openclaw-feishu-progress/.github/workflows/release.yml at main · opencroc/openclaw-feishu-progress · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: Release

on:
  push:
    tags:
      - 'v*'
  workflow_dispatch:

concurrency:
  group: release-${{ github.ref }}
  cancel-in-progress: false

jobs:
  publish-npm:
    name: Publish to npm
    runs-on: ubuntu-latest
    permissions:
      contents: write
      id-token: write

    defaults:
      run:
        working-directory: .

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Verify tag is on main branch
        if: startsWith(github.ref, 'refs/tags/v')
        run: |
          TAG_SHA=$(git rev-list -n 1 "$GITHUB_REF")
          if ! git merge-base --is-ancestor "$TAG_SHA" origin/main; then
            echo "ERROR: Tag $GITHUB_REF_NAME does not point to a commit on the main branch."
            echo "Tag SHA: $TAG_SHA"
            echo "Only tags on main are allowed to trigger releases."
            exit 1
          fi
          echo "Tag $GITHUB_REF_NAME verified on main branch (SHA: $TAG_SHA)"

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20.x
          registry-url: https://registry.npmjs.org

      - name: Cache npm
        uses: actions/cache@v4
        with:
          path: ~/.npm
          key: npm-release-${{ runner.os }}-${{ hashFiles('package.json') }}
          restore-keys: |
            npm-release-${{ runner.os }}-

      - name: Install dependencies
        run: npm ci

      - name: Verify build
        run: npm run build

      - name: Verify typecheck
        run: npm run typecheck

      - name: Verify tests
        run: npm run test -- --passWithNoTests

      - name: Verify tag matches package version
        if: startsWith(github.ref, 'refs/tags/v')
        run: |
          TAG_VERSION="${GITHUB_REF_NAME#v}"
          PKG_VERSION=$(node -p "require('./package.json').version")
          echo "Tag version: ${TAG_VERSION}"
          echo "Package version: ${PKG_VERSION}"
          if [ "${TAG_VERSION}" != "${PKG_VERSION}" ]; then
            echo "Version mismatch: tag v${TAG_VERSION} != package.json ${PKG_VERSION}"
            exit 1
          fi

      - name: Verify npm authentication
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
        run: npm whoami --registry=https://registry.npmjs.org

      - name: Verify npm registry access
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
        run: npm ping --registry=https://registry.npmjs.org

      - name: Publish package
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
        run: |
          VERSION=$(node -p "require('./package.json').version")
          if echo "$VERSION" | grep -q "alpha"; then
            npm publish --access public --tag alpha
          elif echo "$VERSION" | grep -q "beta"; then
            npm publish --access public --tag beta
          elif echo "$VERSION" | grep -q "rc"; then
            npm publish --access public --tag rc
          else
            npm publish --access public
          fi

      - name: Create GitHub Release
        if: startsWith(github.ref, 'refs/tags/v')
        uses: softprops/action-gh-release@v2
        with:
          generate_release_notes: true
          tag_name: ${{ github.ref_name }}