docs: a11y docs html aria #5947

Workflow file for this run

.github/workflows/publish.yml at 0fc3b0f

	name: Publish Packages

	on:
	workflow_dispatch:
	inputs:
	tag:
	description: 'NPM dist-tag (e.g., latest, beta, snapshot)'
	required: false
	default: 'next'
	pull_request:
	types: [labeled, synchronize]
	push:
	branches:
	- main

	concurrency:
	group: publish-${{ github.ref }}
	cancel-in-progress: false

	jobs:
	check-changesets:
	runs-on: ubuntu-latest
	if: >-
	github.event_name == 'workflow_dispatch' \|\|
	github.event_name == 'push' \|\|
	(github.event_name == 'pull_request' &&
	contains(github.event.pull_request.labels.*.name, 'snapshot-release'))
	outputs:
	has_changesets: ${{ steps.check.outputs.has_changesets }}
	has_1st_gen_changesets: ${{ steps.check.outputs.has_1st_gen_changesets }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Check for changesets
	id: check
	run: \|
	if [ -z "$(ls -A .changeset/*.md 2>/dev/null \| grep -v README)" ]; then
	echo "has_changesets=false" >> $GITHUB_OUTPUT
	echo "has_1st_gen_changesets=false" >> $GITHUB_OUTPUT
	echo "No changesets found - skipping publish"
	else
	echo "has_changesets=true" >> $GITHUB_OUTPUT
	CHANGESET_COUNT=$(ls -1 .changeset/*.md 2>/dev/null \| grep -v README \| wc -l \| tr -d ' ')
	echo "Found $CHANGESET_COUNT changesets"

	# Check if any changeset mentions 1st-gen packages
	# 1st-gen packages are @spectrum-web-components/* except core
	HAS_1ST_GEN=false
	for file in .changeset/*.md; do
	if [ "$(basename "$file")" != "README.md" ]; then
	PACKAGES=$(grep -oP "@spectrum-web-components/[a-z-]+" "$file")
	NON_CORE=$(echo "$PACKAGES" \| grep -v "^@spectrum-web-components/core$")
	if [ -n "$NON_CORE" ]; then
	HAS_1ST_GEN=true
	break
	fi
	fi
	done

	echo "has_1st_gen_changesets=$HAS_1ST_GEN" >> $GITHUB_OUTPUT
	if [ "$HAS_1ST_GEN" = "true" ]; then
	echo "Found 1st-gen changesets - React wrappers will be built and published"
	else
	echo "No 1st-gen changesets found - React wrappers will be skipped"
	fi
	fi

	publish:
	needs: check-changesets
	if: needs.check-changesets.outputs.has_changesets == 'true'
	runs-on: ubuntu-latest
	environment: npm-publish
	permissions:
	id-token: write # Required for OIDC trusted publishing (1st-gen )
	contents: write # Required for git push
	env:
	YARN_ENABLE_IMMUTABLE_INSTALLS: false
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Setup job and install dependencies
	uses: ./.github/actions/setup-job

	- name: Set Git identity
	run: \|
	git config --global user.email "support+actions@github.com"
	git config --global user.name "github-actions-bot"

	- name: Determine release tag
	id: extract-tag
	env:
	EVENT_NAME: ${{ github.event_name }}
	INPUT_TAG: ${{ github.event.inputs.tag }}
	run: \|
	if [ "$EVENT_NAME" == "pull_request" ]; then
	# PRs with the snapshot-release label always use snapshot-test
	WORKFLOW_TAG="snapshot-test"
	elif [ -n "$INPUT_TAG" ]; then
	# Use the tag provided via workflow_dispatch input
	WORKFLOW_TAG="$INPUT_TAG"
	else
	# Default tag for push-triggered runs
	WORKFLOW_TAG="next"
	fi

	echo "tag=$WORKFLOW_TAG" >> $GITHUB_OUTPUT
	echo "Using npm tag: $WORKFLOW_TAG"

	- name: Validate release tag
	env:
	TAG: ${{ steps.extract-tag.outputs.tag }}
	GIT_REF: ${{ github.ref }}
	run: \|
	if [ "$TAG" == "latest" ] && [ "$GIT_REF" != "refs/heads/main" ]; then
	echo "ERROR: Cannot publish 'latest' from non-main branch"
	exit 1
	fi

	- name: Verify OIDC token and configure NPM authentication
	id: npm-auth
	env:
	NPM_TOKEN: ${{ secrets.ADOBE_BOT_NPM_TOKEN }}
	run: \|
	if [ -n "$ACTIONS_ID_TOKEN_REQUEST_URL" ]; then
	echo "✓ OIDC token is available for 1st-gen trusted publishing"
	else
	echo "✗ OIDC token NOT available - trusted publishing will fail"
	exit 1
	fi

	echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc
	echo "✓ NPM authentication configured for 2nd-gen (Adobe namespace)"

	- name: Build all packages
	run: yarn build

	- name: Generate custom elements manifests
	run: yarn workspace @spectrum-web-components/1st-gen custom-element-json

	- name: Confirm build artifacts
	run: yarn workspace @spectrum-web-components/1st-gen build:confirm

	- name: Version packages
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	TAG: ${{ steps.extract-tag.outputs.tag }}
	run: \|
	if [ "$TAG" == "latest" ]; then
	yarn workspace @spectrum-web-components/1st-gen changelog:global
	yarn changeset version
	else
	yarn changeset version --snapshot $TAG
	fi

	- name: Capture released versions
	id: versions
	run: \|
	CORE_VERSION=$(node -p "require('./2nd-gen/packages/core/package.json').version")
	BUNDLE_VERSION=$(node -p "require('./1st-gen/tools/bundle/package.json').version")
	SWC_VERSION=$(node -p "require('./2nd-gen/packages/swc/package.json').version")
	echo "core=$CORE_VERSION" >> $GITHUB_OUTPUT
	echo "bundle=$BUNDLE_VERSION" >> $GITHUB_OUTPUT
	echo "swc=$SWC_VERSION" >> $GITHUB_OUTPUT

	- name: Refresh lockfile and rebuild
	run: \|
	yarn install --refresh-lockfile
	yarn build

	- name: Publish all packages
	if: steps.npm-auth.outcome == 'success'
	env:
	NODE_AUTH_TOKEN: ${{ secrets.ADOBE_BOT_NPM_TOKEN }}
	TAG: ${{ steps.extract-tag.outputs.tag }}
	run: \|
	# Changeset publishes all packages (1st-gen, core, and 2nd-gen)
	# npm CLI automatically uses:
	# - OIDC trusted publishing for 1st-gen packages (configured on npmjs.com)
	# - Token authentication for 2nd-gen (from .npmrc)
	if [ "$TAG" == "latest" ]; then
	yarn changeset publish --no-git-tag
	else
	yarn changeset publish --no-git-tag --tag $TAG
	fi

	- name: Build React wrappers
	if: needs.check-changesets.outputs.has_1st_gen_changesets == 'true'
	run: yarn workspace @spectrum-web-components/1st-gen build:react

	- name: Publish React wrappers
	if: needs.check-changesets.outputs.has_1st_gen_changesets == 'true'
	env:
	TAG: ${{ steps.extract-tag.outputs.tag }}
	run: \|
	if [ "$TAG" == "latest" ]; then
	PUBLISH_CMD="npm publish --access public"
	else
	PUBLISH_CMD="npm publish --tag $TAG --access public"
	fi

	# Retry function with exponential backoff
	retry_publish() {
	local dir=$1
	local max_attempts=3
	local attempt=1

	while [ $attempt -le $max_attempts ]; do
	echo "Publishing $dir (attempt $attempt/$max_attempts)..."
	if (cd "$dir" && $PUBLISH_CMD); then
	echo "✓ Successfully published $dir"
	return 0
	else
	if [ $attempt -lt $max_attempts ]; then
	local wait_time=$((2 ** attempt))
	echo "✗ Publish failed, retrying in ${wait_time}s..."
	sleep $wait_time
	else
	echo "✗ Failed to publish $dir after $max_attempts attempts"
	return 1
	fi
	fi
	attempt=$((attempt + 1))
	done
	}

	cd 1st-gen/react
	for dir in */; do
	retry_publish "$dir" \|\| exit 1
	done

	- name: Publish summary
	if: always()
	env:
	TAG: ${{ steps.extract-tag.outputs.tag }}
	EVENT_NAME: ${{ github.event_name }}
	PR_NUMBER: ${{ github.event.pull_request.number }}
	PR_TITLE: ${{ github.event.pull_request.title }}
	PR_AUTHOR: ${{ github.event.pull_request.user.login }}
	HEAD_REF: ${{ github.head_ref }}
	BASE_REF: ${{ github.base_ref }}
	REF_NAME: ${{ github.ref_name }}
	ACTOR: ${{ github.actor }}
	COMMIT_SHA: ${{ github.sha }}
	AUTH_OUTCOME: ${{ steps.npm-auth.outcome }}
	CORE_VERSION: ${{ steps.versions.outputs.core }}
	BUNDLE_VERSION: ${{ steps.versions.outputs.bundle }}
	SWC_VERSION: ${{ steps.versions.outputs.swc }}
	run: \|
	echo "## Publish summary" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY

	if [ "$EVENT_NAME" == "pull_request" ]; then
	echo "\| Field \| Value \|" >> $GITHUB_STEP_SUMMARY
	echo "\|-------\|-------\|" >> $GITHUB_STEP_SUMMARY
	echo "\| Trigger \| Pull request \|" >> $GITHUB_STEP_SUMMARY
	echo "\| PR \| #${PR_NUMBER} — ${PR_TITLE} \|" >> $GITHUB_STEP_SUMMARY
	echo "\| Branch \| \`${HEAD_REF}\` → \`${BASE_REF}\` \|" >> $GITHUB_STEP_SUMMARY
	echo "\| NPM tag \| \`${TAG}\` \|" >> $GITHUB_STEP_SUMMARY
	echo "\| Author \| @${PR_AUTHOR} \|" >> $GITHUB_STEP_SUMMARY
	elif [ "$EVENT_NAME" == "workflow_dispatch" ]; then
	echo "\| Field \| Value \|" >> $GITHUB_STEP_SUMMARY
	echo "\|-------\|-------\|" >> $GITHUB_STEP_SUMMARY
	echo "\| Trigger \| Manual dispatch \|" >> $GITHUB_STEP_SUMMARY
	echo "\| Branch \| \`${REF_NAME}\` \|" >> $GITHUB_STEP_SUMMARY
	echo "\| NPM tag \| \`${TAG}\` \|" >> $GITHUB_STEP_SUMMARY
	echo "\| Actor \| @${ACTOR} \|" >> $GITHUB_STEP_SUMMARY
	else
	echo "\| Field \| Value \|" >> $GITHUB_STEP_SUMMARY
	echo "\|-------\|-------\|" >> $GITHUB_STEP_SUMMARY
	echo "\| Trigger \| Push \|" >> $GITHUB_STEP_SUMMARY
	echo "\| Branch \| \`${REF_NAME}\` \|" >> $GITHUB_STEP_SUMMARY
	echo "\| NPM tag \| \`${TAG}\` \|" >> $GITHUB_STEP_SUMMARY
	echo "\| Commit \| \`${COMMIT_SHA}\` \|" >> $GITHUB_STEP_SUMMARY
	fi

	if [ -n "$CORE_VERSION" ] \|\| [ -n "$BUNDLE_VERSION" ] \|\| [ -n "$SWC_VERSION" ]; then
	echo "## Versions released" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "\| Generation \| Package \| Version \|" >> $GITHUB_STEP_SUMMARY
	echo "\|------------\|---------\|---------\|" >> $GITHUB_STEP_SUMMARY
	[ -n "$CORE_VERSION" ] && echo "\| Core \| \`@spectrum-web-components/core\` \| \`${CORE_VERSION}\` \|" >> $GITHUB_STEP_SUMMARY
	[ -n "$BUNDLE_VERSION" ] && echo "\| 1st gen \| \`@spectrum-web-components/bundle\` \| \`${BUNDLE_VERSION}\` \|" >> $GITHUB_STEP_SUMMARY
	[ -n "$SWC_VERSION" ] && echo "\| 2nd gen \| \`@adobe/spectrum-wc\` \| \`${SWC_VERSION}\` \|" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	fi

	if [ "$AUTH_OUTCOME" == "success" ]; then
	echo "✅ Publish completed with tag \`${TAG}\`" >> $GITHUB_STEP_SUMMARY
	else
	echo "❌ Publish failed — NPM authentication did not succeed" >> $GITHUB_STEP_SUMMARY
	fi

	- name: Commit and push changes
	if: steps.extract-tag.outputs.tag == 'latest'
	run: \|
	git add .
	git commit -m "chore: release packages #publish" \|\| echo "No changes to commit"
	git push

	- name: Create git tag
	if: steps.extract-tag.outputs.tag == 'latest'
	run: node ./1st-gen/scripts/create-git-tag.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

docs: a11y docs html aria #5947

Workflow file

docs: a11y docs html aria #5947

Uh oh!

Workflow file for this run