chore: remove release notes override (#138) #39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: [main] | |
| workflow_dispatch: {} | |
| concurrency: | |
| group: release-${{ github.ref }} | |
| cancel-in-progress: false | |
| permissions: | |
| contents: read | |
| jobs: | |
| release-please: | |
| name: Release Please | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| outputs: | |
| release_created: ${{ steps.release.outputs.release_created }} | |
| tag_name: ${{ steps.release.outputs.tag_name }} | |
| steps: | |
| - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 | |
| id: app-token | |
| with: | |
| client-id: ${{ vars.APP_CLIENT_ID }} | |
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
| - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0 | |
| id: release | |
| with: | |
| token: ${{ steps.app-token.outputs.token }} | |
| config-file: release-please-config.json | |
| manifest-file: .release-please-manifest.json | |
| release: | |
| name: Package and Upload | |
| needs: [release-please] | |
| if: needs.release-please.outputs.release_created == 'true' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| permissions: | |
| contents: write | |
| id-token: write | |
| attestations: write | |
| env: | |
| VSCE_PAT: ${{ secrets.VSCE_PAT }} | |
| OVSX_PAT: ${{ secrets.OVSX_PAT }} | |
| steps: | |
| - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ needs.release-please.outputs.tag_name }} | |
| - uses: ./.github/actions/setup-node | |
| - run: npm run check | |
| - run: npx @vscode/vsce package --out patchloom.vsix | |
| - name: Attest build provenance | |
| uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 | |
| with: | |
| subject-path: patchloom.vsix | |
| - name: Upload .vsix to GitHub Release | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: gh release upload "${{ needs.release-please.outputs.tag_name }}" patchloom.vsix | |
| - name: Apply custom release notes | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| if [ -f RELEASE_NOTES.md ]; then | |
| echo "Custom release notes found, updating release body..." | |
| gh release edit "${{ needs.release-please.outputs.tag_name }}" --notes-file RELEASE_NOTES.md | |
| else | |
| echo "No custom release notes, using auto-generated notes" | |
| fi | |
| # See ~/.grok/skills/vsce-publish/SKILL.md (or /vsce-publish) for the full | |
| # one-time browser setup (aex.dev.azure.com, PAT scopes, Open VSX agreement | |
| # + create-namespace + ownership claim), secret names, and troubleshooting. | |
| - name: Publish to VS Code Marketplace | |
| if: env.VSCE_PAT != '' | |
| run: npx @vscode/vsce publish --packagePath patchloom.vsix | |
| - name: Publish to Open VSX | |
| if: env.OVSX_PAT != '' | |
| run: npx ovsx publish patchloom.vsix | |
| - name: Extract version from tag | |
| id: version | |
| run: echo "version=${TAG_NAME#patchloom-}" >> "$GITHUB_OUTPUT" | |
| env: | |
| TAG_NAME: ${{ needs.release-please.outputs.tag_name }} | |
| - name: Update version badge | |
| continue-on-error: true | |
| uses: schneegans/dynamic-badges-action@0e50b8bad39e7e1afd3e4e9c2b7dd145fad07501 # v1.8.0 | |
| with: | |
| auth: ${{ secrets.GIST_TOKEN }} | |
| gistID: d01e4551b744b77e2927555e43a4b935 | |
| filename: version.json | |
| label: VS Code Marketplace | |
| message: ${{ steps.version.outputs.version }} | |
| color: blue | |
| namedLogo: visualstudiocode | |
| logoColor: white | |
| # Clean up RELEASE_NOTES.md after release (uses App token so the PR triggers CI/auto-approve) | |
| - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 | |
| if: hashFiles('RELEASE_NOTES.md') != '' | |
| id: cleanup-token | |
| with: | |
| client-id: ${{ vars.APP_CLIENT_ID }} | |
| private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
| - name: Clean up release notes file | |
| if: steps.cleanup-token.outcome == 'success' | |
| env: | |
| GH_TOKEN: ${{ steps.cleanup-token.outputs.token }} | |
| run: | | |
| if git ls-tree HEAD --name-only | grep -q '^RELEASE_NOTES.md$'; then | |
| TAG="${{ needs.release-please.outputs.tag_name }}" | |
| BRANCH="chore/cleanup-release-notes-${TAG}" | |
| gh api "repos/${{ github.repository }}/git/refs" \ | |
| -f ref="refs/heads/$BRANCH" \ | |
| -f sha="$(git rev-parse HEAD)" | |
| FILE_SHA=$(gh api \ | |
| "repos/${{ github.repository }}/contents/RELEASE_NOTES.md?ref=$BRANCH" \ | |
| --jq '.sha') | |
| gh api --method DELETE \ | |
| "repos/${{ github.repository }}/contents/RELEASE_NOTES.md" \ | |
| -f message="chore: remove release notes override" \ | |
| -f sha="$FILE_SHA" \ | |
| -f branch="$BRANCH" | |
| PR_URL=$(gh pr create --base main --head "$BRANCH" \ | |
| --title "chore: remove release notes override" \ | |
| --body "Auto-cleanup after ${TAG} release.") | |
| gh pr merge "$PR_URL" --auto --squash | |
| fi |