chore: support scoped package publishing SOFIE-4181

.github/workflows/node.yaml

@@ -34,6 +34,7 @@ jobs:
           node-version-file: '.node-version'
       - name: Prepare Environment
         run: |
+          corepack enable
           yarn config set cacheFolder /home/runner/lint-${{ matrix.lib-name }}-cache
           yarn install
           yarn build
@@ -62,6 +63,7 @@ jobs:
           node-version-file: '.node-version'
       - name: Prepare Environment
         run: |
+          corepack enable
           yarn config set cacheFolder /home/runner/docs-cache
           yarn install
           yarn build
@@ -97,6 +99,7 @@ jobs:
           node-version: ${{ matrix.node-version }}
       - name: Prepare Environment
         run: |
+          corepack enable
           yarn config set cacheFolder /home/runner/test-${{ matrix.lib-name }}-${{ matrix.node-version }}-cache
           yarn install
           yarn build
@@ -120,80 +123,6 @@ jobs:
       #   env:
       #     CI: true
 
-  release:
-    name: Release
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-
-    # only run for tags
-    if: contains(github.ref, 'refs/tags/')
-
-    needs:
-      - test
-      # - validate-dependencies
-
-    steps:
-      - uses: actions/checkout@v5
-        with:
-          fetch-depth: 0
-          persist-credentials: false
-      - name: Use Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: '.node-version'
-      - name: Check release is desired
-        id: do-publish
-        run: |
-          if [ -z "${{ secrets.NPM_TOKEN }}" ]; then
-            echo "No Token"
-          else
-            # Use the timeline-state-resolver packkage to choose 'hotfix' or 'latest'
-            PACKAGE_NAME=timeline-state-resolver
-            PUBLISHED_VERSION=$(yarn npm info --json $PACKAGE_NAME | jq -c '.version' -r)
-            THIS_VERSION=$(node -p "require('./lerna.json').version")
-            # Simple bash helper to comapre version numbers
-            verlte() {
-              [  "$1" = "`echo -e "$1\n$2" | sort -V | head -n1`" ]
-            }
-            verlt() {
-              [ "$1" = "$2" ] && return 1 || verlte $1 $2
-            }
-            if verlt $PUBLISHED_VERSION $THIS_VERSION
-            then
-              echo "Publishing latest"
-              echo "tag=latest" >> $GITHUB_OUTPUT
-            else
-              echo "Publishing hotfix"
-              echo "tag=hotfix" >> $GITHUB_OUTPUT
-            fi
-
-          fi
-      - name: Prepare build
-        if: ${{ steps.do-publish.outputs.tag }}
-        run: |
-          yarn config set cacheFolder /home/runner/release-cache
-          yarn install
-          yarn build
-        env:
-          CI: true
-      - name: Publish to NPM
-        if: ${{ steps.do-publish.outputs.tag }}
-        run: |
-          echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> ~/.npmrc
-          git checkout .yarnrc.yml
-          yarn lerna publish from-package --tag-version-prefix='' --dist-tag ${{ steps.do-publish.outputs.tag }} --yes --no-verify-access
-        env:
-          CI: true
-      - name: Generate docs
-        if: ${{ steps.do-publish.outputs.tag }} == 'latest'
-        run: |
-          yarn docs
-      - name: Publish docs
-        uses: peaceiris/actions-gh-pages@v4
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          publish_dir: ./docs
-
   validate-dependencies:
     name: Validate production dependencies
     runs-on: ubuntu-latest
@@ -218,6 +147,7 @@ jobs:
           node-version-file: '.node-version'
       - name: Prepare Environment
         run: |
+          corepack enable
           yarn config set cacheFolder /home/runner/validate-deps-${{ matrix.lib-name }}-cache
           yarn install
         env:
@@ -257,6 +187,7 @@ jobs:
           node-version-file: '.node-version'
       - name: Prepare Environment
         run: |
+          corepack enable
           yarn config set cacheFolder /home/runner/validate-all-deps-${{ matrix.lib-name }}-cache
           yarn install
         env:

.github/workflows/publish.yaml

@@ -1,15 +1,56 @@
-name: Publish prerelease
+name: Publish packages
 
 on:
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
+  push:
+    tags:
+      - 'v**'
+
+permissions:
+  contents: read
+
+env:
+  IS_UPSTREAM: ${{ github.repository_owner == 'Sofie-Automation' }}
+  NPM_PACKAGE_SCOPE: ${{ vars.NPM_PACKAGE_SCOPE }} # In the form of nrkno, without the @
+  NPM_PACKAGE_PREFIX: ${{ vars.NPM_PACKAGE_PREFIX }} # Set to anything to prefix the published package names with "sofie-". eg in combination with NPM_PACKAGE_SCOPE this will turn @sofie-automation/shared-lib into @nrkno/sofie-shared-lib
 
 jobs:
+  check-publish:
+    name: Check if publish is possible
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    outputs:
+      can-publish: ${{ steps.check.outputs.can-publish }}
+      npm-scope: ${{ steps.check.outputs.npm-scope }}
+
+    steps:
+      - name: Check release is possible
+        id: check
+        run: |
+          if [ "${{ env.IS_UPSTREAM }}" = "true" ]; then
+            echo "Upstream repo, publishing unscoped" >> $GITHUB_STEP_SUMMARY
+            echo "can-publish=1" >> $GITHUB_OUTPUT
+            echo "npm-scope=" >> $GITHUB_OUTPUT
+          elif [ "${{ env.NPM_PACKAGE_SCOPE }}" = "" ]; then
+            echo "No NPM_PACKAGE_SCOPE set, not publishing" >> $GITHUB_STEP_SUMMARY
+            echo "can-publish=0" >> $GITHUB_OUTPUT
+            echo "npm-scope=" >> $GITHUB_OUTPUT
+          else
+            echo "Downstream repo, publishing scoped to \`@${{ env.NPM_PACKAGE_SCOPE }}\`" >> $GITHUB_STEP_SUMMARY
+            echo "can-publish=1" >> $GITHUB_OUTPUT
+            echo "npm-scope=${{ env.NPM_PACKAGE_SCOPE }}" >> $GITHUB_OUTPUT
+          fi
+
   test:
     name: Test
     runs-on: ubuntu-latest
     timeout-minutes: 15
 
+    needs: check-publish
+
+    if: ${{ needs.check-publish.outputs.can-publish == '1' }}
+
     strategy:
       fail-fast: false
       matrix:
@@ -29,6 +70,7 @@ jobs:
           node-version: ${{ matrix.node-version }}
       - name: Prepare Environment
         run: |
+          corepack enable
           yarn install
           yarn build
         env:
@@ -40,13 +82,14 @@ jobs:
         env:
           CI: true
 
-  prerelease:
-    name: Prerelease
+  prepare-publish:
+    name: Prepare for publish
     runs-on: ubuntu-latest
     timeout-minutes: 15
 
-    needs:
-      - test
+    needs: check-publish
+
+    if: ${{ needs.check-publish.outputs.can-publish == '1' }}
 
     steps:
       - uses: actions/checkout@v5
@@ -57,28 +100,20 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version-file: '.node-version'
-      - name: Check release is desired
-        id: do-publish
-        run: |
-          if [ -z "${{ secrets.NPM_TOKEN }}" ]; then
-            echo "No Token"
-          elif [[ "${{ github.ref }}" == "refs/heads/master" ]]; then
-            echo "Publish nightly"
-            echo "publish=nightly" >> $GITHUB_OUTPUT
-          else
-            echo "Publish experimental"
-            echo "publish=experimental" >> $GITHUB_OUTPUT
-          fi
-
       - name: Prepare Environment
-        if: ${{ steps.do-publish.outputs.publish }}
         run: |
+          corepack enable
           yarn install
+        env:
+          CI: true
+      - name: Build
+        run: |
+          cd packages
           yarn build
         env:
           CI: true
+
       - name: Bump version and build
-        if: ${{ steps.do-publish.outputs.publish }}
         run: |
           git config --global user.email "[email protected]"
           git config --global user.name "superflytvab"
@@ -90,13 +125,94 @@ jobs:
           yarn release:bump-prerelease --no-changelog --no-commit-hooks --preid "$PRERELEASE_TAG-$COMMIT_DATE-$GIT_HASH" prerelease --yes
         env:
           CI: true
+
+      - name: Modify dependencies to use npm packages
+        run: |
+          node scripts/prepublish.js "${{ github.repository }}" "${{ env.NPM_PACKAGE_SCOPE }}" ${{ env.NPM_PACKAGE_PREFIX }}
+
+          cd packages
+          yarn install --no-immutable
+
+      - name: Upload release artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: publish-dist
+          path: |
+            packages/*/dist
+            packages/*/package.json
+            packages/*/CHANGELOG.md
+            yarn.lock
+            package.json
+            CHANGELOG.md
+          retention-days: 1
+          if-no-files-found: error
+
+  publish:
+    name: Publish to NPM
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    needs:
+      - prepare-publish
+      - test
+
+    permissions:
+      contents: write
+      id-token: write # scoped for as short as possible, as this gives write access to npm
+
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: '.node-version'
+
+      - name: Download release artifact
+        uses: actions/download-artifact@v5
+        with:
+          name: publish-dist
+
       - name: Publish to NPM
-        if: ${{ steps.do-publish.outputs.publish }}
+        id: publish-npm
         run: |
-          echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> ~/.npmrc
-          yarn lerna publish from-package --tag-version-prefix='' --dist-tag ${{ steps.do-publish.outputs.publish }} --yes --no-verify-access
+          # Commit any changes, to make lerna happy that the tree isn't dirty
+          git config --global user.email "[email protected]"
+          git config --global user.name "superflytvab"
+          git add .
+          git commit -m "chore: temp commit" --no-verify --allow-empty
+
+          # If an npm token is provided, use it (for simpler setup in forks)
+          if [ "${{ secrets.NPM_TOKEN }}" != "" ]; then
+            echo "Using provided NPM token"
+            echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> ~/.npmrc
+          else
+            echo "No NPM token provided, using trusted publishing"
+          fi
+
+          corepack enable
+
+          # make dependencies of `determine-npm-tag` available
+          yarn install --mode=skip-build
+
+          cd packages
+
+          yarn install
+
+          NPM_TAG=nightly
+          if [ "${{ github.event_name }}" != "workflow_dispatch" ]; then
+            PACKAGE_NAME=$(node -p "require('./shared-lib/package.json').name")
+            PUBLISHED_VERSION=$(yarn npm info --json $PACKAGE_NAME | jq -c '.version' -r)
+            THIS_VERSION=$(node -p "require('./lerna.json').version")
+            NPM_TAG=$(node ../scripts/determine-npm-tag.js "$PUBLISHED_VERSION" "$THIS_VERSION")
+          fi
+
+          yarn lerna publish from-package --tag-version-prefix='' --dist-tag $NPM_TAG --yes
 
-          NEW_VERSION=$(node -p "require('./packages/timeline-state-resolver/package.json').version")
-          echo "**Published:** $NEW_VERSION" >> $GITHUB_STEP_SUMMARY
+          NEW_VERSION=$(node -p "require('./lerna.json').version")
+          echo "version=$NEW_VERSION" >> $GITHUB_OUTPUT
+          echo "**Published:** $NEW_VERSION as $NPM_TAG" >> $GITHUB_STEP_SUMMARY
         env:
+          NPM_CONFIG_PROVENANCE: true
           CI: true

.github/workflows/sonar.yaml

@@ -27,6 +27,7 @@ jobs:
           node-version: 22
       - name: Prepare Environment
         run: |
+          corepack enable
           yarn
         env:
           CI: true

.prettierignore

@@ -1,2 +1,3 @@
 package.json
-packages/*/package.json
+packages/*/package.json
+/.nx/workspace-data