|
1 | | -name: 🦋 Changesets Release |
| 1 | +name: 📦 Publish |
| 2 | + |
| 3 | +# Single entry point for npm trusted publishing (OIDC) |
| 4 | +# npm only allows one workflow as Trusted Publisher, so this file acts as |
| 5 | +# the entry point and calls the appropriate publishing workflow. |
| 6 | + |
2 | 7 | on: |
3 | | - push: |
4 | | - branches: |
5 | | - - main |
| 8 | + push: |
| 9 | + branches: |
| 10 | + - main |
| 11 | + workflow_dispatch: |
| 12 | + inputs: |
| 13 | + npm_tag: |
| 14 | + description: "NPM tag for the dev release" |
| 15 | + required: false |
| 16 | + default: "dev" |
| 17 | + type: string |
6 | 18 |
|
7 | 19 | env: |
8 | | - CI: true |
| 20 | + CI: true |
9 | 21 |
|
10 | 22 | concurrency: |
11 | | - group: ${{ github.workflow }}-${{ github.ref }} |
12 | | - cancel-in-progress: true |
13 | | - |
14 | | -jobs: |
15 | | - release: |
16 | | - name: 🦋 Changesets Release |
17 | | - if: github.repository == 'langchain-ai/langchainjs' |
18 | | - runs-on: ubuntu-latest |
19 | | - outputs: |
20 | | - published_packages: ${{ steps.changesets.outputs.publishedPackages }} |
21 | | - published: ${{ steps.changesets.outputs.published }} |
22 | | - permissions: |
23 | | - contents: write # enable pushing changes to the origin |
24 | | - id-token: write # enable generation of an ID token for publishing |
25 | | - pull-requests: write # enable opening a PR for the release |
26 | | - steps: |
27 | | - - name: ⬇️ Checkout repo |
28 | | - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 |
29 | | - with: |
30 | | - fetch-depth: 0 |
| 23 | + group: ${{ github.workflow }}-${{ github.ref }} |
| 24 | + cancel-in-progress: true |
31 | 25 |
|
32 | | - - name: 📦 Setup pnpm |
33 | | - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 |
| 26 | +# OIDC permissions for trusted publishing - these must be in the entry point workflow |
| 27 | +permissions: |
| 28 | + id-token: write |
| 29 | + contents: write |
| 30 | + pull-requests: write |
34 | 31 |
|
35 | | - - name: ⎔ Setup node |
36 | | - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 |
37 | | - with: |
38 | | - node-version-file: ".nvmrc" |
39 | | - cache: "pnpm" |
40 | | - |
41 | | - - name: 📥 Install deps |
42 | | - run: pnpm install --frozen-lockfile |
43 | | - |
44 | | - - name: 🔐 Setup npm auth |
45 | | - run: | |
46 | | - echo "registry=https://registry.npmjs.org" >> ~/.npmrc |
47 | | - echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> ~/.npmrc |
48 | | -
|
49 | | - # This action has two responsibilities. The first time the workflow runs |
50 | | - # it will create a new branch and then open a PR with the related changes |
51 | | - # for the new version. After the PR is merged, the workflow will run again |
52 | | - # and this action will build + publish to npm. |
53 | | - - name: 🚀 PR / Publish |
54 | | - id: changesets |
55 | | - uses: changesets/action@e0145edc7d9d8679003495b11f87bd8ef63c0cba |
| 32 | +jobs: |
| 33 | + # Production release - triggered by push to main |
| 34 | + release: |
| 35 | + if: github.event_name == 'push' |
| 36 | + uses: ./.github/workflows/release.yml |
| 37 | + permissions: |
| 38 | + id-token: write |
| 39 | + contents: write |
| 40 | + pull-requests: write |
| 41 | + secrets: inherit |
| 42 | + |
| 43 | + # Dev release - triggered by workflow_dispatch |
| 44 | + dev-release: |
| 45 | + if: github.event_name == 'workflow_dispatch' |
| 46 | + uses: ./.github/workflows/dev-release.yml |
| 47 | + permissions: |
| 48 | + id-token: write |
| 49 | + contents: read |
| 50 | + pull-requests: write |
56 | 51 | with: |
57 | | - version: pnpm run changeset:version |
58 | | - commit: "chore: version packages" |
59 | | - title: "chore: version packages" |
60 | | - publish: pnpm run release |
61 | | - env: |
62 | | - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} |
63 | | - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 52 | + npm_tag: ${{ inputs.npm_tag }} |
| 53 | + secrets: inherit |
0 commit comments