@@ -5,25 +5,33 @@ name: Publish Packages
55on :
66 push :
77 paths :
8- - package.json
8+ - ' packages/*/ package.json'
99 # For security reasons, this should never be set to anything but `main`
1010 branches : [main]
1111 workflow_dispatch :
12+ inputs :
13+ package :
14+ description : ' Specific package to publish (leave empty for all packages)'
15+ required : false
16+ type : string
1217
1318permissions :
1419 contents : read
15- # For npm OIDC (https://docs.npmjs.com/trusted-publishers)
16- id-token : write
20+
21+ concurrency :
22+ group : ${{ github.workflow }}-${{ github.ref }}
23+ cancel-in-progress : false
1724
1825env :
1926 COMMIT_SHA : ${{ github.sha }}
2027
2128jobs :
22- prepare :
29+ prepare-packages :
30+ name : Prepare Packages
2331 runs-on : ubuntu-latest
2432 outputs :
2533 # Output the matrix of packages to publish for use in the publish job
26- should_publish : ${{ steps.check .outputs.should_publish }}
34+ matrix : ${{ steps.generate-matrix .outputs.matrix }}
2735 steps :
2836 - name : Harden Runner
2937 uses : step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
3341 - name : Verify commit authenticity
3442 env :
3543 GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
36- if : ${{ github.event_name != 'workflow_dispatch' }}
3744 run : |
3845 # Get commit data from GitHub API to verify its authenticity
3946 COMMIT_DATA=$(gh api repos/${{ github.repository }}/commits/$COMMIT_SHA)
@@ -59,39 +66,78 @@ jobs:
5966 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
6067 with :
6168 fetch-depth : 2 # Need at least 2 commits to detect changes between commits
69+ persist-credentials : false
6270
63- - name : Check if we should publish
64- id : check
71+ - name : Generate package matrix
72+ id : generate-matrix
6573 env :
74+ PACKAGE : ${{ github.event.inputs.package }}
6675 EVENT_NAME : ${{ github.event_name }}
6776 run : |
68- OLD_VERSION=$(git show $COMMIT_SHA~1:package.json | jq -r '.version')
69- NEW_VERSION=$(jq -r '.version' "package.json")
70- if [ "$OLD_VERSION" != "$NEW_VERSION" ] || [ "$EVENT_NAME" == "workflow_dispatch" ]; then
71- echo "should_publish=true" >> $GITHUB_OUTPUT
77+ if [ -n "$PACKAGE" ]; then
78+ # If a specific package is requested via workflow_dispatch, just publish that one
79+ echo "matrix={\"package\":[\"$PACKAGE\"]}" >> $GITHUB_OUTPUT
80+ else
81+ CHANGED_PACKAGES=()
82+ for pkg in $(ls -d packages/*); do
83+ PKG_NAME=$(basename "$pkg")
84+ PKG_JSON="$pkg/package.json"
85+
86+ # Determine if the package has changed (or include all on manual trigger)
87+ if [ "$EVENT_NAME" == "workflow_dispatch" ] || ! git diff --quiet $COMMIT_SHA~1 $COMMIT_SHA -- "$pkg/"; then
88+ OLD_VERSION=$(git show $COMMIT_SHA~1:$PKG_JSON | jq -r '.version')
89+ NEW_VERSION=$(jq -r '.version' "$PKG_JSON")
90+ if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then
91+ CHANGED_PACKAGES+=("$PKG_NAME")
92+ fi
93+ fi
94+ done
95+
96+ # Format the output for GitHub Actions matrix using jq
97+ PACKAGES_JSON=$(jq -n '$ARGS.positional' --args "${CHANGED_PACKAGES[@]}" -c)
98+ echo "matrix={\"package\":$PACKAGES_JSON}" >> $GITHUB_OUTPUT
7299 fi
73100
74101publish :
75- needs : prepare
102+ name : Publish
103+ needs : prepare-packages
76104 runs-on : ubuntu-latest
77- if : needs.prepare.outputs.should_publish == 'true'
105+ permissions :
106+ # Required for npm OIDC publishing (https://docs.npmjs.com/trusted-publishers)
107+ id-token : write
108+ # Skip if no packages need to be published
109+ if : fromJson(needs.prepare-packages.outputs.matrix).package[0] != null
110+ # Use the dynamic matrix from prepare-packages job to create parallel jobs for each package
111+ strategy :
112+ matrix : ${{ fromJson(needs.prepare-packages.outputs.matrix) }}
113+ fail-fast : false # Continue publishing other packages even if one fails
78114 steps :
79115 - uses : nodejs/web-team/actions/setup-environment@9f3c83af227d721768d9dbb63009a47ed4f4282f
80116 with :
117+ pnpm : false
81118 use-version-file : true
82119 registry-url : ' https://registry.npmjs.org'
83120
84121 - name : Publish
85- run : npm publish --access public --no-git-checks
122+ working-directory : packages/${{ matrix.package }}
123+ run : |
124+ # Check if a custom publish script exists in package.json
125+ if jq -e '.scripts.release' package.json > /dev/null; then
126+ npm run release
127+ fi
128+
129+ # Then publish the package to npm
130+ npm publish --access public --no-git-checks
86131
87- - name : Notify
132+ name : Notify on Manual Release
133+ if : ${{ github.event_name == 'workflow_dispatch' }}
88134 uses : rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # 2.3.3
89135 env :
90136 SLACK_COLOR : ' #43853D'
91137 SLACK_ICON : https://github.com/nodejs.png?size=48
92- SLACK_TITLE : ' :rocket: Package Published: @node-core/doc-kit '
138+ SLACK_TITLE : ' :rocket: Package Published: ${{ matrix.package }} '
93139 SLACK_MESSAGE : |
94- :package: *Package*: `@node-core/doc-kit ` (<https://www.npmjs.com/package/@node-core/doc-kit |View on npm>)
140+ :package: *Package*: `${{ matrix.package }} ` (<https://www.npmjs.com/package/@node-core/${{ matrix.package }} |View on npm>)
95141 :bust_in_silhouette: *Published by*: ${{ github.triggering_actor }}
96142 :octocat: *Commit*: <https://github.com/${{ github.repository }}/commit/${{ env.COMMIT_SHA }}|${{ env.COMMIT_SHA }}>
97143SLACK_USERNAME : nodejs-bot
0 commit comments