Release #24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| # This workflow runs after CI succeeds on the main branch. | |
| # Uses OIDC Trusted Publishing (no NPM_TOKEN needed). | |
| # See https://docs.npmjs.com/generating-provenance-statements | |
| on: | |
| workflow_run: | |
| workflows: ["CI"] | |
| types: | |
| - completed | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| force_publish: | |
| description: 'Force publish all packages' | |
| type: boolean | |
| default: false | |
| concurrency: ${{ github.workflow }}-${{ github.ref }} | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| id-token: write # Required for OIDC trusted publishing | |
| jobs: | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| # Only run if CI workflow succeeded | |
| if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }} | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| with: | |
| # This makes Actions fetch all Git history so that Changesets can generate changelogs | |
| fetch-depth: 0 | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| cache: 'pnpm' | |
| registry-url: 'https://registry.npmjs.org' | |
| # Ensure npm 11.5.1+ for trusted publishing support | |
| - name: Update npm | |
| run: npm install -g npm@latest | |
| # Explicitly configure @prosdevlab scope to use npm registry | |
| - name: Configure npm registry | |
| run: | | |
| # Remove any project-level .npmrc that might route @prosdevlab to GitHub Packages | |
| rm -f .npmrc | |
| # Create .npmrc with explicit scoped registry for @prosdevlab | |
| echo "@prosdevlab:registry=https://registry.npmjs.org/" > .npmrc | |
| # Also configure pnpm to use npm registry for @prosdevlab scope | |
| pnpm config set @prosdevlab:registry https://registry.npmjs.org/ | |
| - name: Install Dependencies | |
| run: pnpm install | |
| - name: Build Packages | |
| run: pnpm build | |
| - name: Create Release Pull Request or Publish to npm | |
| id: changesets | |
| uses: changesets/action@v1 | |
| with: | |
| # This creates a "Version Packages" PR when changesets are added | |
| version: pnpm changeset version | |
| # This publishes to npm using OIDC trusted publishing (no NPM_TOKEN needed) | |
| publish: pnpm changeset publish | |
| # Commit message for version bumps | |
| commit: 'chore: release packages' | |
| # PR title for version bumps | |
| title: 'chore: release packages' | |
| # Create GitHub Releases with provenance | |
| createGithubReleases: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # No NPM_TOKEN needed - OIDC handles npm authentication! |