cli/.github/workflows/release.yml at main · Shopify/cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
name: Release

on:
  # Trigger for snapit functionality
  issue_comment:
    types:
      - created

  # Trigger for changeset release functionality
  push:
    branches:
      - main
      - stable/*

  # Trigger for manual/cron release functionality
  schedule:
    - cron: '0 6 * * *' # 6:00 AM UTC every day

  workflow_dispatch:
    inputs:
      tag:
        description: 'Tag'
        default: 'nightly'
        type: choice
        options:
          - nightly
          - latest
          - experimental

concurrency:
  group: changeset-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

env:
  PNPM_VERSION: '10.11.1'
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

jobs:
  # Snapit job - runs when /snapit comment is made on a PR
  snapit:
    name: Snapit
    if: ${{ github.event_name == 'issue_comment' && github.event.issue.pull_request && github.event.comment.body == '/snapit' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
      id-token: write
    steps:
      # WARNING: DO NOT RUN ANY CUSTOM LOCAL SCRIPT BEFORE RUNNING THE SNAPIT ACTION
      # This action can be executed by 3rd party users and it should not be able to run arbitrary code from a PR.
      - name: Checkout current branch
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Setup deps
        uses: ./.github/actions/setup-cli-deps
        with:
          node-version: 24.12.0
      - name: Force snapshot changeset
        run: "mv .changeset/force-snapshot-build.md.ignore .changeset/force-snapshot-build.md"
      - name: Create snapshot version
        uses: Shopify/snapit@0fec17dd6a0ae66f2672738dc8086f394218436c # registry-and-package-manager
        with:
          comment_is_global: 'true'
          comment_packages: '@shopify/cli'
          comment_suffix: "
            > [!CAUTION]

            > After installing, validate the version by running `shopify version` in your terminal.

            > If the versions don't match, you might have multiple global instances installed.

            > Use `which shopify` to find out which one you are running and uninstall it."
          comment_command_flags: '--@shopify:registry=https://registry.npmjs.org'
          build_script: "node bin/update-cli-kit-version.js && pnpm nx run-many --target=bundle --all --skip-nx-cache --output-style=stream && pnpm refresh-manifests"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_TOKEN: ''
          NPM_CONFIG_PROVENANCE: true
          SHOPIFY_CLI_BUILD_REPO: ${{ github.repository }}

  # Changeset release job - runs on push to main or stable branches
  changeset-release:
    name: Changeset Release
    if: ${{ github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && github.event.inputs.tag == '') }}
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
      id-token: write
    steps:
      - uses: actions/checkout@v3
        # This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits
        with:
          fetch-depth: 0
      - name: Setup deps
        uses: ./.github/actions/setup-cli-deps
        with:
          node-version: 24.12.0
      - name: Create Release Pull Request
        id: changesets
        uses: changesets/action@6a0a831ff30acef54f2c6aa1cbbc1096b066edaf # v1
        with:
          version: pnpm changeset-manifests
          title: Version Packages - ${{ github.ref_name }}
          createGithubReleases: false
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Publish packages
        if: steps.changesets.outputs.hasChangesets == 'false'
        run: pnpm release latest
        env:
          NPM_TOKEN: ''
          NPM_CONFIG_PROVENANCE: true
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SHOPIFY_CLI_BUILD_REPO: ${{ github.repository }}

      - name: Get version
        id: version
        if: steps.changesets.outputs.hasChangesets == 'false'
        run: |
          VERSION=$(node -p "require('./packages/cli/package.json').version")
          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
          echo "Version: $VERSION"

      - name: Create tag
        if: steps.changesets.outputs.hasChangesets == 'false'
        env:
          TAG: ${{ steps.version.outputs.version }}
        run: |
          set -euo pipefail
          if git ls-remote --exit-code --tags origin "$TAG" >/dev/null 2>&1; then
            echo "Tag $TAG already exists, skipping"
            exit 0
          fi
          git tag "$TAG"
          git push origin "$TAG"
          echo "Created tag $TAG"

      - name: Create stable branch
        if: steps.changesets.outputs.hasChangesets == 'false' && github.ref_name == 'main' && endsWith(steps.version.outputs.version, '.0')
        env:
          VERSION: ${{ steps.version.outputs.version }}
        run: |
          set -euo pipefail
          MINOR=${VERSION%.0}
          BRANCH="stable/$MINOR"
          if git ls-remote --exit-code --heads origin "$BRANCH" >/dev/null 2>&1; then
            echo "Branch $BRANCH already exists, skipping"
            exit 0
          fi
          git push origin "HEAD:refs/heads/$BRANCH"
          echo "Created branch $BRANCH"

      - name: Create GitHub release
        if: steps.changesets.outputs.hasChangesets == 'false'
        env:
          TAG: ${{ steps.version.outputs.version }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          set -euo pipefail
          if gh release view "$TAG" >/dev/null 2>&1; then
            echo "Release $TAG already exists, skipping"
            exit 0
          fi
          gh release create "$TAG" \
            --title "$TAG" \
            --generate-notes \
            --latest=legacy
          echo "Created release $TAG"

  # Manual/Cron release job - runs on schedule or manual trigger with tag
  manual-cron-release:
    name: Manual & Cron Release
    if: ${{ github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.tag != '') }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
      id-token: write
    steps:
      - uses: actions/checkout@v3
        # This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits
        with:
          fetch-depth: 0
      - name: Setup deps
        uses: ./.github/actions/setup-cli-deps
        with:
          node-version: 24.12.0
      - name: Release
        run: pnpm release ${{ github.event.inputs.tag || 'nightly' }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_TOKEN: ''
          NPM_CONFIG_PROVENANCE: true
          SHOPIFY_CLI_BUILD_REPO: ${{ github.repository }}