|
| 1 | +name: Release setup-sourcebot |
| 2 | + |
| 3 | +# Publishes the `setup-sourcebot` CLI (packages/setupWizard) to the public npm |
| 4 | +# registry, then bumps the version, commits it to main, tags it, and cuts a |
| 5 | +# GitHub release. |
| 6 | +# |
| 7 | +# Auth model: |
| 8 | +# - npm: OIDC Trusted Publishing (no long-lived token). Requires a trusted |
| 9 | +# publisher to be configured for `setup-sourcebot` on npmjs.org, |
| 10 | +# pointing at this repo + this workflow file. npm CLI >= 11.5.1 is |
| 11 | +# required, so we upgrade npm before publishing. |
| 12 | +# - git: the existing RELEASE_APP GitHub App token, so the version-bump |
| 13 | +# commit and tag can be pushed to protected `main`. |
| 14 | + |
| 15 | +permissions: |
| 16 | + contents: read |
| 17 | + |
| 18 | +on: |
| 19 | + workflow_dispatch: |
| 20 | + inputs: |
| 21 | + bump_type: |
| 22 | + description: "Type of version bump to apply" |
| 23 | + required: true |
| 24 | + type: choice |
| 25 | + options: |
| 26 | + - patch |
| 27 | + - minor |
| 28 | + - major |
| 29 | + |
| 30 | +concurrency: |
| 31 | + group: release-setup-sourcebot |
| 32 | + cancel-in-progress: false |
| 33 | + |
| 34 | +jobs: |
| 35 | + release: |
| 36 | + runs-on: ubuntu-latest |
| 37 | + permissions: |
| 38 | + contents: write # push the version-bump commit + tag, create the release |
| 39 | + id-token: write # OIDC token for npm Trusted Publishing |
| 40 | + defaults: |
| 41 | + run: |
| 42 | + working-directory: packages/setupWizard |
| 43 | + |
| 44 | + steps: |
| 45 | + - name: Generate GitHub App token |
| 46 | + id: generate_token |
| 47 | + uses: actions/create-github-app-token@v1 |
| 48 | + with: |
| 49 | + app-id: ${{ secrets.RELEASE_APP_ID }} |
| 50 | + private-key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }} |
| 51 | + |
| 52 | + - name: Checkout repository |
| 53 | + uses: actions/checkout@v4 |
| 54 | + with: |
| 55 | + ref: main |
| 56 | + fetch-depth: 0 |
| 57 | + submodules: "true" |
| 58 | + token: ${{ steps.generate_token.outputs.token }} |
| 59 | + |
| 60 | + - name: Setup Node.js |
| 61 | + uses: actions/setup-node@v4 |
| 62 | + with: |
| 63 | + node-version: '20.x' |
| 64 | + |
| 65 | + - name: Install dependencies |
| 66 | + working-directory: . |
| 67 | + run: yarn install --frozen-lockfile |
| 68 | + |
| 69 | + - name: Bump version |
| 70 | + id: bump |
| 71 | + run: | |
| 72 | + # Bump packages/setupWizard/package.json only. --no-git-tag-version |
| 73 | + # writes the new version without creating a commit or tag (we do that |
| 74 | + # ourselves, with a release-specific tag, further down). |
| 75 | + npm version "${{ inputs.bump_type }}" --no-git-tag-version |
| 76 | + VERSION=$(node -p "require('./package.json').version") |
| 77 | + echo "Bumped setup-sourcebot to $VERSION" |
| 78 | + echo "version=$VERSION" >> "$GITHUB_OUTPUT" |
| 79 | +
|
| 80 | + - name: Check tag does not already exist |
| 81 | + working-directory: . |
| 82 | + env: |
| 83 | + TAG: setup-sourcebot-v${{ steps.bump.outputs.version }} |
| 84 | + run: | |
| 85 | + if git tag | grep -qx "$TAG"; then |
| 86 | + echo "Error: tag $TAG already exists" |
| 87 | + exit 1 |
| 88 | + fi |
| 89 | +
|
| 90 | + - name: Build |
| 91 | + working-directory: . |
| 92 | + run: | |
| 93 | + # setupWizard imports from @sourcebot/schemas (workspace:^), so its |
| 94 | + # build must come first. |
| 95 | + yarn workspace @sourcebot/schemas run build |
| 96 | + yarn workspace setup-sourcebot run build |
| 97 | +
|
| 98 | + - name: Pack tarball |
| 99 | + run: | |
| 100 | + # Yarn pack rewrites the `workspace:^` protocol to a concrete version |
| 101 | + # range in the published manifest — something `npm publish` cannot do |
| 102 | + # on its own. We then hand the resulting tarball to npm for OIDC |
| 103 | + # publishing. |
| 104 | + yarn pack --out /tmp/setup-sourcebot.tgz |
| 105 | +
|
| 106 | + - name: Upgrade npm for Trusted Publishing |
| 107 | + working-directory: . |
| 108 | + run: | |
| 109 | + # OIDC Trusted Publishing requires npm >= 11.5.1; Node 20 ships an |
| 110 | + # older npm. |
| 111 | + npm install -g npm@latest |
| 112 | + npm --version |
| 113 | +
|
| 114 | + - name: Publish to npm |
| 115 | + working-directory: . |
| 116 | + run: | |
| 117 | + npm publish /tmp/setup-sourcebot.tgz --provenance --access public |
| 118 | +
|
| 119 | + - name: Configure git |
| 120 | + working-directory: . |
| 121 | + run: | |
| 122 | + git config user.name "github-actions[bot]" |
| 123 | + git config user.email "github-actions[bot]@users.noreply.github.com" |
| 124 | +
|
| 125 | + - name: Commit, tag, and push |
| 126 | + working-directory: . |
| 127 | + env: |
| 128 | + VERSION: ${{ steps.bump.outputs.version }} |
| 129 | + run: | |
| 130 | + git add packages/setupWizard/package.json |
| 131 | + git commit -m "[skip ci] Release setup-sourcebot v$VERSION" |
| 132 | + git tag -a "setup-sourcebot-v$VERSION" -m "setup-sourcebot v$VERSION" |
| 133 | + git push origin HEAD:main |
| 134 | + git push origin "setup-sourcebot-v$VERSION" |
| 135 | +
|
0 commit comments