eps1lon
diff --git a/‎.github/runtime_release_from_source.yml‎
Lines changed: 283 additions & 0 deletions b/‎.github/runtime_release_from_source.yml‎
Lines changed: 283 additions & 0 deletions
diff --git a/‎.github/workflows/runtime_prereleases.yml‎
Lines changed: 0 additions & 110 deletions b/‎.github/workflows/runtime_prereleases.yml‎
Lines changed: 0 additions & 110 deletions
@@ -0,0 +1,283 @@
+name: (Runtime) Release From Source
+
+on:
+  workflow_dispatch:
+    inputs:
+      commit_sha:
+        required: true
+      type:
+        required: true
+        description: Type of release to publish
+        type: choice
+        options:
+          - nightly
+          - stable-latest
+          - stable-untagged
+          - experimental_only
+      only_packages:
+        description: Packages to publish (space separated)
+        type: string
+      skip_packages:
+        description: Packages to NOT publish (space separated)
+        type: string
+      dry:
+        required: true
+        description: Dry run instead of publish?
+        type: boolean
+        default: true
+      force_notify:
+        description: Force a Discord notification?
+        type: boolean
+        default: false
+  schedule:
+    # At 10 minutes past 16:00 on Mon, Tue, Wed, Thu, and Fri.
+    # Scheduled runs always publish a nightly (see `Resolve release inputs`).
+    - cron: 10 16 * * 1,2,3,4,5
+
+permissions: {}
+
+env:
+  TZ: /usr/share/zoneinfo/America/Los_Angeles
+  # https://github.com/actions/cache/blob/main/tips-and-workarounds.md#cache-segment-restore-timeout
+  SEGMENT_DOWNLOAD_TIMEOUT_MINS: 1
+
+jobs:
+  prepare:
+    name: Prepare release
+    runs-on: ubuntu-latest
+    outputs:
+      release_type: ${{ steps.resolve.outputs.release_type }}
+      commit_sha: ${{ steps.resolve.outputs.commit_sha }}
+    steps:
+      # Manual dispatches always notify before the release starts so the team
+      # has a heads-up that a release is incoming. Scheduled (nightly) runs
+      # don't notify up front; we only notify on failure (see `notify` job).
+      - name: Notify Discord (release starting)
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        uses: tsickert/discord-webhook@86dc739f3f165f16dadc5666051c367efa1692f4
+        with:
+          webhook-url: ${{ secrets.DISCORD_WEBHOOK_URL }}
+          embed-author-name: ${{ github.event.sender.login }}
+          embed-author-url: ${{ github.event.sender.html_url }}
+          embed-author-icon-url: ${{ github.event.sender.avatar_url }}
+          embed-title: "⚠️ Publishing ${{ inputs.type }} release from source${{ (inputs.dry && ' (dry run)') || '' }}"
+          embed-description: |
+            ```json
+            ${{ toJson(inputs) }}
+            ```
+          embed-url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+
+      - name: Resolve release inputs
+        id: resolve
+        run: |
+          # Scheduled runs always publish a nightly. Manual dispatches always
+          # supply `inputs.type`. Anything else is unsupported and fails fast.
+          if [ "${{ github.event_name }}" = "schedule" ]; then
+            release_type=nightly
+            commit_sha="${{ github.sha }}"
+          elif [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            release_type="${{ inputs.type }}"
+            commit_sha="${{ inputs.commit_sha }}"
+          else
+            echo "Unsupported event: ${{ github.event_name }}" >&2
+            exit 1
+          fi
+          echo "release_type=$release_type" >> "$GITHUB_OUTPUT"
+          echo "commit_sha=$commit_sha" >> "$GITHUB_OUTPUT"
+
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ steps.resolve.outputs.commit_sha }}
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+          cache: yarn
+          cache-dependency-path: yarn.lock
+      - name: Restore cached node_modules
+        uses: actions/cache/restore@v4
+        id: node_modules
+        with:
+          path: |
+            **/node_modules
+          key: runtime-release-node_modules-v6-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('yarn.lock', 'scripts/release/yarn.lock') }}
+          fail-on-cache-miss: true
+      - name: Ensure clean build directory
+        run: rm -rf build
+
+      # Build only the channels we'll actually publish. `yarn build -r stable`
+      # produces build/oss-stable (canary-tagged) and build/oss-stable-semver
+      # (semver/@latest-tagged). `yarn build -r experimental` produces
+      # build/oss-experimental.
+      #
+      # - stable-latest    → semver stable published with @latest.        Build stable channel.
+      # - stable-untagged  → semver stable published without a dist-tag.  Build stable channel.
+      # - experimental_only → only experimental is published.              Build experimental.
+      # - nightly          → publishes canary + experimental.              Build both channels.
+      - name: Build stable channel
+        if: ${{ steps.resolve.outputs.release_type == 'stable-latest' || steps.resolve.outputs.release_type == 'stable-untagged' || steps.resolve.outputs.release_type == 'nightly' }}
+        run: yarn build -r stable
+      - name: Build experimental channel
+        if: ${{ steps.resolve.outputs.release_type == 'experimental_only' || steps.resolve.outputs.release_type == 'nightly' }}
+        run: yarn build -r experimental
+
+      - name: Inspect prepared build folders
+        run: ls -1 ./build
+
+      # Upload only the channel folders the publish job needs. Each is uploaded
+      # under its own artifact so the publish job can pick the right one without
+      # an extra rename step.
+      - name: Archive semver stable artifacts
+        if: ${{ steps.resolve.outputs.release_type == 'stable-latest' || steps.resolve.outputs.release_type == 'stable-untagged' }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: release-build-stable-semver
+          path: ./build/oss-stable-semver
+          retention-days: 7
+          if-no-files-found: error
+      - name: Archive canary artifacts
+        if: ${{ steps.resolve.outputs.release_type == 'nightly' }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: release-build-canary
+          path: ./build/oss-stable
+          retention-days: 7
+          if-no-files-found: error
+      - name: Archive experimental artifacts
+        if: ${{ steps.resolve.outputs.release_type == 'nightly' || steps.resolve.outputs.release_type == 'experimental_only' }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: release-build-experimental
+          path: ./build/oss-experimental
+          retention-days: 7
+          if-no-files-found: error
+
+  publish:
+    name: Publish release
+    needs: prepare
+    runs-on: ubuntu-latest
+    # Protected environment — requires reviewer approval before the publish
+    # job starts running, and gates access to NPM_TOKEN. Both stable variants
+    # (stable-latest, stable-untagged) go through the stricter `npm-stable`
+    # environment (different reviewers / protection rules); nightly and
+    # experimental_only share `npm-nightly`.
+    environment: ${{ startsWith(needs.prepare.outputs.release_type, 'stable-') && 'npm-stable' || 'npm-nightly' }}
+    env:
+      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.prepare.outputs.commit_sha }}
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+          cache: yarn
+          cache-dependency-path: yarn.lock
+      - name: Restore cached node_modules
+        uses: actions/cache/restore@v4
+        id: node_modules
+        with:
+          path: |
+            **/node_modules
+          key: runtime-release-node_modules-v6-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('yarn.lock', 'scripts/release/yarn.lock') }}
+          fail-on-cache-miss: true
+      - run: cp ./scripts/release/ci-npmrc ~/.npmrc
+      - name: Ensure clean build directory
+        run: rm -rf ./build && mkdir ./build
+
+      # publish.js always reads from build/node_modules. For each channel we
+      # download the matching artifact into build/node_modules, publish, then
+      # clean up before the next channel.
+
+      # ----- stable (semver) — either @latest or untagged -----
+      - name: Download semver stable artifacts
+        if: ${{ startsWith(needs.prepare.outputs.release_type, 'stable-') }}
+        uses: actions/download-artifact@v4
+        with:
+          name: release-build-stable-semver
+          path: ./build/node_modules
+      - name: Publish semver stable to @latest
+        if: ${{ needs.prepare.outputs.release_type == 'stable-latest' }}
+        run: |
+          ls -1 build/node_modules
+          scripts/release/publish.js \
+            --ci \
+            --tags=latest \
+            ${{ inputs.only_packages && format('--onlyPackages={0}', inputs.only_packages) || '' }} \
+            ${{ inputs.skip_packages && format('--skipPackages={0}', inputs.skip_packages) || '' }} \
+            ${{ inputs.dry && '--dry' || '' }}
+      # `--tags=untagged` makes publish.js attach the temporary `untagged` tag
+      # at publish time and then `npm dist-tag rm <pkg> untagged` to leave the
+      # version published but pointed-to by no dist-tag.
+      - name: Publish semver stable without a dist-tag
+        if: ${{ needs.prepare.outputs.release_type == 'stable-untagged' }}
+        run: |
+          ls -1 build/node_modules
+          scripts/release/publish.js \
+            --ci \
+            --tags=untagged \
+            ${{ inputs.only_packages && format('--onlyPackages={0}', inputs.only_packages) || '' }} \
+            ${{ inputs.skip_packages && format('--skipPackages={0}', inputs.skip_packages) || '' }} \
+            ${{ inputs.dry && '--dry' || '' }}
+
+      # ----- nightly: canary first, then experimental -----
+      # NOTE: Intentionally running sequentially because npm will sometimes
+      # fail if you try to concurrently publish two different versions of the
+      # same package, even if they use different dist tags.
+      - name: Download canary artifacts
+        if: ${{ needs.prepare.outputs.release_type == 'nightly' }}
+        uses: actions/download-artifact@v4
+        with:
+          name: release-build-canary
+          path: ./build/node_modules
+      - name: Publish canary to @canary,@next
+        if: ${{ needs.prepare.outputs.release_type == 'nightly' }}
+        run: |
+          ls -1 build/node_modules
+          scripts/release/publish.js \
+            --ci \
+            --tags=canary,next \
+            ${{ inputs.only_packages && format('--onlyPackages={0}', inputs.only_packages) || '' }} \
+            ${{ inputs.skip_packages && format('--skipPackages={0}', inputs.skip_packages) || '' }} \
+            ${{ inputs.dry && '--dry' || '' }}
+      - name: Swap canary out of build/node_modules
+        if: ${{ needs.prepare.outputs.release_type == 'nightly' }}
+        run: rm -rf ./build/node_modules
+
+      # ----- experimental (nightly + experimental_only) -----
+      - name: Download experimental artifacts
+        if: ${{ needs.prepare.outputs.release_type == 'nightly' || needs.prepare.outputs.release_type == 'experimental_only' }}
+        uses: actions/download-artifact@v4
+        with:
+          name: release-build-experimental
+          path: ./build/node_modules
+      - name: Publish experimental to @experimental
+        if: ${{ needs.prepare.outputs.release_type == 'nightly' || needs.prepare.outputs.release_type == 'experimental_only' }}
+        run: |
+          ls -1 build/node_modules
+          scripts/release/publish.js \
+            --ci \
+            --tags=experimental \
+            ${{ inputs.only_packages && format('--onlyPackages={0}', inputs.only_packages) || '' }} \
+            ${{ inputs.skip_packages && format('--skipPackages={0}', inputs.skip_packages) || '' }} \
+            ${{ inputs.dry && '--dry' || '' }}
+
+  notify:
+    name: Notify Discord on failure
+    needs: [prepare, publish]
+    # Runs for every workflow run (manual + scheduled) and only fires when
+    # something didn't complete successfully — i.e. an actual failure or a
+    # cancellation. Successful runs stay silent.
+    if: ${{ always() && (needs.prepare.result == 'failure' || needs.prepare.result == 'cancelled' || needs.publish.result == 'failure' || needs.publish.result == 'cancelled') }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Discord Webhook Action
+        uses: tsickert/discord-webhook@86dc739f3f165f16dadc5666051c367efa1692f4
+        with:
+          webhook-url: ${{ secrets.DISCORD_WEBHOOK_URL }}
+          embed-author-name: 'GitHub Actions'
+          embed-title: "❌ [Runtime] Release from source failed (${{ needs.prepare.outputs.release_type || inputs.type || 'nightly' }})"
+          embed-description: |
+            prepare: `${{ needs.prepare.result }}`
+            publish: `${{ needs.publish.result }}`
+            event: `${{ github.event_name }}`
+          embed-url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }}