build(codegen): updating SDK (#1234) #971
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: | |
| - master | |
| permissions: | |
| actions: write | |
| contents: write | |
| id-token: write # Required for npm trusted publishing (OIDC) | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Get GitHub token via the CT Changesets App | |
| - name: Generate GitHub token (via CT Changesets App) | |
| id: generate_github_token | |
| uses: tibdex/github-app-token@v2.1.0 | |
| with: | |
| app_id: ${{ secrets.CT_CHANGESETS_APP_ID }} | |
| private_key: ${{ secrets.CT_CHANGESETS_APP_PEM }} | |
| - name: Get App user | |
| id: get_app_user | |
| env: | |
| GITHUB_TOKEN: ${{ steps.generate_github_token.outputs.token }} | |
| run: | | |
| export GH_APP_USER=`gh api /users/ct-changesets%5Bbot%5D | jq .id` | |
| echo "email=${GH_APP_USER}+ct-changesets[bot]@users.noreply.github.com" >> "$GITHUB_OUTPUT" | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| # Pass a personal access token (using our CT Changesets App) to be able to trigger other workflows | |
| # https://help.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token | |
| # https://github.community/t/action-does-not-trigger-another-on-push-tag-action/17148/8 | |
| token: ${{ steps.generate_github_token.outputs.token }} | |
| - name: Setup | |
| uses: ./.github/actions/ci | |
| # Ensure npm 11.5.1 or later is installed for OIDC support | |
| - name: Update npm | |
| run: npm install -g npm@latest | |
| - name: Verify npm version | |
| run: npm --version | |
| # Configure npm for OIDC authentication with trusted publishing | |
| # This must be done after CI setup to ensure npm is properly configured | |
| # setup-node@v4 with registry-url automatically configures OIDC when id-token: write is set | |
| - name: Setup Node.js for npm publishing | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "24" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Building packages | |
| run: yarn build | |
| - name: Verify npm OIDC configuration | |
| run: | | |
| # Verify registry is set correctly | |
| echo "Registry: $(npm config get registry)" | |
| # Ensure no token-based auth is configured (OIDC should be used automatically) | |
| npm config delete //registry.npmjs.org/:_authToken || true | |
| # Verify npm can access the registry (this will use OIDC if configured) | |
| echo "npm OIDC authentication configured via setup-node action" | |
| - name: Create Release Pull Request or Publish to npm | |
| id: changesets | |
| uses: changesets/action@v1 | |
| with: | |
| publish: yarn changeset publish | |
| version: yarn changeset:version-and-format | |
| commit: "ci(changesets): version packages" | |
| env: | |
| GITHUB_TOKEN: ${{ steps.generate_github_token.outputs.token }} | |
| # Ensure npm uses OIDC authentication | |
| NPM_CONFIG_REGISTRY: "https://registry.npmjs.org" | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - name: Dispatch repository event | |
| if: steps.changesets.outputs.published == 'true' | |
| run: | | |
| curl -L \ | |
| -X POST \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| -H "Authorization: Bearer ${{ steps.generate_github_token.outputs.token }}" \ | |
| https://api.github.com/repos/${{ github.repository }}/actions/workflows/docs.yml/dispatches \ | |
| -d '{ "ref": "master", "inputs": { "event": "new_release_published" }}' | |
| - name: Convert markdown to slack markdown | |
| uses: LoveToKnow/slackify-markdown-action@v1.1.1 | |
| id: markdown | |
| with: | |
| text: | | |
| A new version of [ts-sdk](https://github.com/commercetools/commercetools-sdk-typescript) was published to npm :rocket: | |
| - name: Slack Notification | |
| if: steps.changesets.outputs.published == 'true' | |
| uses: rtCamp/action-slack-notify@v2 | |
| env: | |
| SLACK_CHANNEL: devtooling-automation | |
| SLACK_COLOR: ${{ job.status }} | |
| MSG_MINIMAL: actions url,commit | |
| SLACK_TITLE: Typescript SDK Release ✨ | |
| SLACK_MESSAGE: ${{steps.markdown.outputs.text}} | |
| SLACK_USERNAME: rtBot | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| - name: "Switch SDK to after release branch" | |
| if: steps.changesets.outputs.published == 'true' | |
| run: | | |
| git fetch --depth=1 origin after-release || true | |
| git checkout -B after-release origin/after-release || true | |
| git checkout -B after-release | |
| git log -1 | |
| - name: "remove API reference commit SHA" | |
| if: steps.changesets.outputs.published == 'true' | |
| run: rm -rf reference.txt | |
| continue-on-error: true | |
| - uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1 | |
| if: steps.changesets.outputs.published == 'true' | |
| with: | |
| branch: after-release | |
| file_pattern: "reference.txt" | |
| commit_message: "chore: updating API ref SHA" | |
| commit_author: ct-changesets[bot] <${{ steps.get_app_user.outputs.email }}> | |
| commit_user_name: ct-changesets[bot] | |
| commit_user_email: ${{ steps.get_app_user.outputs.email }} |