8000 Update release workflows for trusted publishing (#1126) · withastro/compiler@6be1c52 · GitHub
[go: up one dir, main page]
Skip to content
Release

feat: Astro v6 #768

Sign in to view logs

feat: Astro v6

feat: Astro v6 #768

Workflow file for this run

.github/workflows/release.yml at 6be1c52
name: Release
permissions: {}
on:
# We trigger the release job when a commit is pushed to these branches
push:
branches: [main, next]
# We trigger the snapshot-release job for comments on PRs
issue_comment:
types: [created]
jobs:
release:
timeout-minutes: 3
if: github.repository_owner == 'withastro' && github.event_name == 'push'
name: Changelog
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
id-token: write
steps:
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
with:
persist-credentials: false
- name: Set up Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version: 1.22
- name: Set up PNPM
uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
- name: Set up Node.js
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: 24.11.1
cache: pnpm
- name: Build WASM
run: make wasm
- name: Install NPM Dependencies
run: pnpm install
- name: Build JS
run: pnpm run build:compiler
- name: Create Release Pull Request or Publish to npm
uses: changesets/action@e0145edc7d9d8679003495b11f87bd8ef63c0cba # v1.5.3
with:
publish: pnpm run release
commit: "[ci] release"
title: "[ci] release"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: "" # See https://github.com/changesets/changesets/issues/1152#issuecomment-3190884868
snapshot-release:
timeout-minutes: 3
name: Create a snapshot release of a pull request
if: github.repository_owner == 'withastro' && github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '!preview')
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
id-token: write
defaults:
run:
shell: bash
steps:
- name: Check if user has admin access (only admins can publish snapshot releases).
id: checkAccess
uses: actions-cool/check-user-permission@7b90a27f92f3961b368376107661682c441f6103 # v2.3.0
with:
require: admin
username: ${{ github.triggering_actor }}
# if the user does not have the required permission, we should return exit code 1 to stop the workflow
- name: Check user permission
if: steps.checkAccess.outputs.require-result == 'false'
run: |
echo "${{ github.triggering_actor }} does not have permissions on this repo."
echo "Current permission level is ${{ steps.checkAccess.outputs.user-permission }}"
echo "Job originally triggered by ${{ github.actor }}"
exit 1
- name: Extract the snapshot name from comment body
id: getSnapshotName
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const splitComment = context.payload.comment.body.split(' ');
splitComment.length !== 2 && (github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: 'Invalid comment format. Expected: "!preview <one-word-snapshot-name>"',
}) || core.setFailed('Invalid comment format. Expected: "!preview <one-word-snapshot-name>"'));
return splitComment[1].trim();
result-encoding: string
- name: resolve pr refs
id: refs
uses: eficode/resolve-pr-refs@f7e14e739786aae2053e162c678cd4c3c2edaa83 # v0.0.4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
with:
persist-credentials: false
ref: ${{ steps.refs.outputs.head_ref }}
- name: Set up Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
with:
go-version: 1.22
- name: Setup PNPM
uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
- name: Setup Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: 24.11.1
cache: pnpm
- name: Install dependencies
run: pnpm install
- name: Build Packages
run: pnpm run build:all
- name: Bump Package Versions
run: |
pnpm exec changeset version --snapshot ${{ steps.getSnapshotName.outputs.result }} > changesets.output.txt 2>&1
echo ::set-output name=result::`cat changesets.output.txt`
env:
# Needs access to run the script
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Publish Release
id: publish
run: |
pnpm run release --tag next--${{ steps.getSnapshotName.outputs.result }} > publish.output.txt 2>&1
echo ::set-output name=result::`cat publish.output.txt`
env:
NPM_TOKEN: "" # See https://github.com/changesets/changesets/issues/1152#issuecomment-3190884868
- name: Pull Request Notification
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
env:
MESSAGE: ${{ steps.publish.outputs.result }}
with:
script: |
console.log(process.env.MESSAGE);
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: '```\n' + process.env.MESSAGE + '\n```',
})
0