diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000000..a9e733a94d --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,90 @@ +# This workflow handles both release publishing and next tag publishing from main. +# When a release is published, it uses the release tag for versioning and publishes +# to the default npm tag. When code is pushed to main, it uses dunamai to generate +# a version from git history and publishes to the "next" npm tag. +# We need to handle both of these cases from a single workflow because we want to +# use NPM's OIDC Trusted Publisher support for publishing. That feature supports +# only a single workflow filename and, thus, a single workflow. + +name: Test & Publish + +on: + release: + types: [published] + push: + branches: + - main + +permissions: + id-token: write + contents: read + +concurrency: + group: test-build-${{ github.ref_name }}-${{ github.event_name }} + cancel-in-progress: true + +jobs: + publish: + runs-on: ubuntu-latest + + steps: + + # For push events, we need full git history (fetch-depth: 0) so dunamai can + # generate a version from git tags. For release events, we only need the + # current commit (fetch-depth: 1) since the version comes from the release tag. + - uses: actions/checkout@v4 + with: + persist-credentials: false + fetch-depth: ${{ github.event_name == 'push' && 0 || 1 }} + + - name: Install Node.js ๐Ÿ’ป + uses: actions/setup-node@v4 + with: + node-version: 20 + registry-url: https://registry.npmjs.org/ + + - name: Install locked dependencies ๐Ÿ”ง + run: npm ci + + - name: Test ๐Ÿงช + env: + TZ: America/New_York + run: npm test + + - name: Upgrade npm for OIDC support ๐Ÿ“ฆ + # Upgrade npm to support OIDC trusted publishing. Earlier steps run with the + # npm version bundled with current Node version to maintain consistency with + # the development environment. Only the Publish step requires the newer version. + # See https://docs.npmjs.com/trusted-publishers + # > Note: Trusted publishing requires npm CLI version 11.5.1 or later. + # TODO: This can be removed once we upgrade to Node 24 or greater. + run: npm install -g npm@^11.5.1 + + # For release events, version using the release tag and publish to default npm tag. + - name: Version (Release) โœ… + if: github.event_name == 'release' + run: npm version --no-git-tag-version ${{ github.event.release.tag_name }} + + - name: Publish (Release) ๐Ÿ“š + if: github.event_name == 'release' + run: npm publish --access public + + # For push events, version using dunamai and publish to "next" npm tag. + # dunamai requires Python. + - name: Set up Python ๐Ÿ + if: github.event_name == 'push' + uses: actions/setup-python@v5 + with: + python-version: "3.10" + + - name: Set up Dunamai ๐Ÿช„ + if: github.event_name == 'push' + run: pip install -r requirements-ci.txt + + - name: Version (Next) โœ… + if: github.event_name == 'push' + run: npm version --no-git-tag-version $(dunamai from git --style semver) + + - name: Publish (Next) ๐Ÿ“š + if: github.event_name == 'push' + run: npm publish --tag next --access public diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index bc28771276..0000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: Publish Release - -on: - # The build will be triggered when we publish a release - release: - types: [published] - -permissions: - id-token: write - contents: read - -jobs: - release: - runs-on: ubuntu-latest - - steps: - - - uses: actions/checkout@v4 - - - name: Install Node.js ๐Ÿ’ป - uses: actions/setup-node@v4 - with: - node-version: 20 - registry-url: https://registry.npmjs.org/ - - - name: Install locked dependencies ๐Ÿ”ง - run: npm ci - - - name: Version โœ… - run: npm version --no-git-tag-version ${{ github.event.release.tag_name }} - - - name: Test ๐Ÿงช - env: - TZ: America/New_York - run: npm test - - - name: Upgrade npm for OIDC support ๐Ÿ“ฆ - # Upgrade npm to support OIDC trusted publishing. Earlier steps run with the - # npm version bundled with current Node version to maintain consistency with - # the development environment. Only the Publish step requires the newer version. - # See https://docs.npmjs.com/trusted-publishers - # > Note: Trusted publishing requires npm CLI version 11.5.1 or later. - # TODO: This can be removed once we upgrade to Node 24 or greater. - run: npm install -g npm@^11.5.1 - - - name: Publish ๐Ÿ“š - run: npm publish --access public diff --git a/.github/workflows/test-and-tag.yml b/.github/workflows/test-and-tag.yml deleted file mode 100644 index c08294c396..0000000000 --- a/.github/workflows/test-and-tag.yml +++ /dev/null @@ -1,63 +0,0 @@ -name: Test & Publish Next - -on: - # The build will be triggered on push to main - push: - branches: - - main - -permissions: - id-token: write - contents: read - -concurrency: - group: test-build-${{ github.ref_name }}-${{ github.event_name }} - cancel-in-progress: true - -jobs: - test-and-tag: - runs-on: ubuntu-latest - - steps: - - - uses: actions/checkout@v4 - with: - persist-credentials: false - fetch-depth: 0 - - - name: Install Node.js ๐Ÿ’ป - uses: actions/setup-node@v4 - with: - node-version: 20 - registry-url: https://registry.npmjs.org/ - - - name: Set up Python ๐Ÿ - uses: actions/setup-python@v5 - with: - python-version: "3.10" - - - name: Set up Dunamai ๐Ÿช„ - run: pip install -r requirements-ci.txt - - - name: Install locked dependencies ๐Ÿ”ง - run: npm ci - - - name: Version โœ… - run: npm version --no-git-tag-version $(dunamai from git --style semver) - - - name: Test ๐Ÿงช - env: - TZ: America/New_York - run: npm test - - - name: Upgrade npm for OIDC support ๐Ÿ“ฆ - # Upgrade npm to support OIDC trusted publishing. Earlier steps run with the - # npm version bundled with current Node version to maintain consistency with - # the development environment. Only the Publish step requires the newer version. - # See https://docs.npmjs.com/trusted-publishers - # > Note: Trusted publishing requires npm CLI version 11.5.1 or later. - # TODO: This can be removed once we upgrade to Node 24 or greater. - run: npm install -g npm@^11.5.1 - - - name: Publish ๐Ÿ“š - run: npm publish --tag next --access public