Skip to content

upgrade publish mechanism #1792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

upgrade publish mechanism #1792

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
11cdaac
upgrade publish mechanism
coyotte508 Oct 12, 2025
7dee6ee
Merge branch 'main' into better-publish
coyotte508 Oct 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 18 additions & 15 deletions .github/workflows/agents-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,27 +19,30 @@ defaults:
run:
working-directory: packages/agents

permissions:
contents: write
id-token: write
packages: write

jobs:
version_and_release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
with:
# Needed to push the tag and the commit on the main branch, otherwise we get:
# > Run git push --follow-tags
# remote: error: GH006: Protected branch update failed for refs/heads/main.
# remote: error: Changes must be made through a pull request. Required status check "lint" is expected.
token: ${{ secrets.BOT_ACCESS_TOKEN }}
- run: npm install -g corepack@latest && corepack enable
- uses: actions/setup-node@v3
- uses: actions/setup-node@v4
with:
node-version: "20"
node-version: "24"
cache: "pnpm"
cache-dependency-path: |
packages/agents/pnpm-lock.yaml
packages/doc-internal/pnpm-lock.yaml
# setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED
registry-url: "https://registry.npmjs.org"
- run: pnpm install
- run: git config --global user.name machineuser
- run: git config --global user.email [email protected]
Expand All @@ -52,19 +55,19 @@ jobs:
git add ../..
git commit -m "🔖 @huggingface/agents $BUMPED_VERSION"
git tag "agents-v$BUMPED_VERSION"
- run: pnpm --filter agents... build && pnpm publish --no-git-checks .
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

- run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags)
# hack - reuse actions/setup-node@v3 just to set a new registry
- uses: actions/setup-node@v3

- run: pnpm --filter agents... build && pnpm publish --no-git-checks .
# hack - reuse actions/setup-node@v4 just to set a new registry
- uses: actions/setup-node@v4
with:
node-version: "20"
node-version: "24"
registry-url: "https://npm.pkg.github.com"
# Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558)
# - run: pnpm publish --no-git-checks .
# env:
# NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- run: pnpm publish --no-git-checks .
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Update Doc"
uses: peter-evans/repository-dispatch@v2
with:
Expand Down
33 changes: 18 additions & 15 deletions .github/workflows/blake3-wasm-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,26 +19,29 @@ defaults:
run:
working-directory: packages/blake3-wasm

permissions:
contents: write
id-token: write
packages: write

jobs:
version_and_release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
with:
# Needed to push the tag and the commit on the main branch, otherwise we get:
# > Run git push --follow-tags
# remote: error: GH006: Protected branch update failed for refs/heads/main.
# remote: error: Changes must be made through a pull request. Required status check "lint" is expected.
token: ${{ secrets.BOT_ACCESS_TOKEN }}
- run: npm install -g corepack@latest && corepack enable
- uses: actions/setup-node@v3
- uses: actions/setup-node@v4
with:
node-version: "20"
node-version: "24"
cache: "pnpm"
cache-dependency-path: |
packages/blake3-wasm/pnpm-lock.yaml
# setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED
registry-url: "https://registry.npmjs.org"
- run: pnpm install
- run: git config --global user.name machineuser
- run: git config --global user.email [email protected]
Expand All @@ -49,16 +52,16 @@ jobs:
node -e "const fs = require('fs'); const package = JSON.parse(fs.readFileSync('./package.json')); package.version = '$BUMPED_VERSION'; fs.writeFileSync('./package.json', JSON.stringify(package, null, '\t') + '\n');"
git commit . -m "🔖 @huggingface/blake3-wasm $BUMPED_VERSION"
git tag "blake3-wasm-v$BUMPED_VERSION"
- run: pnpm publish --no-git-checks .
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

- run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags)
# hack - reuse actions/setup-node@v3 just to set a new registry
- uses: actions/setup-node@v3

- run: pnpm publish --no-git-checks .
# hack - reuse actions/setup-node@v4 just to set a new registry
- uses: actions/setup-node@v4
with:
node-version: "20"
node-version: "24"
registry-url: "https://npm.pkg.github.com"
# Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558)
# - run: pnpm publish --no-git-checks .
# env:
# NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- run: pnpm publish --no-git-checks .
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
32 changes: 17 additions & 15 deletions .github/workflows/blob-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,26 +19,29 @@ defaults:
run:
working-directory: packages/blob

permissions:
contents: write
id-token: write
packages: write

jobs:
version_and_release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
with:
# Needed to push the tag and the commit on the main branch, otherwise we get:
# > Run git push --follow-tags
# remote: error: GH006: Protected branch update failed for refs/heads/main.
# remote: error: Changes must be made through a pull request. Required status check "lint" is expected.
token: ${{ secrets.BOT_ACCESS_TOKEN }}
- run: npm install -g corepack@latest && corepack enable
- uses: actions/setup-node@v3
- uses: actions/setup-node@v4
with:
node-version: "20"
node-version: "24"
cache: "pnpm"
cache-dependency-path: |
packages/blob/pnpm-lock.yaml
# setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED
registry-url: "https://registry.npmjs.org"
- run: pnpm install
- run: git config --global user.name machineuser
- run: git config --global user.email [email protected]
Expand All @@ -50,19 +53,18 @@ jobs:
git commit . -m "🔖 @huggingface/blob $BUMPED_VERSION"
git tag "blob-v$BUMPED_VERSION"

- run: pnpm publish --no-git-checks .
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags)
# hack - reuse actions/setup-node@v3 just to set a new registry
- uses: actions/setup-node@v3

- run: pnpm publish --no-git-checks .
# hack - reuse actions/setup-node@v4 just to set a new registry
- uses: actions/setup-node@v4
with:
node-version: "20"
node-version: "24"
registry-url: "https://npm.pkg.github.com"
# Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558)
# - run: pnpm publish --no-git-checks .
# env:
# NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- run: pnpm publish --no-git-checks .
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Update Doc"
uses: peter-evans/repository-dispatch@v2
with:
Expand Down
32 changes: 17 additions & 15 deletions .github/workflows/dduf-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,26 +19,29 @@ defaults:
run:
working-directory: packages/dduf

permissions:
contents: write
id-token: write
packages: write

jobs:
version_and_release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
with:
# Needed to push the tag and the commit on the main branch, otherwise we get:
# > Run git push --follow-tags
# remote: error: GH006: Protected branch update failed for refs/heads/main.
# remote: error: Changes must be made through a pull request. Required status check "lint" is expected.
token: ${{ secrets.BOT_ACCESS_TOKEN }}
- run: npm install -g corepack@latest && corepack enable
- uses: actions/setup-node@v3
- uses: actions/setup-node@v4
with:
node-version: "20"
node-version: "24"
cache: "pnpm"
cache-dependency-path: |
packages/dduf/pnpm-lock.yaml
# setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED
registry-url: "https://registry.npmjs.org"
- run: pnpm install
- run: git config --global user.name machineuser
- run: git config --global user.email [email protected]
Expand All @@ -53,19 +56,18 @@ jobs:
- name: "Check Deps are published before publishing this package"
run: pnpm -w check-deps blob

- run: pnpm publish --no-git-checks .
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags)
# hack - reuse actions/setup-node@v3 just to set a new registry
- uses: actions/setup-node@v3

- run: pnpm publish --no-git-checks .
# hack - reuse actions/setup-node@v4 just to set a new registry
- uses: actions/setup-node@v4
with:
node-version: "20"
node-version: "24"
registry-url: "https://npm.pkg.github.com"
# Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558)
# - run: pnpm publish --no-git-checks .
# env:
# NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- run: pnpm publish --no-git-checks .
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Update Doc"
uses: peter-evans/repository-dispatch@v2
with:
Expand Down
33 changes: 18 additions & 15 deletions .github/workflows/gearhash-wasm-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,26 +19,29 @@ defaults:
run:
working-directory: packages/gearhash-wasm

permissions:
contents: write
id-token: write
packages: write

jobs:
version_and_release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
with:
# Needed to push the tag and the commit on the main branch, otherwise we get:
# > Run git push --follow-tags
# remote: error: GH006: Protected branch update failed for refs/heads/main.
# remote: error: Changes must be made through a pull request. Required status check "lint" is expected.
token: ${{ secrets.BOT_ACCESS_TOKEN }}
- run: npm install -g corepack@latest && corepack enable
- uses: actions/setup-node@v3
- uses: actions/setup-node@v4
with:
node-version: "20"
node-version: "24"
cache: "pnpm"
cache-dependency-path: |
packages/gearhash-wasm/pnpm-lock.yaml
# setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED
registry-url: "https://registry.npmjs.org"
- run: pnpm install
- run: git config --global user.name machineuser
- run: git config --global user.email [email protected]
Expand All @@ -49,16 +52,16 @@ jobs:
node -e "const fs = require('fs'); const package = JSON.parse(fs.readFileSync('./package.json')); package.version = '$BUMPED_VERSION'; fs.writeFileSync('./package.json', JSON.stringify(package, null, '\t') + '\n');"
git commit . -m "🔖 @huggingface/gearhash-wasm $BUMPED_VERSION"
git tag "gearhash-wasm-v$BUMPED_VERSION"
- run: pnpm publish --no-git-checks .
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

- run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags)
# hack - reuse actions/setup-node@v3 just to set a new registry
- uses: actions/setup-node@v3

- run: pnpm publish --no-git-checks .
# hack - reuse actions/setup-node@v4 just to set a new registry
- uses: actions/setup-node@v4
with:
node-version: "20"
node-version: "24"
registry-url: "https://npm.pkg.github.com"
# Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558)
# - run: pnpm publish --no-git-checks .
# env:
# NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- run: pnpm publish --no-git-checks .
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
32 changes: 17 additions & 15 deletions .github/workflows/gguf-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,26 +23,29 @@ defaults:
run:
working-directory: packages/gguf

permissions:
contents: write
id-token: write
packages: write

jobs:
version_and_release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v5
with:
# Needed to push the tag and the commit on the main branch, otherwise we get:
# > Run git push --follow-tags
# remote: error: GH006: Protected branch update failed for refs/heads/main.
# remote: error: Changes must be made through a pull request. Required status check "lint" is expected.
token: ${{ secrets.BOT_ACCESS_TOKEN }}
- run: npm install -g corepack@latest && corepack enable
- uses: actions/setup-node@v3
- uses: actions/setup-node@v4
with:
node-version: "20"
node-version: "24"
cache: "pnpm"
cache-dependency-path: |
packages/gguf/pnpm-lock.yaml
# setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED
registry-url: "https://registry.npmjs.org"
- run: pnpm install
- run: git config --global user.name machineuser
- run: git config --global user.email [email protected]
Expand All @@ -58,16 +61,15 @@ jobs:
name: "Check Deps are published before publishing this package"
run: pnpm -w check-deps tasks

- run: pnpm publish --no-git-checks .
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags)
# hack - reuse actions/setup-node@v3 just to set a new registry
- uses: actions/setup-node@v3

- run: pnpm publish --no-git-checks .
# hack - reuse actions/setup-node@v4 just to set a new registry
- uses: actions/setup-node@v4
with:
node-version: "20"
node-version: "24"
registry-url: "https://npm.pkg.github.com"
# Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558)
# - run: pnpm publish --no-git-checks .
# env:
# NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- run: pnpm publish --no-git-checks .
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
1 change: 0 additions & 1 deletion .github/workflows/hub-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,6 @@ jobs:
node-version: "24"
registry-url: "https://npm.pkg.github.com"

# Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558)
- run: pnpm publish --no-git-checks .
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
Loading