Update release workflow for NPM OIDC (#28)

Author: stwiname

.github/actions/create-prerelease/action.yml

@@ -7,10 +7,7 @@ inputs:
   package-path:
     description: 'package path to run action e.g. package/common'
     required: true
-  npm-token:
-    description: 'token to push to npm registry'
-    required: true
-  
+
 runs:
   using: "composite"
   steps:
@@ -19,7 +16,5 @@ runs:
       shell: bash
 
     - working-directory: ${{ inputs.package-path }}
-      run: echo "Changes exist in ${{ inputs.package-path }}" && yarn version prerelease && yarn npm publish --access public --tag dev      
-      env:
-        NPM_TOKEN: ${{ inputs.npm-token }}
+      run: echo "Changes exist in ${{ inputs.package-path }}" && yarn version prerelease && yarn npm publish --access public --tag dev
       shell: bash

.github/actions/create-release/action.yml

@@ -9,21 +9,16 @@ inputs:
   repo-token:
     description: 'token to create github release'
     required: true
-  npm-token:
-    description: 'token to push to npm registry'
-    required: true
-  
+
 runs:
   using: "composite"
   steps:
     - working-directory: ${{ inputs.package-path }}
-      run: echo "Changes exist in ${{ inputs.package-path }}" && yarn npm publish --access public 
-      env:
-        NPM_TOKEN: ${{ inputs.npm-token }}
+      run: echo "Changes exist in ${{ inputs.package-path }}" && yarn npm publish --access public
       shell: bash
 
     - working-directory: ${{ github.workspace }}
       run: node ${{ github.action_path }}/gh-release-script.js ${{ github.workspace }}/${{ inputs.package-path }} ${{ github.sha }}
-      env: 
+      env:
         REPO_TOKEN: ${{ inputs.repo-token }}
       shell: bash

.github/workflows/benchmark.yml

@@ -65,7 +65,7 @@ jobs:
 
     steps:
       #Check out
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 100
           token: ${{ secrets.REPO_TOKEN }}
@@ -82,12 +82,12 @@ jobs:
           echo "::set-output name=network-endpoint::${NETWORK_ENDPOINT}"
           echo "::add-mask::${NETWORK_ENDPOINT}"
           # Store the prepared NETWORK_ENDPOINT in an environment variable
-          echo "NETWORK_ENDPOINT=${NETWORK_ENDPOINT}" >> $GITHUB_ENV 
+          echo "NETWORK_ENDPOINT=${NETWORK_ENDPOINT}" >> $GITHUB_ENV
 
       - name: Install Docker inside the container
         run: |
           apt-get update
-          apt-get install -y docker.io  
+          apt-get install -y docker.io
 
       - name: Install PostgreSQL client
         run: |
@@ -201,4 +201,3 @@ jobs:
             }
         env:
           SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
-

.github/workflows/discord.yml

@@ -11,7 +11,7 @@ jobs:
 
     steps:
       - name: Send release details to Discord
-        uses: rjstone/discord-webhook-notify@v1
+        uses: rjstone/discord-webhook-notify@v2
         with:
           webhookUrl: ${{ secrets.DISCORD_RELEASE_NOTES_WEBHOOK }}
           color: '#6499ff'

.github/workflows/gh-release.yml

@@ -8,12 +8,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       #Check out
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 100
 
       - name: Setup Node.js environment
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v5
         with:
           node-version: lts/*
 

.github/workflows/node-docker.yml

@@ -16,7 +16,7 @@ jobs:
     outputs:
       changes_found: ${{ steps.check_changes.outputs.changes_found }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 2
       - name: Check for package changes and commit message
@@ -39,7 +39,7 @@ jobs:
     if: needs.check.outputs.changes_found == 'true'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 100
           token: ${{ secrets.REPO_TOKEN }}

.github/workflows/pr.yml

@@ -12,9 +12,9 @@ jobs:
       SUBQL_ACCESS_TOKEN_TEST: ${{ secrets.SUBQL_ACCESS_TOKEN_TEST }}
       SUBQL_ORG_TEST: ${{ secrets.SUBQL_ORG_TEST }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Setup Node.js environment
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v5
         with:
           node-version: lts/*
       - run: yarn
@@ -46,10 +46,10 @@ jobs:
       DB_PORT: 5432
       HTTP_ENDPOINT: ${{ secrets.HTTP_ENDPOINT }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Setup Node.js environment
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v5
         with:
           node-version: lts/*
 

.github/workflows/prerelease.yml

@@ -0,0 +1,173 @@
+name: "Publish"
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - ".github/workflows/**"
+
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
+
+concurrency:
+  group: publish
+  cancel-in-progress: false
+
+jobs:
+
+  pre-ci:
+    name: Pre-CI (Extract Commit Message)
+    runs-on: ubuntu-latest
+    timeout-minutes: 1
+    outputs:
+      commit-message: ${{ steps.get_commit_message.outputs.commit-message }}
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - id: get_commit_message
+        run: |
+          COMMIT_MSG_TEMP="${{ github.event.head_commit.message }}"
+          if [ -n "$COMMIT_MSG_TEMP" ]
+          then
+            commit_msg="$COMMIT_MSG_TEMP"
+            echo "commit-message=${commit_msg}" | head -n 1 >> "$GITHUB_OUTPUT"
+          else
+            commit_message=$(git log -1 --pretty=%B | head -n 1)
+            echo "commit-message=$commit_message" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Debug commit message
+        run: |
+          echo "Commit message: ${{ steps.get_commit_message.outputs.commit-message }}"
+
+  setup:
+    name: Setup & Detect Changes
+    needs: pre-ci
+    runs-on: ubuntu-latest
+    outputs:
+      changed-types: ${{ steps.changed-types.outputs.changed }}
+      changed-common-solana: ${{ steps.changed-common-solana.outputs.changed }}
+      changed-node: ${{ steps.changed-node.outputs.changed }}
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 100 # Needed to detect changes by having commit history
+
+      - uses: marceloprado/has-changed-path@v1
+        id: changed-types
+        with:
+          paths: packages/types
+
+      - uses: marceloprado/has-changed-path@v1
+        id: changed-common-solana
+        with:
+          paths: packages/common-solana
+
+      - uses: marceloprado/has-changed-path@v1
+        id: changed-node
+        with:
+          paths: packages/node
+
+  release:
+    name: Release Publish
+    needs: [pre-ci, setup]
+    if: >
+      !startsWith(github.event.head_commit.message, '[SKIP CI]')
+      && startsWith(github.event.head_commit.message, '[release]')
+      && github.repository == 'subquery/subql-solana'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js environment
+        uses: actions/setup-node@v5
+        with:
+          node-version: lts/*
+
+      - name: Update npm
+        run: npm install -g npm@latest
+
+      - run: yarn
+
+      - name: build
+        run: yarn build
+
+      # Publish to npm and github releases
+      - name: Publish Types
+        if: needs.setup.outputs.changed-types == 'true'
+        uses: ./.github/actions/create-release
+        with:
+          package-path: packages/types
+          repo-token: ${{ secrets.REPO_TOKEN }}
+
+      - name: Publish Common Solana
+        if: needs.setup.outputs.changed-common-solana == 'true'
+        uses: ./.github/actions/create-release
+        with:
+          package-path: packages/common-solana
+          repo-token: ${{ secrets.REPO_TOKEN }}
+
+      - name: Publish Node
+        if: needs.setup.outputs.changed-node == 'true'
+        uses: ./.github/actions/create-release
+        with:
+          package-path: packages/node
+          repo-token: ${{ secrets.REPO_TOKEN }}
+
+  prerelease:
+    name: Prerelease Publish
+    needs: [pre-ci, setup]
+    if: >
+      !startsWith(needs.pre-ci.outputs.commit-message, '[SKIP CI]')
+      && !startsWith(needs.pre-ci.outputs.commit-message, '[release]')
+      && github.repository == 'subquery/subql-solana'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.REPO_TOKEN }} # Needed to push changes back to repo
+
+      - name: Setup Node.js environment
+        uses: actions/setup-node@v5
+        with:
+          node-version: lts/*
+
+      - name: Update npm
+        run: npm install -g npm@latest
+
+      - run: yarn
+
+      - name: build
+        run: yarn build
+
+      # Prerelease publish steps
+      - name: Bump types & deploy
+        if: needs.setup.outputs.changed-types == 'true'
+        uses: ./.github/actions/create-prerelease
+        with:
+          package-path: packages/types
+
+      - name: Bump common Solana & deploy
+        if: needs.setup.outputs.changed-common-solana == 'true'
+        uses: ./.github/actions/create-prerelease
+        with:
+          package-path: packages/common-solana
+
+      - name: Bump node & deploy
+        if: needs.setup.outputs.changed-node == 'true'
+        uses: ./.github/actions/create-prerelease
+        with:
+          package-path: packages/node
+
+
+      - name: Commit changes
+        uses: EndBug/add-and-commit@v9
+        with:
+          message: "[SKIP CI] Prerelease"
+          default_author: github_actions