standard-ranklist-renderer-component/.github/workflows/release.yml at 1af703c63c42b3e621e6688cea7811ebceb3d6cd · algoux/standard-ranklist-renderer-component · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: Release

on:
  push:
    branches:
      - master
  workflow_dispatch:

concurrency: ${{ github.workflow }}-${{ github.ref }}

permissions:
  contents: write
  pull-requests: write

jobs:
  release:
    name: Version or publish packages
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20
          registry-url: https://registry.npmjs.org

      - name: Setup pnpm
        run: |
          corepack enable
          corepack prepare pnpm@8.15.9 --activate

      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Detect pending changesets
        id: pending-changesets
        run: |
          if find .changeset -maxdepth 1 -type f -name '*.md' ! -name 'README.md' | grep -q .; then
            echo "found=true" >> "$GITHUB_OUTPUT"
          else
            echo "found=false" >> "$GITHUB_OUTPUT"
          fi

      - name: Audit release plan
        if: steps.pending-changesets.outputs.found == 'true'
        run: pnpm -w run release:audit

      - name: Run release verification before version PR
        if: steps.pending-changesets.outputs.found == 'true'
        run: pnpm -w run test:release

      - name: Configure npm token
        run: |
          set -euo pipefail

          if [ -z "${NPM_TOKEN:-}" ]; then
            echo "NPM_TOKEN is not available to this workflow. Check repository/org secret name and repository access." >&2
            exit 1
          fi

          echo "NPM_TOKEN length: ${#NPM_TOKEN}"
          printf '%s' "$NPM_TOKEN" | sha256sum | cut -c1-12 | sed 's/^/NPM_TOKEN sha256: /'

          echo "npm userconfig: $(npm config get userconfig)"
          npm whoami --registry https://registry.npmjs.org/
        env:
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

      - name: Create version PR or publish packages
        id: changesets
        uses: changesets/action@v1
        with:
          version: pnpm -w run changeset:version
          publish: pnpm -w run changeset:publish
          commit: 'release: version packages'
          title: 'release: version packages'
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

      - name: Create repository release baseline tag
        if: steps.changesets.outputs.published == 'true'
        env:
          PUBLISHED_PACKAGES: ${{ steps.changesets.outputs.publishedPackages }}
        run: |
          set -euo pipefail
          tag="$(node ./scripts/resolve-release-baseline-tag.mjs)"
          if [ -z "$tag" ]; then
            echo "No published package versions were reported; skipping repository baseline tag."
            exit 0
          fi

          git fetch --tags --force
          if git rev-parse "$tag" >/dev/null 2>&1; then
            echo "Tag $tag already exists; skipping."
            exit 0
          fi

          git tag "$tag"
          git push origin "$tag"