From ec6c8f0ca8f11829c93459795039e10168e80633 Mon Sep 17 00:00:00 2001 From: Ravi Yadav Date: Wed, 24 Sep 2025 08:44:59 +1000 Subject: [PATCH 1/3] feat: implement automated NPM publishing with GitHub Actions --- .changeset/lucky-sheep-trade.md | 14 ++++ .github/workflows/release.yml | 5 ++ .github/workflows/test-and-publish.yml | 103 +++++++++++++++++++++++++ .gitignore | 2 + package.json | 1 + packages/react/package.json | 3 + 6 files changed, 128 insertions(+) create mode 100644 .changeset/lucky-sheep-trade.md create mode 100644 .github/workflows/test-and-publish.yml diff --git a/.changeset/lucky-sheep-trade.md b/.changeset/lucky-sheep-trade.md new file mode 100644 index 000000000000..4b770e2950bc --- /dev/null +++ b/.changeset/lucky-sheep-trade.md @@ -0,0 +1,14 @@ +--- +'@ag.ds-next/react': patch +--- + +feat: add automated NPM publishing with GitHub Actions + +- Implement test-and-publish workflow with changesets integration +- Add automated Release PR creation from develop branch +- Configure secure permissions and NPM authentication +- Optimize CI/CD with caching and parallel testing +- Replace manual versioning with changeset-driven releases +- Add prepublishOnly scripts to prevent manual publishing + +Requires: NPM_TOKEN secret for publishing to @ag.ds-next registry diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f804401f569d..1d3c9ca85049 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,5 +1,10 @@ name: Release +# Explicit permissions for security +permissions: + contents: read + pull-requests: write + on: push: branches: diff --git a/.github/workflows/test-and-publish.yml b/.github/workflows/test-and-publish.yml new file mode 100644 index 000000000000..656abe67c1b4 --- /dev/null +++ b/.github/workflows/test-and-publish.yml @@ -0,0 +1,103 @@ +name: Test & Publish + +# Explicit permissions for security +permissions: + contents: read + pull-requests: write + id-token: write + +on: + push: + branches: + - main + pull_request: + workflow_dispatch: + +jobs: + test-and-build: + name: Test, Lint & Build + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Node.js 22.15.1 + uses: actions/setup-node@v4 + with: + node-version: 22.15.1 + + - name: Get number of CPU cores + id: cpu-cores + uses: SimenB/github-actions-cpu-cores@v2 + + - name: Get yarn cache directory path + id: yarn-cache-dir-path + run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT + + - uses: actions/cache@v3 + id: yarn-cache + with: + path: | + ${{ steps.yarn-cache-dir-path.outputs.dir }} + node_modules + key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }} + + - name: Install dependencies + run: yarn install --frozen-lockfile + + - name: Unit tests + run: yarn test --max-workers ${{ steps.cpu-cores.outputs.count }} + + - name: Generate component props + run: yarn docs:generate-component-props + + - name: Lint + run: yarn lint + + - name: Build packages + run: yarn build + + publish: + name: Publish to NPM + runs-on: ubuntu-latest + needs: [test-and-build] + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + permissions: + contents: write # Needed to create releases and tags + pull-requests: write # Needed to create Release PRs + id-token: write # Needed for NPM provenance + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + with: + # This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits + fetch-depth: 0 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 22.15.1 + cache: 'yarn' + registry-url: 'https://registry.npmjs.org' + + - name: Install Dependencies + run: yarn install --frozen-lockfile + + - name: Configure npm for public publishing + run: | + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc + echo "@ag.ds-next:registry=https://registry.npmjs.org" >> ~/.npmrc + echo "access=public" >> ~/.npmrc + env: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + + - name: Publish to NPM + run: | + echo "Publishing packages to NPM registry..." + yarn publish-changed + env: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + + - name: Display notification if a publish happens + run: echo "Packages published to NPM successfully!" diff --git a/.gitignore b/.gitignore index d61ad7de3112..cd504dbe6964 100644 --- a/.gitignore +++ b/.gitignore @@ -45,3 +45,5 @@ yarn-error.log* # typescript *.tsbuildinfo + +.npmrc diff --git a/package.json b/package.json index 8113f398bd29..e9f96ab74b9c 100644 --- a/package.json +++ b/package.json @@ -34,6 +34,7 @@ "new:package": "plop --plopfile scripts/new-package.mjs && yarn format && yarn manypkg fix && preconstruct fix && yarn install", "playroom:build": "yarn --cwd docs playroom:build", "playroom:dev": "yarn --cwd docs playroom:dev", + "prepublishOnly": "echo 'Publishing from local machine is disabled. Use CI/CD pipeline.' && echo 'Push changes to develop branch to trigger release process.' && exit 1", "publish-changed": "yarn build && yarn changeset publish", "storybook:build": "storybook build -o docs/public/storybook", "storybook:dev": "storybook dev --port 6006 --no-open", diff --git a/packages/react/package.json b/packages/react/package.json index 220f58dc4c33..a6120934be83 100644 --- a/packages/react/package.json +++ b/packages/react/package.json @@ -341,6 +341,9 @@ }, "./package.json": "./package.json" }, + "scripts": { + "prepublishOnly": "echo 'Publishing from local machine is disabled. Use CI/CD pipeline.' && echo 'Push changes to develop branch to trigger release process.' && exit 1" + }, "dependencies": { "@babel/runtime": "^7.27.1", "@floating-ui/react-dom": "^2.0.8", From b0b75f3ad420b2c21a5409708b6492721451d860 Mon Sep 17 00:00:00 2001 From: Ravi Yadav Date: Wed, 24 Sep 2025 09:25:28 +1000 Subject: [PATCH 2/3] fix: pin GitHub Actions to commit SHAs for security compliance --- .github/workflows/test-and-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-and-publish.yml b/.github/workflows/test-and-publish.yml index 656abe67c1b4..bdecf84de3d9 100644 --- a/.github/workflows/test-and-publish.yml +++ b/.github/workflows/test-and-publish.yml @@ -28,7 +28,7 @@ jobs: - name: Get number of CPU cores id: cpu-cores - uses: SimenB/github-actions-cpu-cores@v2 + uses: SimenB/github-actions-cpu-cores@97ba232459a8e02ff6121db9362b09661c875ab8 # v2.0.0 - name: Get yarn cache directory path id: yarn-cache-dir-path From 78c3447aa4558761326061af086fd48e6471e983 Mon Sep 17 00:00:00 2001 From: Ravi Yadav Date: Wed, 24 Sep 2025 09:49:16 +1000 Subject: [PATCH 3/3] fix: resolve timing-dependent test failure in date validation --- packages/react/src/date-picker-next/utils.test.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/react/src/date-picker-next/utils.test.ts b/packages/react/src/date-picker-next/utils.test.ts index d3986257930c..e1b37ddfda84 100644 --- a/packages/react/src/date-picker-next/utils.test.ts +++ b/packages/react/src/date-picker-next/utils.test.ts @@ -324,7 +324,8 @@ describe('isValidDate', () => { describe('minDate', () => { test('returns true when it’s a valid date', () => { - expect(isValidDate(new Date(), { minDate: new Date() })).toEqual(true); + const fixedDate = new Date(); + expect(isValidDate(fixedDate, { minDate: fixedDate })).toEqual(true); expect(isValidDate('31/01/1950', { minDate: '31/01/1950' })).toEqual( true );