub Actions see the next section [Publishing a beta](#publishing-a-beta) below.
 
-  Notes: - I am including the `dry-run` flag here so if you copy paste it,
-  you will "dry-run" the publish. - I also like to add the `registry` flag, as a secondary check to
-  make sure i publish to this registry. - The `-r` flag is necessary if your package requires other workspace packages
-  to be published. This command runs `publish` recursively via pnpm's
-  topological graph.
+## Publishing a beta
 
-- Publishing to a hosted private registry: Please message @ryanbas21 on slack.
+You can trigger a beta publish manually via the `publish.yml` GitHub action. In GitHub, select the `Actions` tab then the `Publish` workflow. Then select the `Run workflow` dropdown on the right-hand side. Select the branch you want to release in the `Use workflow from` dropdown, then fill out the beta release options. Click `Run workflow` and the action will automatically release the changeset snapshot to npm.
