Publish releases #45
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish releases | |
| # Consolidates canary and stable releases into single workflow | |
| # Trusted workflow for publishing to npm | |
| on: | |
| push: | |
| branches: [master] | |
| workflow_dispatch: | |
| inputs: | |
| version_specifier: | |
| description: 'Semver bump (patch|minor|major|pre*) or exact version (v1.2.3)' | |
| required: true | |
| type: string | |
| env: | |
| NODE_VERSION: '20' | |
| jobs: | |
| # release-stable: # stable releases can only be manually triggered | |
| # if: ${{ github.event_name == 'workflow_dispatch' }} | |
| # runs-on: ubuntu-latest | |
| # permissions: | |
| # contents: read | |
| # id-token: write | |
| # steps: | |
| # - name: Generate token | |
| # id: app-token | |
| # uses: actions/create-github-app-token@v2 | |
| # with: | |
| # app-id: ${{ secrets.APP_ID }} | |
| # private-key: ${{ secrets.PRIVATE_KEY }} | |
| # - name: Check if actor is member of admin or client-libs team | |
| # id: team-check | |
| # uses: actions/github-script@v7 | |
| # with: | |
| # github-token: ${{ steps.app-token.outputs.token }} | |
| # script: | | |
| # const org = 'supabase' | |
| # const { actor } = context | |
| # async function isTeamMember(team_slug) { | |
| # try { | |
| # const res = await github.rest.teams.getMembershipForUserInOrg({ | |
| # org, | |
| # team_slug, | |
| # username: actor, | |
| # }) | |
| # return res && res.status === 200 | |
| # } catch (_) { | |
| # return false | |
| # } | |
| # } | |
| # const isAdmin = await isTeamMember('admin') | |
| # const isClientLibs = await isTeamMember('client-libs') | |
| # const isMember = isAdmin || isClientLibs | |
| # core.setOutput('is_team_member', isMember ? 'true' : 'false') | |
| # - name: Fail if not authorized | |
| # if: ${{ steps.team-check.outputs.is_team_member != 'true' }} | |
| # run: | | |
| # echo "You must be a member of @supabase/admin or @supabase/client-libs." | |
| # exit 1 | |
| # - uses: actions/checkout@v5 | |
| # with: | |
| # fetch-depth: 0 | |
| # - uses: actions/setup-node@v4 | |
| # with: | |
| # node-version: ${{ env.NODE_VERSION }} | |
| # cache: 'npm' | |
| # registry-url: 'https://registry.npmjs.org' | |
| # # Ensure npm 11.5.1 or later is installed for trusted publishing support | |
| # - name: Update npm | |
| # run: npm install -g npm@latest | |
| # - name: Install dependencies | |
| # run: npm ci --legacy-peer-deps | |
| # - name: Configure git | |
| # run: | | |
| # git config --global user.name "supabase-releaser[bot]" | |
| # git config --global user.email "supabase-releaser[bot]@users.noreply.github.com" | |
| # - name: Validate input | |
| # run: | | |
| # VS="${{ github.event.inputs.version_specifier }}" | |
| # echo "Validating: $VS" | |
| # if [[ "$VS" =~ ^(patch|minor|major|prepatch|preminor|premajor|prerelease)$ ]]; then | |
| # echo "✔ bump keyword" | |
| # elif [[ "$VS" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+([.-][0-9A-Za-z.-]+)?$ ]]; then | |
| # echo "✔ explicit version" | |
| # else | |
| # echo "❌ Invalid version_specifier: '$VS'" | |
| # echo " Use: patch|minor|major|pre*, or v1.2.3" | |
| # exit 1 | |
| # fi | |
| # - name: Release & create PR | |
| # env: | |
| # NPM_CONFIG_PROVENANCE: true | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # RELEASE_GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} | |
| # GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
| # run: | | |
| # npm run release-stable -- --versionSpecifier "${{ github.event.inputs.version_specifier }}" | |
| # - name: Summary | |
| # if: ${{ success() }} | |
| # run: | | |
| # echo "## ✅ Stable Release" >> $GITHUB_STEP_SUMMARY | |
| # echo "- **Version specifier:** \`${{ github.event.inputs.version_specifier }}\`" >> $GITHUB_STEP_SUMMARY | |
| # echo "- **Source commit:** HEAD of the checked-out branch" >> $GITHUB_STEP_SUMMARY | |
| # echo "- **Dist-tag:** \`latest\`" >> $GITHUB_STEP_SUMMARY | |
| # docs-after-stable-release: | |
| # name: Generate Documentation | |
| # needs: release-stable | |
| # if: ${{ github.event_name == 'workflow_dispatch' && needs.release-stable.result == 'success' }} | |
| # uses: ./.github/workflows/docs.yml | |
| # permissions: | |
| # actions: read | |
| # contents: write | |
| trigger-update-js-libs: | |
| name: Trigger Update JS Libs | |
| runs-on: ubuntu-latest | |
| # needs: release-stable | |
| # if: ${{ github.event_name == 'workflow_dispatch' && needs.release-stable.result == 'success' }} | |
| steps: | |
| - name: Generate token | |
| id: app-token | |
| uses: actions/create-github-app-token@v2 | |
| with: | |
| app-id: ${{ secrets.APP_ID }} | |
| private-key: ${{ secrets.PRIVATE_KEY }} | |
| owner: supabase | |
| repositories: supabase, supabase-js | |
| - name: Trigger supabase/supabase update-js-libs workflow | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{ steps.app-token.outputs.token }} | |
| script: | | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: 'supabase', | |
| repo: 'supabase', | |
| workflow_id: 'update-js-libs.yml', | |
| ref: 'master', | |
| inputs: { | |
| version: '${{ github.event.inputs.version_specifier }}', | |
| source: 'supabase-js-stable-release' | |
| } | |
| }); | |
| trigger-supabase-docs-update: | |
| name: Trigger Supabase Docs Update | |
| runs-on: ubuntu-latest | |
| # needs: [release-stable, docs-after-stable-release] | |
| # if: ${{ github.event_name == 'workflow_dispatch' && needs.release-stable.result == 'success' && needs.docs-after-stable-release.result == 'success' }} | |
| steps: | |
| - name: Generate token | |
| id: app-token | |
| uses: actions/create-github-app-token@v2 | |
| with: | |
| app-id: ${{ secrets.APP_ID }} | |
| private-key: ${{ secrets.PRIVATE_KEY }} | |
| owner: supabase | |
| repositories: supabase, supabase-js | |
| - name: Trigger supabase/supabase docs workflow | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{ steps.app-token.outputs.token }} | |
| script: | | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: 'supabase', | |
| repo: 'supabase', | |
| workflow_id: 'docs-js-libs-update.yml', | |
| ref: 'master', | |
| inputs: { | |
| version: '${{ github.event.inputs.version_specifier }}', | |
| source: 'supabase-js-stable-release' | |
| } | |
| }); | |
| # preview jobs | |
| # ci-core: | |
| # if: ${{ github.event_name == 'push' }} | |
| # name: Core Packages CI | |
| # uses: ./.github/workflows/ci-core.yml | |
| # permissions: | |
| # actions: read | |
| # contents: read | |
| # ci-supabase-js: | |
| # if: ${{ github.event_name == 'push' }} | |
| # name: Supabase-JS Integration CI | |
| # uses: ./.github/workflows/ci-supabase-js.yml | |
| # permissions: | |
| # actions: read | |
| # contents: read | |
| # ci-auth-js-node18: | |
| # if: ${{ github.event_name == 'push' }} | |
| # name: Auth-JS Node.js 18 Compatibility | |
| # uses: ./.github/workflows/ci-auth-js-node18.yml | |
| # permissions: | |
| # actions: read | |
| # contents: read | |
| # ========================================== | |
| # CANARY RELEASE (only on master, after all CI passes) | |
| # ========================================== | |
| # release-canary: | |
| # name: Release Canary | |
| # runs-on: ubuntu-latest | |
| # needs: [ci-core, ci-supabase-js, ci-auth-js-node18] | |
| # permissions: | |
| # contents: read | |
| # id-token: write | |
| # # Only run on master branch pushes, and only if all CI jobs succeeded | |
| # if: | | |
| # github.ref == 'refs/heads/master' && | |
| # github.event_name == 'push' && | |
| # needs.ci-core.result == 'success' && | |
| # needs.ci-supabase-js.result == 'success' && | |
| # needs.ci-auth-js-node18.result == 'success' | |
| # steps: | |
| # - name: Generate token | |
| # id: app-token | |
| # uses: actions/create-github-app-token@v2 | |
| # with: | |
| # app-id: ${{ secrets.APP_ID }} | |
| # private-key: ${{ secrets.PRIVATE_KEY }} | |
| # - name: Checkout code | |
| # uses: actions/checkout@v5 | |
| # with: | |
| # fetch-depth: 0 | |
| # - name: Setup Node.js | |
| # uses: actions/setup-node@v4 | |
| # with: | |
| # node-version: ${{ env.NODE_VERSION }} | |
| # cache: 'npm' | |
| # registry-url: 'https://registry.npmjs.org' | |
| # # Ensure npm 11.5.1 or later is installed for trusted publishing support | |
| # - name: Update npm | |
| # run: npm install -g npm@latest | |
| # - name: Install dependencies | |
| # run: npm ci --legacy-peer-deps | |
| # - name: Configure git | |
| # run: | | |
| # git config --global user.name "supabase-releaser[bot]" | |
| # git config --global user.email "supabase-releaser[bot]@users.noreply.github.com" | |
| # - name: Release canary version | |
| # id: release | |
| # run: | | |
| # echo "Running nx release..." | |
| # npm run release-canary | |
| # env: | |
| # NPM_CONFIG_PROVENANCE: true | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # RELEASE_GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} | |
| # notify-stable-failure: | |
| # name: Notify Slack for Stable failure | |
| # # needs: release-stable | |
| # # if: ${{ always() && github.event_name == 'workflow_dispatch' && needs.release-stable.result == 'failure' }} | |
| # uses: ./.github/workflows/slack-notify.yml | |
| # secrets: inherit | |
| # with: | |
| # subject: 'Stable Release' | |
| # notify-canary-failure: | |
| # name: Notify Slack for Canary failure | |
| # needs: release-canary | |
| # if: ${{ always() && github.event_name == 'push' && needs.release-canary.result == 'failure' }} | |
| # uses: ./.github/workflows/slack-notify.yml | |
| # secrets: inherit | |
| # with: | |
| # subject: 'Canary Release' |