Skip to content
Release with Changesets

Merge branch 'fix/github_actions' #63

Sign in to view logs

Merge branch 'fix/github_actions'

Merge branch 'fix/github_actions' #63

Workflow file for this run

.github/workflows/release-changesets.yml at e9f9a0d
name: Release with Changesets
on:
push:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
id-token: write # Required for provenance-based publishing
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Setup pnpm
uses: pnpm/action-setup@d648c2dd069001a242c621c8306af467f150e99d
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "20.x"
cache: "pnpm"
registry-url: "https://registry.npmjs.org"
# OPTION 1: Provenance-based publishing (RECOMMENDED - no token needed)
# Uses OpenID Connect with GitHub's id-token
# No NPM_TOKEN required if using this approach
# - name: Configure NPM for provenance
# run: |
# npm config set provenance true
# npm config set registry https://registry.npmjs.org/
# OPTION 2: Granular Access Token (if you prefer token-based auth)
# 1. Create a new granular access token at: https://www.npmjs.com/settings/[your-username]/tokens
# 2. Set permissions: "Read and write" for the packages you want to publish
# 3. Add as NPM_TOKEN secret in GitHub repo settings
- name: Configure NPM with Granular Access Token
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc
cat ~/.npmrc
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Build core package first
run: pnpm --filter @csrf-armor/core run build
- name: Build all packages
run: pnpm run build
- name: Run type check
run: pnpm run type-check
- name: Run linting
run: pnpm run lint
- name: Run tests
run: pnpm run test
- name: Create Release PR or Publish to NPM
id: changesets
uses: changesets/action@e0145edc7d9d8679003495b11f87bd8ef63c0cba
with:
version: pnpm run version-packages
publish: pnpm run release
commit: "chore(release): version packages"
title: "chore(release): version packages"
createGithubReleases: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Publish to JSR
if: steps.changesets.outputs.published == 'true'
run: npx jsr publish
- name: Create summary
if: steps.changesets.outputs.published == 'true'
run: |
echo "## 🚀 Release Summary" >> $GITHUB_STEP_SUMMARY
echo "Published packages:" >> $GITHUB_STEP_SUMMARY
echo '${{ steps.changesets.outputs.publishedPackages }}' | jq -r '.[] | "- **\(.name)@\(.version)**"' >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Installation" >> $GITHUB_STEP_SUMMARY
echo "**NPM:**" >> $GITHUB_STEP_SUMMARY
echo '```bash' >> $GITHUB_STEP_SUMMARY
echo '${{ steps.changesets.outputs.publishedPackages }}' | jq -r '.[] | "npm install \(.name)@\(.version)"' >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**JSR:**" >> $GITHUB_STEP_SUMMARY
echo '```bash' >> $GITHUB_STEP_SUMMARY
echo '${{ steps.changesets.outputs.publishedPackages }}' | jq -r '.[] | "deno add \(.name)@\(.version)"' >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
- name: Send Slack notification
if: steps.changesets.outputs.published == 'true' && vars.SLACK_WEBHOOK_URL
run: |
PACKAGES=$(echo '${{ steps.changesets.outputs.publishedPackages }}' | jq -r '.[] | "\(.name)@\(.version)"' | tr '\n' ' ')
curl -X POST -H 'Content-type: application/json' \
--data "{\"text\":\"📦 New packages published: $PACKAGES\"}" \
${{ vars.SLACK_WEBHOOK_URL }}