Skip to content

Commit 3c6fe88

Browse files
MiguelLZPFMiguelLZPF
committed
chore: merge main into develop
Brings workflow fixes from PR #712 and #713 into develop branch. Conflicts resolved: workflow files (main's version), contract/test files (develop's version). Signed-off-by: Miguel_LZPF <miguel.carpena@io.builders>
2 parents fc6b79b + 9f3b238 commit 3c6fe88

File tree

8 files changed

+210
-292
lines changed

8 files changed

+210
-292
lines changed

.github/workflows/README.md

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -58,11 +58,13 @@ sequenceDiagram
5858

5959
4. **Commit with DCO and Signature compliance**:
6060

61-
```bash
62-
git add .
63-
git commit --signoff -S -m "feat: your commit message"
64-
git push origin feature/your-feature-name
65-
```
61+
Commit messages should comply with the [conventional commits standard](https://www.conventionalcommits.org/en/v1.0.0/)
62+
63+
```bash
64+
git add .
65+
git commit --signoff -S -m "feat: your commit message"
66+
git push origin feature/your-feature-name
67+
```
6668

6769
5. **Open PR to develop branch** - automated checks will run
6870

.github/workflows/ats.publish.yml

Lines changed: 31 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -9,11 +9,6 @@ on:
99
required: false
1010
type: boolean
1111
default: false
12-
ref:
13-
description: "Branch/tag/commit to publish from"
14-
required: false
15-
type: string
16-
default: "main"
1712

1813
# Release published trigger (GitHub release creation) - only for ATS releases (tags ending with -ats)
1914
release:
@@ -33,10 +28,7 @@ jobs:
3328
name: Publish ATS Contracts
3429
runs-on: token-studio-linux-large
3530
# Only run if manual trigger OR release tag contains/ends with '-ats'/'-ATS'
36-
if: ${{ github.event_name == 'workflow_dispatch' || contains(github.ref_name, '-ats-') || contains(github.ref_name, '-ATS-') || endsWith(github.ref_name, '-ats') || endsWith(github.ref_name, '-ATS') }}
37-
permissions:
38-
contents: read
39-
id-token: write
31+
if: ${{ github.event_name == 'workflow_dispatch' || contains(github.ref_name, '-ats-') || endsWith(github.ref_name, '-ats') }}
4032

4133
steps:
4234
- name: Harden Runner
@@ -47,18 +39,17 @@ jobs:
4739
- name: Checkout repository
4840
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
4941
with:
50-
ref: ${{ inputs.ref || github.ref }}
42+
ref: ${{ github.ref }}
5143
fetch-depth: 0
5244

5345
- name: Setup NodeJS Environment
5446
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
5547
with:
56-
node-version: 22.x
48+
node-version: 22.20.0
5749
registry-url: https://registry.npmjs.org
5850

5951
- name: Create .npmrc file
60-
env:
61-
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
52+
working-directory: packages/ats/contracts
6253
run: |
6354
cat << 'EOF' > .npmrc
6455
//registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}
@@ -74,28 +65,26 @@ jobs:
7465
env:
7566
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
7667
DRY_RUN: ${{ inputs.dry-run-enabled }}
68+
working-directory: packages/ats/contracts
7769
run: |
78-
echo "DRY_RUN is set to: '${DRY_RUN}'"
79-
80-
cd packages/ats/contracts
81-
8270
PUBLISH_ARGS=("--access=public")
8371
if [[ "${DRY_RUN}" == "true" ]]; then
8472
PUBLISH_ARGS+=("--dry-run")
8573
echo "🔍 DRY RUN MODE: Would publish @hashgraph/asset-tokenization-contracts"
8674
fi
8775
88-
npm publish "${PUBLISH_ARGS[@]}"
76+
if ! npm publish "${PUBLISH_ARGS[@]}"; then
77+
echo "❌ Failed to publish package: ${package_name}"
78+
echo "📋 Package info:" && cat package.json | jq '.name, .version'
79+
exit 1
80+
fi
8981
9082
sdk:
9183
name: Publish ATS SDK
9284
runs-on: token-studio-linux-large
9385
# Only run if manual trigger OR release tag contains/ends with '-ats'/'-ATS'
94-
if: ${{ github.event_name == 'workflow_dispatch' || contains(github.ref_name, '-ats-') || contains(github.ref_name, '-ATS-') || endsWith(github.ref_name, '-ats') || endsWith(github.ref_name, '-ATS') }}
86+
if: ${{ github.event_name == 'workflow_dispatch' || contains(github.ref_name, '-ats-') || endsWith(github.ref_name, '-ats') }}
9587
# needs: contracts # Commented out for parallel execution
96-
permissions:
97-
contents: read
98-
id-token: write
9988

10089
steps:
10190
- name: Harden Runner
@@ -106,18 +95,17 @@ jobs:
10695
- name: Checkout repository
10796
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
10897
with:
109-
ref: ${{ inputs.ref || github.ref }}
98+
ref: ${{ github.ref }}
11099
fetch-depth: 0
111100

112101
- name: Setup NodeJS Environment
113102
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
114103
with:
115-
node-version: 22.x
104+
node-version: 22.20.0
116105
registry-url: https://registry.npmjs.org
117106

118107
- name: Create .npmrc file
119-
env:
120-
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
108+
working-directory: packages/ats/sdk
121109
run: |
122110
cat << 'EOF' > .npmrc
123111
//registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}
@@ -135,25 +123,28 @@ jobs:
135123
env:
136124
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
137125
DRY_RUN: ${{ inputs.dry-run-enabled }}
126+
working-directory: packages/ats/sdk
138127
run: |
139-
echo "DRY_RUN is set to: '${DRY_RUN}'"
140-
141-
cd packages/ats/sdk
142-
143128
PUBLISH_ARGS=("--access=public")
144129
if [[ "${DRY_RUN}" == "true" ]]; then
145130
PUBLISH_ARGS+=("--dry-run")
146131
echo "🔍 DRY RUN MODE: Would publish @hashgraph/asset-tokenization-sdk"
147132
fi
148133
149-
npm publish "${PUBLISH_ARGS[@]}"
134+
if ! npm publish "${PUBLISH_ARGS[@]}"; then
135+
echo "❌ Failed to publish package: ${package_name}"
136+
echo "📋 Package info:" && cat package.json | jq '.name, .version'
137+
exit 1
138+
fi
150139
151140
# Summary job to report results
152141
summary:
153142
name: Publish Summary
154143
runs-on: token-studio-linux-large
155-
needs: [contracts, sdk]
156-
if: always()
144+
needs:
145+
- contracts
146+
- sdk
147+
if: ${{ always() }}
157148
steps:
158149
- name: Harden the runner (Audit all outbound calls)
159150
uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
@@ -162,13 +153,13 @@ jobs:
162153

163154
- name: Report Results
164155
run: |
165-
echo "## ATS Publish Results" >> $GITHUB_STEP_SUMMARY
166-
echo "| Package | Status |" >> $GITHUB_STEP_SUMMARY
167-
echo "| --- | --- |" >> $GITHUB_STEP_SUMMARY
168-
echo "| Contracts | ${{ needs.contracts.result }} |" >> $GITHUB_STEP_SUMMARY
169-
echo "| SDK | ${{ needs.sdk.result }} |" >> $GITHUB_STEP_SUMMARY
156+
echo "## ATS Publish Results" >> "${GITHUB_STEP_SUMMARY}"
157+
echo "| Package | Status |" >> "${GITHUB_STEP_SUMMARY}"
158+
echo "| --- | --- |" >> "${GITHUB_STEP_SUMMARY}"
159+
echo "| Contracts | ${{ needs.contracts.result }} |" >> "${GITHUB_STEP_SUMMARY}"
160+
echo "| SDK | ${{ needs.sdk.result }} |" >> "${GITHUB_STEP_SUMMARY}"
170161
171162
if [[ "${{ inputs.dry-run-enabled }}" == "true" ]]; then
172-
echo "" >> $GITHUB_STEP_SUMMARY
173-
echo "🔍 **DRY RUN MODE** - No packages were actually published" >> $GITHUB_STEP_SUMMARY
163+
echo "" >> "${GITHUB_STEP_SUMMARY}"
164+
echo "🔍 **DRY RUN MODE** - No packages were actually published" >> "${GITHUB_STEP_SUMMARY}"
174165
fi

.github/workflows/ats.release.yml

Lines changed: 40 additions & 69 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,13 @@ on:
55
workflow_dispatch:
66
inputs:
77
release-type:
8-
description: 'Type of release to perform'
8+
description: "Type of release to perform"
99
required: true
1010
type: choice
1111
options:
1212
- preview # Show what would be released (dry-run)
1313
- release # Full production release
14-
default: 'preview'
14+
default: "preview"
1515

1616
defaults:
1717
run:
@@ -25,13 +25,6 @@ jobs:
2525
ats-release:
2626
name: Create ATS Release
2727
runs-on: token-studio-linux-large
28-
# Only allow authorized teams to trigger releases per CODEOWNERS
29-
if: >
30-
github.event_name == 'workflow_dispatch' && (
31-
contains(fromJSON('["platform-ci", "platform-ci-committers", "release-engineering-managers", "developer-advocates", "iobuilders-hedera"]'),
32-
github.actor) ||
33-
contains(github.actor, 'hashgraph')
34-
)
3528

3629
steps:
3730
- name: Harden Runner
@@ -49,38 +42,35 @@ jobs:
4942
- name: Setup NodeJS Environment
5043
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
5144
with:
52-
node-version: 22.x
45+
node-version: v22.20.0
5346

5447
- name: Install dependencies
5548
run: npm ci
5649

5750
- name: Validate ATS changesets exist
5851
id: validate
5952
run: |
60-
# Use changeset status with JSON output to detect ATS packages with changes
6153
echo "📋 Getting changeset status..."
6254
npx changeset status --output=changeset-status.json
6355
64-
# Parse JSON to check if ATS packages have pending changes
6556
ATS_PACKAGES_TO_BUMP=$(jq -r '.releases[] | select(.name | test("@hashgraph/asset-tokenization-")) | .name' changeset-status.json | wc -l)
6657
67-
echo "ats-packages-to-bump=$ATS_PACKAGES_TO_BUMP" >> $GITHUB_OUTPUT
58+
echo "ats-packages-to-bump=${ATS_PACKAGES_TO_BUMP}" >> "${GITHUB_OUTPUT}"
6859
69-
if [ "$ATS_PACKAGES_TO_BUMP" -eq 0 ]; then
60+
if [ "${ATS_PACKAGES_TO_BUMP}" -eq 0 ]; then
7061
echo "❌ No ATS packages found to be bumped"
7162
echo "📋 Current changeset status:"
7263
npx changeset status
7364
exit 1
7465
fi
7566
76-
echo "✅ Found $ATS_PACKAGES_TO_BUMP ATS package(s) ready for release"
67+
echo "✅ Found ${ATS_PACKAGES_TO_BUMP} ATS package(s) ready for release"
7768
78-
# Show which packages will be bumped
7969
echo "📦 ATS packages to be released:"
8070
jq -r '.releases[] | select(.name | test("@hashgraph/asset-tokenization-")) | " - \(.name) (\(.oldVersion) → \(.newVersion))"' changeset-status.json
8171
8272
- name: Preview ATS release
83-
if: inputs.release-type == 'preview'
73+
if: ${{ inputs.release-type == 'preview' }}
8474
run: |
8575
echo "🔍 PREVIEW MODE - What would be released for ATS packages:"
8676
echo ""
@@ -93,14 +83,12 @@ jobs:
9383
echo "To proceed with actual release, run this workflow with 'release' option."
9484
9585
- name: Version ATS packages
96-
if: inputs.release-type == 'release'
86+
if: ${{ inputs.release-type == 'release' }}
9787
run: |
9888
echo "🚀 Releasing ATS packages only (ignoring Mass Payout packages)"
9989
100-
# Run changeset version with ignore flag for Mass Payout packages
10190
npx changeset version --ignore "@hashgraph/mass-payout*"
10291
103-
# Check if any files were changed
10492
if [[ -n "$(git status --porcelain)" ]]; then
10593
echo "✅ Version bump completed for ATS packages"
10694
else
@@ -109,76 +97,59 @@ jobs:
10997
fi
11098
11199
- name: Commit version changes
112-
if: inputs.release-type == 'release'
100+
if: ${{ inputs.release-type == 'release' }}
113101
run: |
114-
# GitHub Actions bot automatically handles git config for branch protection bypass
115-
# When using GITHUB_TOKEN, GitHub automatically configures the correct identity
116-
117-
# Add all changed files
118102
git add .
119103
120-
# Commit with DCO sign-off using GitHub Actions bot identity
121-
if git commit --signoff -m "chore: release ATS packages"; then
104+
if git commit --signoff -S -m "chore: release ATS packages"; then
122105
echo "✅ Version changes committed"
123106
else
124107
echo "ℹ️ No changes to commit"
125108
fi
126109
127110
- name: Create ATS release
128-
if: inputs.release-type == 'release'
111+
id: create-release-tag
112+
if: ${{ inputs.release-type == 'release' }}
113+
env:
114+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
129115
run: |
130-
# Get the current ATS version (all ATS packages use fixed versioning)
131116
ATS_VERSION=$(node -p "require('./packages/ats/contracts/package.json').version")
132117
TAG_NAME="v${ATS_VERSION}-ats"
133-
134-
echo "📦 Creating ATS release: $TAG_NAME"
135-
136-
# Create and push tag
118+
echo "📦 Creating ATS release tag: ${TAG_NAME}"
137119
git tag "${TAG_NAME}"
138120
git push origin "${TAG_NAME}"
139121
140-
# Generate release notes from ATS package changelogs
141-
RELEASE_NOTES=""
142-
for package in contracts sdk; do
143-
CHANGELOG_FILE="packages/ats/${package}/CHANGELOG.md"
144-
if [ -f "$CHANGELOG_FILE" ]; then
145-
echo "📋 Including changelog from $package"
146-
RELEASE_NOTES="$RELEASE_NOTES\n\n## @hashgraph/asset-tokenization-${package}\n"
147-
# Get the latest version section from changelog
148-
sed -n "/^## $ATS_VERSION/,/^## /p" "$CHANGELOG_FILE" | head -n -1 >> release-notes.md
149-
fi
150-
done
151-
152-
# Create GitHub release
153-
gh release create "$TAG_NAME" \
154-
--title "ATS Release v${ATS_VERSION}" \
155-
--notes-file release-notes.md \
156-
--target main
157-
158-
echo "✅ GitHub release created: $TAG_NAME"
159-
echo "🔗 Release URL: https://github.com/${{ github.repository }}/releases/tag/$TAG_NAME"
160-
env:
161-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
122+
echo "tag-name=${TAG_NAME}" >> "${GITHUB_OUTPUT}"
123+
124+
- name: Create github release
125+
if: ${{ inputs.release-type == 'release' }}
126+
uses: step-security/release-action@03a57407052f15d1537fd5469a6fbbc536aba326 # v1.20.0
127+
with:
128+
tag: ${{ steps.create-release-tag.outputs.tag-name }}
129+
prerelease: false
130+
draft: false
131+
generateReleaseNotes: true
132+
skipIfReleaseExists: true
162133

163134
- name: Release Summary
164135
if: always()
165136
run: |
166137
if [ "${{ inputs.release-type }}" = "preview" ]; then
167-
echo "## 🔍 ATS Release Preview Completed" >> $GITHUB_STEP_SUMMARY
168-
echo "Preview mode was selected. No actual release was created." >> $GITHUB_STEP_SUMMARY
138+
echo "## 🔍 ATS Release Preview Completed" >> "${GITHUB_STEP_SUMMARY}"
139+
echo "Preview mode was selected. No actual release was created." >> "${GITHUB_STEP_SUMMARY}"
169140
elif [ "${{ job.status }}" = "success" ]; then
170141
ATS_VERSION=$(node -p "require('./packages/ats/contracts/package.json').version" 2>/dev/null || echo "unknown")
171-
echo "## ✅ ATS Release v${ATS_VERSION} Completed Successfully" >> $GITHUB_STEP_SUMMARY
172-
echo "| Package | Status |" >> $GITHUB_STEP_SUMMARY
173-
echo "| --- | --- |" >> $GITHUB_STEP_SUMMARY
174-
echo "| ATS Contracts | ✅ Released |" >> $GITHUB_STEP_SUMMARY
175-
echo "| ATS SDK | ✅ Released |" >> $GITHUB_STEP_SUMMARY
176-
echo "| GitHub Release | ✅ Created |" >> $GITHUB_STEP_SUMMARY
177-
echo "" >> $GITHUB_STEP_SUMMARY
178-
echo "**Next Steps:**" >> $GITHUB_STEP_SUMMARY
179-
echo "- NPM publishing will be triggered automatically via ats.publish.yml" >> $GITHUB_STEP_SUMMARY
180-
echo "- Mass Payout packages were ignored and remain available for separate release" >> $GITHUB_STEP_SUMMARY
142+
echo "## ✅ ATS Release v${ATS_VERSION} Completed Successfully" >> "${GITHUB_STEP_SUMMARY}"
143+
echo "| Package | Status |" >> "${GITHUB_STEP_SUMMARY}"
144+
echo "| --- | --- |" >> "${GITHUB_STEP_SUMMARY}"
145+
echo "| ATS Contracts | ✅ Released |" >> "${GITHUB_STEP_SUMMARY}"
146+
echo "| ATS SDK | ✅ Released |" >> "${GITHUB_STEP_SUMMARY}"
147+
echo "| GitHub Release | ✅ Created |" >> "${GITHUB_STEP_SUMMARY}"
148+
echo "" >> "${GITHUB_STEP_SUMMARY}"
149+
echo "**Next Steps:**" >> "${GITHUB_STEP_SUMMARY}"
150+
echo "- NPM publishing will be triggered automatically via ats.publish.yml" >> "${GITHUB_STEP_SUMMARY}"
151+
echo "- Mass Payout packages were ignored and remain available for separate release" >> "${GITHUB_STEP_SUMMARY}"
181152
else
182-
echo "## ❌ ATS Release Failed" >> $GITHUB_STEP_SUMMARY
183-
echo "Check the logs above for details on what went wrong." >> $GITHUB_STEP_SUMMARY
153+
echo "## ❌ ATS Release Failed" >> "${GITHUB_STEP_SUMMARY}"
154+
echo "Check the logs above for details on what went wrong." >> "${GITHUB_STEP_SUMMARY}"
184155
fi

0 commit comments

Comments
 (0)