diff --git a/.github/workflows/release-beta.yml b/.github/workflows/release-beta.yml index 794f0d802..fca87826e 100644 --- a/.github/workflows/release-beta.yml +++ b/.github/workflows/release-beta.yml @@ -1,9 +1,6 @@ name: Release (Beta) on: - pull_request_review: - types: - - submitted push: branches: - develop @@ -13,66 +10,8 @@ permissions: contents: read jobs: - approved: - name: fast-forward - if: | - github.event.pull_request.head.ref == 'develop' && - github.event.pull_request.base.ref == 'main' && - github.event.review.state == 'approved' - runs-on: ubuntu-latest - permissions: - contents: write - packages: write - outputs: - release_tag: ${{ steps.latest-release.outputs.tagName }} - steps: - - uses: actions/checkout@v6 - with: - fetch-depth: 0 - - run: | - git checkout main - git merge --ff-only "${{ github.event.pull_request.head.sha }}" - git push origin main - - id: latest-release - run: | - latest=$(gh release list --limit 1 --json tagName --jq '.[].tagName') - gh release edit $latest --latest --prerelease=false - echo "tagName=$latest" >> $GITHUB_OUTPUT - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - tag: - name: Move latest tag - needs: - - approved - runs-on: ubuntu-latest - permissions: - contents: read - # Required for npm OIDC - id-token: write - steps: - - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 - with: - node-version: latest - registry-url: https://registry.npmjs.org - - run: npm dist-tag add "supabase@${RELEASE_TAG#v}" latest - env: - RELEASE_TAG: ${{ needs.approved.outputs.release_tag }} - - deploy: - needs: - - approved - - tag - # Call workflow explicitly because events from actions cannot trigger more actions - uses: ./.github/workflows/release.yml - with: - release: ${{ needs.approved.outputs.release_tag }} - secrets: inherit - release: name: semantic-release - if: ${{ github.event_name != 'pull_request_review' }} runs-on: ubuntu-latest permissions: contents: write diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6ad527336..80c496f64 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,24 +1,45 @@ name: Release on: - workflow_call: - inputs: - release: - required: true - type: string - workflow_dispatch: - inputs: - release: - description: "v1.0.0" - required: true - type: string + pull_request_review: + types: + - submitted permissions: contents: read jobs: + fast-forward: + if: | + github.event.pull_request.head.ref == 'develop' && + github.event.pull_request.base.ref == 'main' && + github.event.review.state == 'approved' + runs-on: ubuntu-latest + permissions: + contents: write + packages: write + outputs: + release_tag: ${{ steps.latest-release.outputs.tagName }} + steps: + - uses: actions/checkout@v6 + with: + fetch-depth: 0 + - run: | + git checkout main + git merge --ff-only "${{ github.event.pull_request.head.sha }}" + git push origin main + - id: latest-release + run: | + latest=$(gh release list --limit 1 --json tagName --jq '.[].tagName') + gh release edit $latest --latest --prerelease=false + echo "tagName=$latest" >> $GITHUB_OUTPUT + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + commit: name: Publish Brew and Scoop + needs: + - fast-forward runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 @@ -35,12 +56,26 @@ jobs: repositories: | homebrew-tap scoop-bucket - - run: go run tools/publish/main.go ${{ inputs.release }} + - run: go run tools/publish/main.go ${{ needs.fast-forward.outputs.release_tag }} env: GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} + publish: + name: Publish NPM + needs: + - fast-forward + permissions: + contents: read + id-token: write + uses: ./.github/workflows/tag-npm.yml + with: + release: ${{ needs.fast-forward.outputs.release_tag }} + secrets: inherit + compose: name: Bump self-hosted versions + needs: + - fast-forward runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 @@ -63,7 +98,9 @@ jobs: changelog: name: Publish changelog needs: + - fast-forward - commit + - publish runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 @@ -86,6 +123,8 @@ jobs: docs: name: Publish reference docs + needs: + - fast-forward runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 @@ -101,6 +140,6 @@ jobs: owner: ${{ github.repository_owner }} repositories: | supabase - - run: go run docs/main.go ${{ inputs.release }} | go run tools/bumpdoc/main.go apps/docs/spec/cli_v1_commands.yaml + - run: go run docs/main.go ${{ needs.fast-forward.outputs.release_tag }} | go run tools/bumpdoc/main.go apps/docs/spec/cli_v1_commands.yaml env: GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/tag-npm.yml b/.github/workflows/tag-npm.yml new file mode 100644 index 000000000..934d42370 --- /dev/null +++ b/.github/workflows/tag-npm.yml @@ -0,0 +1,35 @@ +name: Tag NPM + +on: + workflow_call: + inputs: + release: + required: true + type: string + workflow_dispatch: + inputs: + release: + description: "v1.0.0" + required: true + type: string + +permissions: + contents: read + id-token: write + +jobs: + tag: + name: Move latest tag + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + + - uses: actions/setup-node@v6 + with: + node-version: latest + registry-url: https://registry.npmjs.org + + - run: npm dist-tag add "supabase@${RELEASE_TAG#v}" latest + env: + RELEASE_TAG: ${{ inputs.release }} + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}