Merge pull request #412 from Permify/omer/auto-release

feat: auto publish with permify tag

Author: omer-topal

.github/workflows/auto-release.yml

@@ -0,0 +1,61 @@
+name: Auto Release
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - 'package.json'
+      - 'package-lock.json'
+      - 'proto/**'
+      - 'src/**'
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    name: Create SDK Release
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          fetch-depth: 0
+
+      - name: Create tag and release
+        env:
+          GH_TOKEN: ${{ secrets.PAT_TOKEN }}
+        run: |
+          PACKAGE_VERSION="$(sed -n 's/^[[:space:]]*"version":[[:space:]]*"\([^"]*\)".*/\1/p' package.json | head -n 1)"
+
+          if [ -z "${PACKAGE_VERSION}" ]; then
+            echo "Package version is empty. Skipping release creation."
+            exit 0
+          fi
+
+          TAG_NAME="v${PACKAGE_VERSION}"
+
+          if git rev-parse -q --verify "refs/tags/${TAG_NAME}" >/dev/null; then
+            echo "Tag ${TAG_NAME} already exists. Skipping release creation."
+            exit 0
+          fi
+
+          echo "Creating release ${TAG_NAME}"
+          git config --global user.name "GitHub Actions Bot"
+          git config --global user.email "<>"
+          git tag -a "${TAG_NAME}" -m "Release ${TAG_NAME}"
+          git push origin "${TAG_NAME}"
+
+          gh release create "${TAG_NAME}" \
+            --repo "${GITHUB_REPOSITORY}" \
+            --title "${TAG_NAME}" \
+            --generate-notes

.github/workflows/protos.yml

@@ -1,9 +1,12 @@
 name: Update Permify Proto Definitions
 
 on:
-  push:
-    branches: [ "main" ]
   workflow_dispatch:
+    inputs:
+      version:
+        description: "Release version from the Permify repo (for example v1.6.9)"
+        required: false
+        type: string
 
 permissions:
   contents: write
@@ -66,6 +69,18 @@ jobs:
        - name: Generate Code with Buf
          run: yarn buf:generate
 
+       - name: Write package version
+         if: ${{ github.event.inputs.version != '' }}
+         run: npm version "${VERSION#v}" --no-git-tag-version --allow-same-version
+         env:
+           VERSION: ${{ github.event.inputs.version }}
+
+       - name: Build
+         run: yarn build
+
+       - name: Run tests
+         run: yarn run-instance
+
        - name: Commit changes
          id: commitchanges
          run: |
@@ -91,6 +106,17 @@ jobs:
            if [ -n "${PR_NUMBER}" ]; then
              gh pr edit "${PR_NUMBER}" --title "${PR_TITLE}" --body "${PR_BODY}"
            else
-             gh pr create --base main --head "${BRANCH_NAME}" --title "${PR_TITLE}" --body "${PR_BODY}" --label dependencies --label automated
+             CREATE_ARGS=(--base main --head "${BRANCH_NAME}" --title "${PR_TITLE}" --body "${PR_BODY}")
+             LABELS="$(gh label list --json name --jq '.[].name' || true)"
+
+             if printf '%s\n' "${LABELS}" | grep -qx 'dependencies'; then
+               CREATE_ARGS+=(--label dependencies)
+             fi
+
+             if printf '%s\n' "${LABELS}" | grep -qx 'automated'; then
+               CREATE_ARGS+=(--label automated)
+             fi
+
+             gh pr create "${CREATE_ARGS[@]}"
            fi
          shell: bash

.github/workflows/publish.yml

@@ -29,14 +29,17 @@ jobs:
 
       - name: Build
         run: yarn build
+
+      - name: Run tests
+        run: yarn run-instance
 
       - name: Write release version
         run: |
           VERSION=${GITHUB_REF_NAME#v}
           echo Version: $VERSION
           echo "VERSION=$VERSION" >> $GITHUB_ENV
       
-      - run: "npm version ${VERSION} --no-git-tag-version"
+      - run: "npm version ${VERSION} --no-git-tag-version --allow-same-version"
 
       - name: Publish to NPM
         run: npm publish --access public

docker-compose.yaml

@@ -1,5 +1,5 @@
 services:
   permify:
-    image: "ghcr.io/permify/permify:v1.5.0"
+    image: "ghcr.io/permify/permify:v1.6.9"
     ports: ['3478:3478']
     command: "serve"

package.json

@@ -13,6 +13,7 @@
   ],
   "scripts": {
     "run-instance": "scripts/run-instance.sh",
+    "test": "yarn run-test",
     "run-test": "ts-node node_modules/jasmine/bin/jasmine --config=jasmine.json",
     "lint": "eslint \"src/**/*.ts\"",
     "build": "rm -rf ./dist && npx tsc && cp -r src/grpc/generated dist/src/grpc/",

scripts/commit-changes.sh

@@ -4,7 +4,7 @@ set -euo pipefail
 
 branch_name="${1:?branch name is required}"
 
-if git diff --quiet; then
+if [[ -z "$(git status --porcelain)" ]]; then
   echo "changes_made=0" >> "${GITHUB_OUTPUT}"
   echo "No changes detected"
   exit 0

scripts/run-instance.sh

@@ -2,8 +2,25 @@
 
 set -e
 
+ROOT_DIR="$(CDPATH= cd -- "$(dirname "$0")/.." && pwd)"
+
 exit_code=0
-docker compose up -d --wait
-yarn run || exit_code=$?
+cd "${ROOT_DIR}"
+
+docker compose up -d
+
+for attempt in $(seq 1 60); do
+  if nc -z 127.0.0.1 3478 >/dev/null 2>&1; then
+    yarn run-test || exit_code=$?
+    break
+  fi
+  sleep 1
+done
+
+if [ "${exit_code}" -eq 0 ] && ! nc -z 127.0.0.1 3478 >/dev/null 2>&1; then
+  echo "Permify did not become reachable on 127.0.0.1:3478 within 60 seconds." >&2
+  exit_code=1
+fi
+
 docker compose down
 exit $exit_code