|
| 1 | +name: Release Please |
| 2 | + |
| 3 | +# Maintains the single release PR (version bump + Communique-written |
| 4 | +# CHANGELOG section) and, when that PR merges, creates the tag + GitHub |
| 5 | +# Release and dispatches the tag-driven Release pipeline. |
| 6 | +# |
| 7 | +# Runs release-please as a library (src/tools/release-please-runner.ts) |
| 8 | +# instead of googleapis/release-please-action because the stock action cannot |
| 9 | +# use a custom changelog generator, and this repo's changelog entries come |
| 10 | +# from Communique. |
| 11 | +on: |
| 12 | + workflow_dispatch: |
| 13 | + push: |
| 14 | + branches: |
| 15 | + - main |
| 16 | + |
| 17 | +concurrency: |
| 18 | + group: release-please-${{ github.ref }} |
| 19 | + cancel-in-progress: false |
| 20 | + |
| 21 | +permissions: |
| 22 | + actions: write |
| 23 | + contents: write |
| 24 | + issues: write |
| 25 | + pull-requests: write |
| 26 | + |
| 27 | +jobs: |
| 28 | + release-please: |
| 29 | + runs-on: ubuntu-latest |
| 30 | + timeout-minutes: 20 |
| 31 | + steps: |
| 32 | + - name: Check out main |
| 33 | + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
| 34 | + with: |
| 35 | + ref: main |
| 36 | + fetch-depth: 0 |
| 37 | + persist-credentials: false |
| 38 | + |
| 39 | + - name: Set up mise |
| 40 | + uses: jdx/mise-action@5228313ee0372e111a38da051671ca30fc5a96db # v3.6.3 |
| 41 | + with: |
| 42 | + install_args: --locked |
| 43 | + |
| 44 | + - name: Install CI dependencies |
| 45 | + run: mise run bootstrap-ci |
| 46 | + |
| 47 | + - name: Run release-please with Communique notes |
| 48 | + id: release_please |
| 49 | + env: |
| 50 | + GITHUB_TOKEN: ${{ github.token }} |
| 51 | + ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} |
| 52 | + OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} |
| 53 | + COMMUNIQUE_MODEL: ${{ vars.COMMUNIQUE_MODEL }} |
| 54 | + run: npx tsx src/tools/release-please-runner.ts |
| 55 | + |
| 56 | + # Tags created with the workflow token never trigger `push: tags` |
| 57 | + # workflows, so start the Release pipeline (quality gates, verified |
| 58 | + # tarball, GitHub Release assets, npm publish) explicitly. The |
| 59 | + # `!cancelled()` guard matters: the runner writes the release outputs |
| 60 | + # before it rebuilds the release PR notes, so a notes failure (e.g. an |
| 61 | + # LLM outage) still dispatches the pipeline for the tag it just created |
| 62 | + # — a rerun could not recover that, because the merged release PR is |
| 63 | + # already labeled `autorelease: tagged`. |
| 64 | + - name: Dispatch the Release pipeline for created releases |
| 65 | + if: ${{ !cancelled() && steps.release_please.outputs.releases_created == 'true' }} |
| 66 | + env: |
| 67 | + GH_TOKEN: ${{ github.token }} |
| 68 | + RELEASE_TAGS: ${{ steps.release_please.outputs.release_tags }} |
| 69 | + run: | |
| 70 | + set -euo pipefail |
| 71 | + read -ra tags <<< "$RELEASE_TAGS" |
| 72 | + for tag in "${tags[@]}"; do |
| 73 | + gh workflow run release.yml --field "tag=$tag" |
| 74 | + done |
| 75 | +
|
| 76 | + # Branch pushes made with the workflow token never trigger |
| 77 | + # `pull_request` workflows, so dispatch the checks explicitly — the |
| 78 | + # dispatched runs report against the branch head SHA and satisfy the |
| 79 | + # release PR's required status checks. |
| 80 | + - name: Dispatch checks onto the release PR branch |
| 81 | + if: ${{ !cancelled() && steps.release_please.outputs.prs_created == 'true' }} |
| 82 | + env: |
| 83 | + GH_TOKEN: ${{ github.token }} |
| 84 | + PR_BRANCHES: ${{ steps.release_please.outputs.pr_branches }} |
| 85 | + run: | |
| 86 | + set -euo pipefail |
| 87 | + read -ra branches <<< "$PR_BRANCHES" |
| 88 | + for branch in "${branches[@]}"; do |
| 89 | + gh workflow run ci.yml --ref "$branch" |
| 90 | + gh workflow run validate-skills.yml --ref "$branch" |
| 91 | + done |
0 commit comments