release-it #222
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release-it | |
| on: | |
| schedule: | |
| # Run weekly on Monday at 1:00 AM UTC | |
| - cron: '0 1 * * 1' | |
| workflow_dispatch: | |
| # Enable manual triggering from the GitHub UI | |
| inputs: {} | |
| # No inputs needed, but we need to specify the branches filter | |
| # Set default permissions as restrictive as possible | |
| permissions: {} | |
| jobs: | |
| check-user: | |
| runs-on: ubuntu-latest | |
| permissions: {} # No permissions needed for user check | |
| # Only run this check for workflow_dispatch events | |
| if: github.event_name == 'workflow_dispatch' && | |
| contains('["alisonjoseph", "kennylam", "sstrubberg", "tay1orjones", "eng618", "emyarod", "ariellalgilmore" , "riddhybansal" , "annawen1" , "2nikhiltom" , "heloiselui" , "Gururajj77" , "maradwan26" , "sunny-kukkar-ibm" ]', | |
| github.actor) | |
| steps: | |
| - name: User validation | |
| run: echo "User ${{ github.actor }} is authorized to trigger this workflow" | |
| # For workflow_dispatch events - depends on check-user | |
| check-for-new-commits-manual: | |
| runs-on: ubuntu-latest | |
| needs: check-user | |
| if: github.event_name == 'workflow_dispatch' | |
| permissions: | |
| contents: read | |
| outputs: | |
| has_new_commits: ${{ steps.check-commits.outputs.has_new_commits }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check for untagged commits | |
| id: check-commits | |
| uses: actions/github-script@v8 | |
| with: | |
| script: | | |
| const { execSync } = require('child_process'); | |
| try { | |
| // Get the latest commit hash | |
| const latestCommit = execSync('git rev-parse HEAD').toString().trim(); | |
| console.log(`Latest commit: ${latestCommit}`); | |
| // Get the most recent tag | |
| const latestTag = execSync('git describe --tags --abbrev=0').toString().trim(); | |
| console.log(`Latest tag: ${latestTag}`); | |
| // Get the commit hash of the latest tag | |
| const taggedCommit = execSync(`git rev-list -n 1 ${latestTag}`).toString().trim(); | |
| console.log(`Tagged commit: ${taggedCommit}`); | |
| // Check if latest commit is different from the tagged commit | |
| const hasNewCommits = latestCommit !== taggedCommit; | |
| console.log(`Has new commits since last tag: ${hasNewCommits}`); | |
| core.setOutput('has_new_commits', hasNewCommits ? 'true' : 'false'); | |
| } catch (error) { | |
| console.log('Error checking tags, assuming new commits needed:', error.message); | |
| core.setOutput('has_new_commits', 'true'); | |
| } | |
| - name: Debug commits check | |
| run: | | |
| echo "::group::Debug commits check outputs" | |
| echo "has_new_commits: ${{ steps.check-commits.outputs.has_new_commits }}" | |
| echo "job status: ${{ job.status }}" | |
| echo "::endgroup::" | |
| # For scheduled events - no dependency | |
| check-for-new-commits-scheduled: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'schedule' | |
| permissions: | |
| contents: read | |
| outputs: | |
| has_new_commits: ${{ steps.check-commits.outputs.has_new_commits }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check for untagged commits | |
| id: check-commits | |
| uses: actions/github-script@v8 | |
| with: | |
| script: | | |
| const { execSync } = require('child_process'); | |
| try { | |
| // Get the latest commit hash | |
| const latestCommit = execSync('git rev-parse HEAD').toString().trim(); | |
| console.log(`Latest commit: ${latestCommit}`); | |
| // Get the most recent tag | |
| const latestTag = execSync('git describe --tags --abbrev=0').toString().trim(); | |
| console.log(`Latest tag: ${latestTag}`); | |
| // Get the commit hash of the latest tag | |
| const taggedCommit = execSync(`git rev-list -n 1 ${latestTag}`).toString().trim(); | |
| console.log(`Tagged commit: ${taggedCommit}`); | |
| // Check if latest commit is different from the tagged commit | |
| const hasNewCommits = latestCommit !== taggedCommit; | |
| console.log(`Has new commits since last tag: ${hasNewCommits}`); | |
| core.setOutput('has_new_commits', hasNewCommits ? 'true' : 'false'); | |
| } catch (error) { | |
| console.log('Error checking tags, assuming new commits needed:', error.message); | |
| core.setOutput('has_new_commits', 'true'); | |
| } | |
| - name: Debug commits check | |
| run: | | |
| echo "::group::Debug commits check outputs" | |
| echo "has_new_commits: ${{ steps.check-commits.outputs.has_new_commits }}" | |
| echo "job status: ${{ job.status }}" | |
| echo "::endgroup::" | |
| check-validate-status: | |
| runs-on: ubuntu-latest | |
| needs: [check-for-new-commits-manual, check-for-new-commits-scheduled] | |
| permissions: | |
| actions: read | |
| contents: read | |
| if: | | |
| always() && ((needs.check-for-new-commits-manual.result == 'success' && | |
| needs.check-for-new-commits-manual.outputs.has_new_commits == 'true') || | |
| (needs.check-for-new-commits-scheduled.result == 'success' && | |
| needs.check-for-new-commits-scheduled.outputs.has_new_commits == 'true')) | |
| outputs: | |
| validate_status: ${{ steps.check-validate.outputs.validate_status }} | |
| steps: | |
| - name: Check Validate workflow status | |
| id: check-validate | |
| uses: actions/github-script@v8 | |
| with: | |
| script: | | |
| const workflow_name = 'Validate'; | |
| const branch = 'main'; | |
| const { data: workflows } = await github.rest.actions.listRepoWorkflows({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo | |
| }); | |
| const workflow = workflows.workflows.find(w => w.name === workflow_name); | |
| if (!workflow) { | |
| core.setFailed(`Couldn't find workflow named "${workflow_name}"`); | |
| return; | |
| } | |
| const { data: runs } = await github.rest.actions.listWorkflowRuns({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| workflow_id: workflow.id, | |
| branch: branch, | |
| status: 'completed', | |
| per_page: 1 | |
| }); | |
| if (runs.total_count === 0) { | |
| core.setFailed(`No completed runs found for workflow "${workflow_name}" on branch "${branch}"`); | |
| return; | |
| } | |
| const latestRun = runs.workflow_runs[0]; | |
| console.log(`Latest ${workflow_name} run conclusion: ${latestRun.conclusion}`); | |
| core.setOutput('validate_status', 'success'); | |
| if (latestRun.conclusion !== 'success') { | |
| core.setFailed(`Latest ${workflow_name} run did not succeed. Status: ${latestRun.conclusion}`); | |
| } | |
| - name: Debug output status | |
| run: | | |
| echo "::group::Debug check-validate-status outputs" | |
| echo "Job result: ${{ job.status }}" | |
| echo "Step result: ${{ steps.check-validate.outcome }}" | |
| echo "Validate status: ${{ steps.check-validate.outputs.validate_status }}" | |
| echo "::endgroup::" | |
| release: | |
| runs-on: ubuntu-latest | |
| needs: check-validate-status | |
| # Simplified condition to only check the job result | |
| if: always() && needs.check-validate-status.result == 'success' | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: Debug Conditions | |
| run: | | |
| echo "::group::Debug release conditions" | |
| echo "check-validate-status result: '${{ needs.check-validate-status.result }}'" | |
| echo "::endgroup::" | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: '22' | |
| cache: 'yarn' | |
| registry-url: https://registry.npmjs.org | |
| - name: Install dependencies | |
| run: yarn install --frozen-lockfile | |
| - name: Initialize Git user | |
| run: | | |
| git config --global user.name "Eric N. Garcia" | |
| git config --global user.email "[email protected]" | |
| - name: Initialize the NPM config | |
| run: | | |
| npm config set //registry.npmjs.org/:_authToken=$NPM_TOKEN | |
| env: | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - name: Setup SSH | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa | |
| chmod 600 ~/.ssh/id_rsa | |
| ssh-keyscan github.com >> ~/.ssh/known_hosts | |
| env: | |
| SSH_PRIVATE_KEY: ${{ SECRETS.SSH_PRIVATE_KEY }} | |
| - name: Run release command | |
| run: yarn release:ci | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| # Lockfile is now updated as part of the release commit via release-it hooks |