|
1 | 1 | # This Manually Executable Workflow is for NPM Releases |
| 2 | + |
2 | 3 | name: Release [Manual] |
3 | 4 | on: workflow_dispatch |
4 | | - |
5 | 5 | permissions: |
6 | 6 | contents: write |
7 | | - id-token: write # REQUIRED for trusted publishing |
8 | | - |
| 7 | + id-token: write |
9 | 8 | jobs: |
10 | 9 | Release: |
11 | 10 | runs-on: ubuntu-latest |
12 | | - # Specify environment if you configured one in npm |
13 | | - # environment: production # Uncomment if you set an environment name in npm trusted publisher settings |
14 | | - |
15 | 11 | steps: |
16 | 12 | - uses: actions/checkout@v3 |
17 | 13 | with: |
18 | 14 | # fetch-depth is necessary to get all tags |
19 | 15 | # otherwise lerna can't detect the changes and will end up bumping the versions for all packages |
20 | 16 | fetch-depth: 0 |
21 | 17 | token: ${{ secrets.RELEASE_COMMIT_GH_PAT }} |
22 | | - |
23 | 18 | - name: Setup Node |
24 | | - uses: actions/setup-node@v4 # UPDATED to v4 |
| 19 | + uses: actions/setup-node@v4 |
25 | 20 | with: |
26 | 21 | node-version: '22' |
27 | | - registry-url: 'https://registry.npmjs.org' |
28 | | - always-auth: false # important for trusted publishing |
29 | | - |
| 22 | + registry-url: "https://registry.npmjs.org/" |
| 23 | + provenance: true # enables trusted publish via OIDC |
30 | 24 | - name: Configure CI Git User |
31 | 25 | run: | |
32 | 26 | git config --global user.name $CONFIG_USERNAME |
33 | 27 | git config --global user.email $CONFIG_EMAIL |
34 | | - git remote set-url origin https://$GITHUB_ACTOR:[email protected]/sourcefuse/loopback4-authorization |
| 28 | + git remote set-url origin https://$GITHUB_ACTOR:[email protected]/sourcefuse/arc-saas |
35 | 29 | env: |
36 | 30 | GITHUB_PAT: ${{ secrets.RELEASE_COMMIT_GH_PAT }} |
37 | 31 | CONFIG_USERNAME: ${{ vars.RELEASE_COMMIT_USERNAME }} |
38 | 32 | CONFIG_EMAIL: ${{ vars.RELEASE_COMMIT_EMAIL }} |
39 | 33 |
|
40 | | - - name: Install 📌 |
41 | | - run: npm install |
42 | | - |
43 | | - - name: Test 🔧 |
44 | | - run: npm run test |
45 | | - |
46 | | - # ✅ CHANGED THIS SECTION |
47 | | - - name: Semantic Publish to NPM 🚀 |
| 34 | + - name: Bootstrap |
| 35 | + run: npm ci |
| 36 | + # this step is added only since this version of nx dependency is not being installed on linux systems |
| 37 | + # can be removed once this issue is fixed or we update to later versions |
| 38 | + - name: nx dependency |
| 39 | + |
| 40 | + - name: Test |
| 41 | + run: npm run test --workspaces --if-present |
| 42 | + - name: Lint |
| 43 | + run: npm run lint --workspaces --if-present |
| 44 | + - name: Stash Changes |
| 45 | + run: git stash |
| 46 | + - name: Bump Versions |
| 47 | + # "HUSKY=0" disables pre-commit-msg check (Needed in order to allow lerna perform the release commit) |
| 48 | + # run: HUSKY=0 npx lerna version --yes --ci --conventional-commits |
| 49 | + # Bumping major version for release will remove once released |
| 50 | + run: HUSKY=0 npx lerna version --yes --ci --conventional-commits |
| 51 | + # 🟢 This replaces 'lerna publish from-package --yes --provenance' |
| 52 | + # and replicates its logic safely while keeping provenance and trusted publishing. |
| 53 | + - name: Publish all changed packages |
48 | 54 | run: | |
49 | | - npm config set provenance true |
50 | | -
|
51 | | - HUSKY=0 npx semantic-release |
52 | | - env: |
53 | | - GH_TOKEN: ${{ secrets.RELEASE_COMMIT_GH_PAT }} |
54 | | - # REMOVED: NPM_TOKEN is not needed with trusted publishing |
55 | | - # The id-token: write permission above handles authentication |
56 | | - |
57 | | - - name: Changelog 📝 |
58 | | - run: cd src/release_notes && HUSKY=0 node release-notes.js |
| 55 | + echo "🚀 Publishing packages from-package with provenance..." |
| 56 | + npx lerna publish from-package --yes --registry https://registry.npmjs.org/ |
0 commit comments