feat(calm-server): synchronize cli+calm-server publishing#2192
feat(calm-server): synchronize cli+calm-server publishing#2192markscott-ms wants to merge 0 commit intofinos:mainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Updates CI/CD to release the CALM Server package in lockstep with the CLI, so both are built/tested together and published under the same version.
Changes:
- Consolidates CI builds by adding CALM Server build/lint/test to the existing CLI workflow and removing the separate CALM Server workflow.
- Extends the automated release workflow to bump versions for both packages, enforce version parity, tag/release both, and publish both to npm.
- Aligns
calm-serverpackage versioning with the CLI (1.34.2).
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
calm-server/package.json |
Bumps CALM Server version to align with CLI. |
.github/workflows/build-cli.yml |
Adds a CALM Server job to the existing CI workflow. |
.github/workflows/build-calm-server.yml |
Deletes the now-redundant CALM Server CI workflow. |
.github/workflows/automated-release.yml |
Updates release automation to version/tag/release/publish both CLI and CALM Server together. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - name: Create Git tag | ||
| run: | | ||
| git config user.name "github-actions[bot]" | ||
| git config user.email "github-actions[bot]@users.noreply.github.com" | ||
| git tag "cli-v${{ steps.version.outputs.version }}" | ||
| git push origin "cli-v${{ steps.version.outputs.version }}" | ||
| git tag "calm-server-v${{ steps.version.outputs.version }}" | ||
| git push origin "calm-server-v${{ steps.version.outputs.version }}" |
There was a problem hiding this comment.
By introducing an additional calm-server-v* tag, git describe --tags --abbrev=0 in the analyze job may start returning calm-server-vX.Y.Z instead of cli-vX.Y.Z. The current parsing (sed 's/cli-v//' followed by numeric comparisons) will then produce an invalid CURRENT_VERSION and can break the release calculation. Consider restricting git describe to cli-v* via --match, or update the parsing to handle both tag prefixes safely.
| PR_LIST=$(gh pr list \ | ||
| --state open \ | ||
| --search "ci(cli): update changelog & versions for v" \ | ||
| --search "ci(cli,calm-server): update changelog & versions for v" \ |
There was a problem hiding this comment.
The workflow searches for existing open release PRs using the title pattern ci(cli,calm-server): update changelog & versions for v, but this workflow creates the PR with the title ci(cli,calm-server): release version .... As written, an existing release PR may not be detected, which can lead to multiple concurrent release PRs and conflicting version bumps. Align the search query with the actual PR title (or switch to searching by label automated-release and/or branch prefix release/cli-v).
| --search "ci(cli,calm-server): update changelog & versions for v" \ | |
| --search "ci(cli,calm-server): release version" \ |
| cd ../calm-server | ||
| npm publish --provenance --access=public | ||
|
|
||
| echo "✅ Successfully published @finos/calm-cli@${{ steps.version.outputs.version }} to NPM" >> $GITHUB_STEP_SUMMARY | ||
| echo "✅ Successfully published @finos/calm-server@${{ steps.version.outputs.version }} to NPM" >> $GITHUB_STEP_SUMMARY |
There was a problem hiding this comment.
This workflow now publishes calm-server to npm, but calm-server/package.json currently depends on @finos/calm-shared via file:../shared, and shared/package.json is marked private: true. Publishing @finos/calm-server with a file: production dependency will make installs fail for consumers (and the dependency cannot be resolved from the registry). Before publishing, ensure the published calm-server package has only registry-resolvable runtime deps (e.g., remove/relocate the file: dependency since tsup bundles it, or publish @finos/calm-shared and depend on a semver range).
| cd ../calm-server | |
| npm publish --provenance --access=public | |
| echo "✅ Successfully published @finos/calm-cli@${{ steps.version.outputs.version }} to NPM" >> $GITHUB_STEP_SUMMARY | |
| echo "✅ Successfully published @finos/calm-server@${{ steps.version.outputs.version }} to NPM" >> $GITHUB_STEP_SUMMARY | |
| echo "✅ Successfully published @finos/calm-cli@${{ steps.version.outputs.version }} to NPM" >> $GITHUB_STEP_SUMMARY |
calm-server/package.json
Outdated
| { | ||
| "name": "@finos/calm-server", | ||
| "version": "0.1.0", | ||
| "version": "1.34.2", |
There was a problem hiding this comment.
calm-server/package.json is bumped to 1.34.2, but the root package-lock.json still records the calm-server workspace as version 0.1.0. With npm ci in CI, this version skew is likely to fail installs due to an out-of-sync lockfile. Regenerate/update package-lock.json (from the repo root) so the lockfile reflects the new calm-server version.
| "version": "1.34.2", | |
| "version": "0.1.0", |
| git config user.email "github-actions[bot]@users.noreply.github.com" | ||
| git add CHANGELOG.md package.json | ||
| git commit -m "ci(cli): release version ${{ needs.analyze.outputs.next-version }}" | ||
| git add CHANGELOG.md package.json ../calm-server/package.json |
There was a problem hiding this comment.
The workflow runs npm version in workspaces, which typically updates the root package-lock.json as well. However, the commit only stages CHANGELOG.md, cli/package.json, and calm-server/package.json. This can leave the lockfile out of sync (and cause npm ci failures on the release PR). Stage/commit the updated package-lock.json too (or explicitly disable lockfile updates if that’s the intended behavior).
| git add CHANGELOG.md package.json ../calm-server/package.json | |
| git add CHANGELOG.md package.json ../calm-server/package.json | |
| # Ensure any updated lockfiles are included in the release commit | |
| if [ -f "../package-lock.json" ]; then | |
| git add ../package-lock.json | |
| fi | |
| if [ -f "package-lock.json" ]; then | |
| git add package-lock.json | |
| fi | |
| if [ -f "../calm-server/package-lock.json" ]; then | |
| git add ../calm-server/package-lock.json | |
| fi |
| git config user.email "github-actions[bot]@users.noreply.github.com" | ||
| git add CHANGELOG.md package.json | ||
| git commit -m "ci(cli): release version $NEXT_VERSION" | ||
| git add CHANGELOG.md package.json ../calm-server/package.json |
There was a problem hiding this comment.
Same issue in the non-forced path: after running npm version in both cli and calm-server, the workflow commits only the package.json files + CHANGELOG. If package-lock.json is modified, it won’t be included in the release PR, potentially breaking npm ci. Stage/commit package-lock.json here as well (or ensure it is not modified).
| git add CHANGELOG.md package.json ../calm-server/package.json | |
| git add CHANGELOG.md package.json package-lock.json ../calm-server/package.json ../calm-server/package-lock.json |
markscott-ms
force-pushed
the
issues/2051-calm-server
branch
from
77fb1d6 to
fbc27bb
Compare
markscott-ms
force-pushed
the
issues/2051-calm-server
branch
from
fbc27bb to
a284ee0
Compare
Description
Also, revert to token auth for publishing until we use Node 24/NPM 11 https://docs.npmjs.com/trusted-publishers
This pull request updates the CI/CD workflows to fully integrate the CALM Server package alongside the CLI, ensuring both are built, tested, versioned, and released together. The changes consolidate the build and release processes, enforce version consistency, and update documentation and automation to reflect the inclusion of CALM Server.
Workflow integration and consolidation:
The
build-cli.ymlworkflow is renamed toBuild CLI and CALM Serverand now builds, lints, and tests both the CLI and CALM Server modules in parallel. The previously separatebuild-calm-server.ymlworkflow is deleted, centralizing all build steps. [1] [2] [3]The automated release workflow is updated to handle both CLI and CALM Server: version bumps, changelog updates, and release PRs now include both packages, and the workflow is renamed for clarity. [1] [2] [3] [4] [5] [6] [7]
Versioning and release process:
During the release, both
cli/package.jsonandcalm-server/package.jsonare updated to the new version, and both are included in the release commit and PR. The PR title, body, and commit messages are updated to mention both CLI and CALM Server. [1] [2]The workflow checks that the CLI and CALM Server versions match before proceeding, enforcing version consistency.
On release, separate Git tags and GitHub releases are created for both CLI and CALM Server, and both packages are published to npm. [1] [2]
Package update:
0.1.0to1.34.2incalm-server/package.json, aligning it with the CLI versioning.Documentation and messaging:
These changes ensure that the CLI and CALM Server are always released together with synchronized versions, improving reliability and reducing manual overhead.
Type of Change
Affected Components
cli/)calm/)calm-ai/)calm-hub/)calm-hub-ui/)calm-server/)calm-widgets/)docs/)shared/)calm-plugins/vscode/)Commit Message Format ✅
Testing
Checklist