-
Notifications
You must be signed in to change notification settings - Fork 0
121 lines (116 loc) · 4.03 KB
/
release.yml
File metadata and controls
121 lines (116 loc) · 4.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: Release Pipeline
on:
push:
tags: ["v*"]
workflow_dispatch:
inputs:
diff_category:
description: "Change category for SemVer bump validation"
required: false
default: "none"
type: choice
options:
- none
- fix
- feature
- breaking
jobs:
validate:
name: SemVer 2.0.0 Gate
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Full history needed for tag comparison
- name: Verify tag is on main branch
run: |
TAG_COMMIT=$(git rev-list -n 1 ${{ github.ref_name }})
if ! git merge-base --is-ancestor $TAG_COMMIT origin/main; then
echo "::error::Tag ${{ github.ref_name }} is not on main branch. Merge your release/hotfix branch to main first, then tag."
exit 1
fi
echo "✅ Tag ${{ github.ref_name }} verified on main branch"
- name: Validate SemVer 2.0.0 compliance
shell: pwsh
run: |
tools/validate-release-version.ps1 `
-Version '${{ github.ref_name }}' `
-DiffCategory '${{ inputs.diff_category || 'none' }}'
build:
name: Build & Test
needs: validate
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Repository validation gate
shell: pwsh
run: ./scripts/validate.ps1 -Version ${{ github.ref_name }}
- uses: actions/setup-node@v4
with:
node-version: "20"
- run: npm ci
working-directory: FailSafe/extension
- run: npx playwright install --with-deps chromium
working-directory: FailSafe/extension
- run: npm run compile
working-directory: FailSafe/extension
- run: xvfb-run -a npm run test:all
working-directory: FailSafe/extension
- name: Export governance context
if: always()
continue-on-error: true
run: bash tools/export-governance-context.sh .failsafe-ci-context
- name: Upload governance context
if: ${{ always() && hashFiles('.failsafe-ci-context/**') != '' }}
continue-on-error: true
uses: actions/upload-artifact@v4
with:
name: governance-context
path: .failsafe-ci-context/
if-no-files-found: ignore
retention-days: 30
- name: Release metadata preflight
run: node ./scripts/validate-vsix.cjs --source-only
working-directory: FailSafe/extension
- name: Derive release version from tag
run: echo "VSIX_VERSION=${GITHUB_REF_NAME#v}" >> "$GITHUB_ENV"
- name: Clean stale VSIX artifacts
run: rm -f *.vsix
working-directory: FailSafe/extension
- run: npx @vscode/vsce package
working-directory: FailSafe/extension
- name: Assert expected VSIX exists
run: test -f "mythologiq-failsafe-${VSIX_VERSION}.vsix"
working-directory: FailSafe/extension
- run: npm run validate:vsix
working-directory: FailSafe/extension
- uses: actions/upload-artifact@v4
with:
name: vsix
path: FailSafe/extension/mythologiq-failsafe-${{ env.VSIX_VERSION }}.vsix
publish-vscode:
name: Publish to VS Code Marketplace
needs: build
runs-on: ubuntu-latest
steps:
- name: Derive release version from tag
run: echo "VSIX_VERSION=${GITHUB_REF_NAME#v}" >> "$GITHUB_ENV"
- uses: actions/download-artifact@v4
with:
name: vsix
- run: npx @vscode/vsce publish --packagePath "mythologiq-failsafe-${VSIX_VERSION}.vsix"
env:
VSCE_PAT: ${{ secrets.VSCE_PAT }}
publish-openvsx:
name: Publish to Open VSX
needs: build
runs-on: ubuntu-latest
steps:
- name: Derive release version from tag
run: echo "VSIX_VERSION=${GITHUB_REF_NAME#v}" >> "$GITHUB_ENV"
- uses: actions/download-artifact@v4
with:
name: vsix
- run: npx ovsx publish "mythologiq-failsafe-${VSIX_VERSION}.vsix"
env:
OVSX_PAT: ${{ secrets.OVSX_TOKEN }}