ci: update pipelines

christian-bromann · christian-bromann · commit 987d118b0b3b · 2025-05-05T14:52:10.000-07:00
diff --git a/.github/workflows/actions/publish-npm/action.yml b/.github/workflows/actions/publish-npm/action.yml
@@ -12,6 +12,14 @@ inputs:
     description: 'A folder containing a package.json file.'
   token:
     description: 'The NPM authentication token required to publish.'
+
+  createRelease:
+    description: 'Create a release on GitHub.'
+    default: 'false'
+
+  ghToken:
+    description: 'The GitHub authentication token required to create a release.'
+
 runs:
   using: 'composite'
   steps:
@@ -26,7 +34,7 @@ runs:
       shell: bash
       working-directory: ${{ inputs.working-directory }}
     - name: Update Version
-      run: npm version ${{ inputs.version }} --git-tag-version false
+      run: npm version ${{ inputs.version }}
       shell: bash
       working-directory: ${{ inputs.working-directory }}
     - name: Run Build
@@ -43,3 +51,15 @@ runs:
       run: npm publish ${{ inputs.folder }} --tag ${{ inputs.tag }} --provenance
       shell: bash
       working-directory: ${{ inputs.working-directory }}
+
+    - name: Create Release
+      if: ${{ inputs.createRelease == 'true' }}
+      run: |
+        git config user.name ionitron
+        git config user.email hi@ionicframework.com
+        git push origin main --tags
+        gh auth login --with-token ${{ inputs.ghToken }}
+        gh release create ${{ inputs.tag }} --title "v${{ inputs.tag }}" --generate-notes
+      shell: bash
+      env:
+        GH_TOKEN: ${{ inputs.ghToken }}
diff --git a/.github/workflows/dev-build.yml b/.github/workflows/dev-build.yml
@@ -20,13 +20,21 @@ jobs:
         shell: bash
 
   release-ionicons:
+    runs-on: ubuntu-latest
     needs: [create-dev-hash]
-    uses: ./.github/workflows/release-ionicons.yml
-    with:
-      tag: dev
-      version: ${{ needs.create-dev-hash.outputs.dev-hash }}
-    secrets:
-      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+    permissions:
+      id-token: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Publish to NPM
+        uses: ./.github/workflows/actions/publish-npm
+        with:
+          tag: dev
+          version: ${{ needs.create-dev-hash.outputs.dev-hash }}
+          working-directory: './'
+          token: ${{ secrets.NPM_TOKEN }}
+          createRelease: 'false'
 
   get-build:
     name: Get your dev build!
diff --git a/.github/workflows/release-ionicons.yml b/.github/workflows/release-ionicons.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -20,78 +20,18 @@ on:
 
 jobs:
   release-ionicons:
-    uses: ./.github/workflows/release-ionicons.yml
-    with:
-      tag: ${{ inputs.tag }}
-      version: ${{ inputs.version }}
-    secrets:
-      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-
-  finalize-release:
-    needs: [release-ionicons]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.IONITRON_TOKEN }}
-          fetch-depth: 0
-      - name: Configure Identity
-        # Commits from github-actions do not
-        # trigger other GitHub Actions. As a result,
-        # we publish releases from Ionitron instead
-        # so actions run when merging the release branch
-        # back into main.
-        run: |
-          git config user.name ionitron
-          git config user.email hi@ionicframework.com
-        shell: bash
-      # This ensures the local version of Lerna is installed
-      # and that we do not use the global Lerna version. We currently
-      # rely on functionality that does not exist in newer versions of Lerna.
-      - name: Install root dependencies
-        run: npm ci
-        shell: bash
-      - name: Create GitHub Release
-        run: npx lerna@5 version ${{ inputs.version }} --yes --force-publish='*' --conventional-commits --create-release github
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        shell: bash
-
-  update-package-lock:
-    # This needs to run after finalize-release
-    # because we also push to the repo in that
-    # job. If these jobs ran in parallel then it is
-    # possible for them to push at the same time.
-    needs: [finalize-release]
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
-      - uses: actions/checkout@v4
-        # Pull the latest version of the reference
-        # branch instead of the revision that triggered
-        # the workflow otherwise we won't get the commit
-        # created in the previous job and this next job
-        # will fail.
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Publish to NPM
+        uses: ./.github/workflows/actions/publish-npm
         with:
-          ref: ${{ github.ref }}
-      - name: Configure Identity
-        # Commits from github-actions do not
-        # trigger other GitHub Actions. As a result,
-        # we push from Ionitron instead so actions
-        # run when merging the release branch
-        # back into main.
-        run: |
-          git config user.name ionitron
-          git config user.email hi@ionicframework.com
-        shell: bash
-      # Lerna does not automatically bump versions
-      # of Ionicons dependencies that have changed,
-      # so we do that here.
-      - name: Bump Package Lock
-        run: |
-          npx lerna@5 exec "npm install --package-lock-only --legacy-peer-deps"
-          git add .
-          git commit -m "chore(): update package lock files"
-          git push
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        shell: bash
+          tag: ${{ inputs.tag }}
+          version: ${{ inputs.version }}
+          working-directory: './'
+          token: ${{ secrets.NPM_TOKEN }}
+          createRelease: true
+          ghToken: ${{ secrets.GITHUB_TOKEN }}
