Skip to content

feat(release): move npm publish to github actions #5464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rax-it merged 13 commits into from
Aug 28, 2025
Merged

feat(release): move npm publish to github actions #5464

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
278a50b
chore: test
rax-it Aug 25, 2025
0ef2c04
chore: update to workflow dispatch
rax-it Aug 26, 2025
87df059
chore: only dry run
rax-it Aug 26, 2025
de36836
chore: adds org read token
rax-it Aug 26, 2025
de4e600
chore: comment user validation
rax-it Aug 26, 2025
3f45edb
chore: test validation
rax-it Aug 26, 2025
467c80f
chore: setup environment
rax-it Aug 26, 2025
7f2563a
chore: ready for review
rax-it Aug 26, 2025
f23859a
Merge branch 'master' into rave/github-action-publish
rax-it Aug 27, 2025
23e8175
chore: address feedback
rax-it Aug 27, 2025
8f92c26
Merge branch 'master' into rave/github-action-publish
rax-it Aug 27, 2025
36278fb
Merge branch 'master' into rave/github-action-publish
rax-it Aug 28, 2025
9fc5c16
Update .github/workflows/release.yml
rax-it Aug 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 69 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
name: Manual Release

on:
workflow_dispatch:
inputs:
release_version:
description: 'Semver version to release (must be > current root version)'
required: true

permissions:
contents: write
pull-requests: write
id-token: write
packages: write

jobs:
release:
environment: release
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: '20'
registry-url: 'https://registry.npmjs.org'
cache: 'yarn'

- name: Install dependencies
run: yarn install --frozen-lockfile

- name: Validate release version > current
env:
INPUT_VERSION: ${{ inputs.release_version }}
run: |
node -e "
const fs=require('fs');
const semver=require('semver');
const current=JSON.parse(fs.readFileSync('package.json','utf8')).version;
const next=process.env.INPUT_VERSION;
if(!semver.valid(next)) { console.error('Invalid semver: '+next); process.exit(1); }
if(!semver.gt(next,current)) { console.error(`Version ${next} must be greater than current ${current}`); process.exit(1); }
"
Copy link
Member

@jmsjtu jmsjtu Aug 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be possible to restrict the release to our specific release branches? eg, summer*, winter*, spring*, master?

Is that something we can do in the GHA UI?

Copy link
Contributor Author

@rax-it rax-it Aug 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a condition to release job to only be able to run from specified branches and non-fork repos.


- name: Bump versions and commit
env:
INPUT_VERSION: ${{ inputs.release_version }}
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
BRANCH="$GITHUB_REF_NAME"
node ./scripts/release/version.js "$INPUT_VERSION"
RESOLVED_VERSION=$(node -p "require('./package.json').version")
git commit -am "chore: release $RESOLVED_VERSION"
git push origin HEAD

- name: Build
run: yarn build

- name: Publish to npm
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
TAG=$([ "$GITHUB_REF_NAME" = "master" ] && echo latest || echo "$GITHUB_REF_NAME")
Copy link
Contributor

@wjhsf wjhsf Aug 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How do we ensure that we only release using winter*/spring*/summer* tags, and we don't accidentally release a tag called rave/github-action-publish?

How do we ensure that only repo maintainers can trigger the workflow?

Copy link
Contributor Author

@rax-it rax-it Aug 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a conditional for branch validation.

How do we ensure that only repo maintainers can trigger the workflow?

This should help with only lwc-admin members should be able to approve workflow run requests.

yarn nx release publish --yes --registry https://registry.npmjs.org --tag "$TAG"
77 changes: 0 additions & 77 deletions .nucleus.yaml
View file
Open in desktop

This file was deleted.