ts-project-setup/.github/workflows/release-please.yml at main · fuf-stack/ts-project-setup · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
name: release-please

on:
  push:
    branches:
      - main

# Ensure only one release workflow runs at a time
# Queue new runs and wait for in-progress release-please workflow to complete
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: false

jobs:
  release-please:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
      id-token: write # Required for OIDC trusted publishing with npm
    outputs:
      releases_created: ${{ steps.release.outputs.releases_created }}
    steps:
      - uses: googleapis/release-please-action@v5
        id: release
        with:
          token: ${{ secrets.RELEASE_PLEASE_GITHUB_TOKEN }}

      - uses: actions/checkout@v6
        with:
          fetch-depth: 0
        if: steps.release.outputs.releases_created  == 'true'

      - name: Setup project
        uses: ./.github/actions/setup-project
        if: steps.release.outputs.releases_created  == 'true'

      - name: Publish to npm
        run: |
          # Use npm publish via Lerna for trusted publishing support
          # pnpm doesn't support npm's trusted publishing (OIDC) yet, so we use npm directly
          # Lerna detects changed packages and publishes them using npm.
          # During publish, Lerna rewrites workspace dependency specifiers in
          # package manifests (workspace:* -> release versions). That can make
          # the lockfile temporarily out of sync while prepack scripts run, so
          # frozen-lockfile must be disabled for this step.
          # We run the installed workspace binary directly to avoid runtime installs.
          ./node_modules/.bin/lerna publish from-package --yes --no-verify-access
        if: steps.release.outputs.releases_created  == 'true'
        env:
          # pnpm reads either form depending on invocation context.
          PNPM_CONFIG_FROZEN_LOCKFILE: 'false'
          NPM_CONFIG_FROZEN_LOCKFILE: 'false'
          # Build already ran in setup-project. Disable publish-time lifecycle
          # scripts (`prepack`) to avoid package-local installs resolving newly
          # bumped internal versions before they are published.
          NPM_CONFIG_IGNORE_SCRIPTS: 'true'
        # Note: If you have private npm dependencies, you may need NODE_AUTH_TOKEN
        # for installing dependencies only (not for publishing)
        # env:
        #   NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

  # update other conflicting prs after package merge
  # see: https://github.com/googleapis/release-please/issues/1870#issuecomment-1748390833
  check-conflicting-prs:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
      repository-projects: read # needed for 'gh pr edit' https://github.com/cli/cli/issues/6274
    needs: release-please
    if: needs.release-please.outputs.releases_created == 'true'
    outputs:
      need_rebase: ${{ steps.check-pending-prs.outputs.need_rebase }}
    steps:
      - name: Get pending PRs
        id: check-pending-prs
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          REPO: ${{ github.repository }}
        run: |
          set -euo pipefail
          pending_prs=$(gh pr list --repo "$REPO" --label "autorelease: pending" --state open --json number --jq '.[].number')
          need_rebase=""

          if [[ -n "$pending_prs" ]]; then
            for pr_num in $pending_prs; do
              echo "Checking pr: $pr_num"
              mergeable=$(gh pr view --repo "$REPO" "$pr_num" --json mergeable --jq '.mergeable')
              echo "mergeable status: $mergeable"
              if [[ "$mergeable" != "MERGEABLE" ]]; then
                echo "pr: $pr_num is not MERGEABLE."
                echo "removing 'autorelease: pending' label from pr: $pr_num"
                gh pr edit --repo "$REPO" "$pr_num" --remove-label "autorelease: pending"
                need_rebase=true
              fi
            done
          else
              echo "No pending PRs found."
              exit 0
          fi

          if [[ -n "$need_rebase" ]]; then
            echo "not MERGEABLE status PRs found."
            echo "need_rebase=$need_rebase"
            echo "need_rebase=$need_rebase" >> "$GITHUB_OUTPUT"
          else
            echo "All pending PRs are MERGEABLE."
          fi

  release-please-rebase:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pull-requests: write
    needs: check-conflicting-prs
    if: needs.check-conflicting-prs.outputs.need_rebase == 'true'
    steps:
      - uses: googleapis/release-please-action@v5
        with:
          token: ${{ secrets.RELEASE_PLEASE_GITHUB_TOKEN }}