From 727f29b6c2862280c68591b2774a8d3dc9798d3e Mon Sep 17 00:00:00 2001 From: Paul Sachs Date: Wed, 2 Jul 2025 16:59:25 -0400 Subject: [PATCH 1/9] A release workflow github action Signed-off-by: Paul Sachs --- .github/workflows/prepare-release.yml | 86 +++++++++++++++++++ .github/workflows/publish-release.yml | 119 ++++++++++++++++++++++++++ 2 files changed, 205 insertions(+) create mode 100644 .github/workflows/prepare-release.yml create mode 100644 .github/workflows/publish-release.yml diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml new file mode 100644 index 00000000..fd52e999 --- /dev/null +++ b/.github/workflows/prepare-release.yml @@ -0,0 +1,86 @@ +name: Prepare Release + +on: + workflow_dispatch: + inputs: + version: + description: 'Version to release (e.g. 1.2.3)' + required: true + type: string + base_branch: + description: 'Base branch for release' + required: false + default: 'main' + type: string + +jobs: + prepare-release: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ inputs.base_branch }} + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + cache: 'npm' + + - name: Validate semver version + run: | + if ! echo "${{ inputs.version }}" | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[a-zA-Z0-9]+)*)?(\+[a-zA-Z0-9]+(\.[a-zA-Z0-9]+)*)?$'; then + echo "Error: '${{ inputs.version }}' is not a valid semver version" + echo "Expected format: MAJOR.MINOR.PATCH (e.g., 1.2.3) or with pre-release/build metadata (e.g., 1.2.3-alpha.1+build.1)" + exit 1 + fi + echo "✓ Version '${{ inputs.version }}' is valid semver" + + - name: Install dependencies + run: npm install + + - name: Create draft release + run: gh release create v${{ inputs.version }} --draft --generate-notes + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Create release branch + run: | + git config --global user.name 'github-actions[bot]' + git config --global user.email 'github-actions[bot]@users.noreply.github.com' + git checkout -b "release/prep-release-${{ inputs.version }}" + + - name: Set version and run build + run: | + npm run setversion ${{ inputs.version }} + + - name: Commit version changes + run: | + git add . + git commit -s -m "Release ${{ inputs.version }}" + git push --set-upstream origin "release/prep-release-${{ inputs.version }}" + + - name: Get release notes + id: release_notes + run: | + RELEASE_NOTES=$(gh release view v${{ inputs.version }} --json body | jq -r ".body") + echo "notes<> $GITHUB_OUTPUT + echo "$RELEASE_NOTES" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Create pull request + run: | + gh pr create \ + --title "Release ${{ inputs.version }}" \ + --body "${{ steps.release_notes.outputs.notes }}" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml new file mode 100644 index 00000000..0ec2fea0 --- /dev/null +++ b/.github/workflows/publish-release.yml @@ -0,0 +1,119 @@ +name: Publish Release + +on: + pull_request: + types: [closed] + branches: + - main + +jobs: + publish-release: + runs-on: ubuntu-latest + # Only run if PR was merged and branch name starts with release/prep-release- + if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.head.ref, 'release/prep-release-') + permissions: + contents: write + pull-requests: write + issues: write + + steps: + - name: Extract version from branch name + id: extract_version + run: | + BRANCH_NAME="${{ github.event.pull_request.head.ref }}" + VERSION=$(echo "$BRANCH_NAME" | sed 's/release\/prep-release-//') + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Checkout release branch + uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.ref }} + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + cache: 'npm' + registry-url: 'https://registry.npmjs.org' + + - name: Install dependencies + run: npm install + + - name: Get updated release notes from PR + id: pr_notes + run: | + RELEASE_NOTES=$(gh pr view ${{ github.event.pull_request.number }} --json body | jq -r ".body") + echo "notes<> $GITHUB_OUTPUT + echo "$RELEASE_NOTES" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Publish to npm + run: npm run release + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + + - name: Publish GitHub release + run: | + gh release edit v${{ steps.extract_version.outputs.version }} \ + --notes "${{ steps.pr_notes.outputs.notes }}" \ + --draft=false + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Get release info for issue comments + id: release_info + run: | + # Get last two releases + RELEASES=$(gh api repos/${{ github.repository }}/releases --jq ".[0:2].[].name") + LATEST_RELEASE=$(echo "${RELEASES}" | head -1) + PREV_RELEASE=$(echo "${RELEASES}" | tail -1) + + echo "latest=$LATEST_RELEASE" >> $GITHUB_OUTPUT + echo "previous=$PREV_RELEASE" >> $GITHUB_OUTPUT + + RELEASE_URL=$(gh release view v${{ steps.extract_version.outputs.version }} --json url | jq -r ".url") + echo "release_url=$RELEASE_URL" >> $GITHUB_OUTPUT + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Comment on fixed issues + run: | + # Get PRs included in this release + START=$(gh release view ${{ steps.release_info.outputs.previous }} --json publishedAt | jq -r ".publishedAt") + END=$(gh release view ${{ steps.release_info.outputs.latest }} --json publishedAt | jq -r ".publishedAt") + PRS=$(gh pr list --search="merged:$START..$END" --json="number" | jq -r ".[].number") + + # For each PR, get the issues it fixes and comment on them + echo "$PRS" | while IFS= read -r pr; do + if [[ -z "$pr" ]]; then + continue + fi + + ISSUES=$(gh api graphql -F owner='${{ github.repository_owner }}' -F repo='${{ github.event.repository.name }}' -F pr=$pr -f query=' + query ($owner: String!, $repo: String!, $pr: Int!) { + repository(owner: $owner, name: $repo) { + pullRequest(number: $pr) { + closingIssuesReferences(first: 100) { + nodes { + number + } + } + } + } + }' | jq -r '.data.repository.pullRequest.closingIssuesReferences.nodes[].number') + + echo "$ISSUES" | while IFS= read -r issue; do + issue=$(echo $issue | tr -d '\n') + if [[ -z "$issue" ]]; then + continue + fi + echo "Adding comment to issue $issue" + gh issue comment $issue -b "Released in [${{ steps.extract_version.outputs.version }}](${{ steps.release_info.outputs.release_url }}) 🚀" + done + done + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From ee2c908b717d8ba2e14f45408382a930e34e1721 Mon Sep 17 00:00:00 2001 From: Paul Sachs Date: Wed, 2 Jul 2025 17:01:38 -0400 Subject: [PATCH 2/9] Format Signed-off-by: Paul Sachs --- .github/workflows/prepare-release.yml | 14 +++++++------- .github/workflows/publish-release.yml | 16 ++++++++-------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index fd52e999..9047e6a5 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -4,13 +4,13 @@ on: workflow_dispatch: inputs: version: - description: 'Version to release (e.g. 1.2.3)' + description: "Version to release (e.g. 1.2.3)" required: true type: string base_branch: - description: 'Base branch for release' + description: "Base branch for release" required: false - default: 'main' + default: "main" type: string jobs: @@ -19,7 +19,7 @@ jobs: permissions: contents: write pull-requests: write - + steps: - name: Checkout repository uses: actions/checkout@v4 @@ -31,8 +31,8 @@ jobs: - name: Setup Node.js uses: actions/setup-node@v4 with: - node-version-file: '.nvmrc' - cache: 'npm' + node-version-file: ".nvmrc" + cache: "npm" - name: Validate semver version run: | @@ -83,4 +83,4 @@ jobs: --title "Release ${{ inputs.version }}" \ --body "${{ steps.release_notes.outputs.notes }}" env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 0ec2fea0..f90b45f6 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -15,7 +15,7 @@ jobs: contents: write pull-requests: write issues: write - + steps: - name: Extract version from branch name id: extract_version @@ -34,9 +34,9 @@ jobs: - name: Setup Node.js uses: actions/setup-node@v4 with: - node-version-file: '.nvmrc' - cache: 'npm' - registry-url: 'https://registry.npmjs.org' + node-version-file: ".nvmrc" + cache: "npm" + registry-url: "https://registry.npmjs.org" - name: Install dependencies run: npm install @@ -71,10 +71,10 @@ jobs: RELEASES=$(gh api repos/${{ github.repository }}/releases --jq ".[0:2].[].name") LATEST_RELEASE=$(echo "${RELEASES}" | head -1) PREV_RELEASE=$(echo "${RELEASES}" | tail -1) - + echo "latest=$LATEST_RELEASE" >> $GITHUB_OUTPUT echo "previous=$PREV_RELEASE" >> $GITHUB_OUTPUT - + RELEASE_URL=$(gh release view v${{ steps.extract_version.outputs.version }} --json url | jq -r ".url") echo "release_url=$RELEASE_URL" >> $GITHUB_OUTPUT env: @@ -86,7 +86,7 @@ jobs: START=$(gh release view ${{ steps.release_info.outputs.previous }} --json publishedAt | jq -r ".publishedAt") END=$(gh release view ${{ steps.release_info.outputs.latest }} --json publishedAt | jq -r ".publishedAt") PRS=$(gh pr list --search="merged:$START..$END" --json="number" | jq -r ".[].number") - + # For each PR, get the issues it fixes and comment on them echo "$PRS" | while IFS= read -r pr; do if [[ -z "$pr" ]]; then @@ -116,4 +116,4 @@ jobs: done done env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} From bc3644d6d2bafa566046b158c9647fd4d41534cf Mon Sep 17 00:00:00 2001 From: Paul Sachs Date: Wed, 2 Jul 2025 17:22:32 -0400 Subject: [PATCH 3/9] Add some cleanup and fix potential edge cases Signed-off-by: Paul Sachs --- .github/workflows/publish-release.yml | 38 +++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index f90b45f6..86a5ddff 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -24,10 +24,10 @@ jobs: VERSION=$(echo "$BRANCH_NAME" | sed 's/release\/prep-release-//') echo "version=$VERSION" >> $GITHUB_OUTPUT - - name: Checkout release branch + - name: Checkout main branch uses: actions/checkout@v4 with: - ref: ${{ github.event.pull_request.head.ref }} + ref: main fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} @@ -117,3 +117,37 @@ jobs: done env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + cleanup-canceled-release: + runs-on: ubuntu-latest + # Only run if PR was closed without merge and branch name starts with release/prep-release- + if: github.event.pull_request.merged == false && startsWith(github.event.pull_request.head.ref, 'release/prep-release-') + permissions: + contents: write + pull-requests: write + + steps: + - name: Extract version from branch name + id: extract_version + run: | + BRANCH_NAME="${{ github.event.pull_request.head.ref }}" + VERSION=$(echo "$BRANCH_NAME" | sed 's/release\/prep-release-//') + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Delete draft release + run: | + if gh release view v${{ steps.extract_version.outputs.version }} --json isDraft | jq -r ".isDraft" | grep -q "true"; then + echo "Deleting draft release v${{ steps.extract_version.outputs.version }}" + gh release delete v${{ steps.extract_version.outputs.version }} --yes + else + echo "Release v${{ steps.extract_version.outputs.version }} is not a draft, skipping deletion" + fi + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Delete release branch + continue-on-error: true + run: | + echo "Deleting release branch ${{ github.event.pull_request.head.ref }}" + git push origin --delete ${{ github.event.pull_request.head.ref }} + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 560086810bcbf7dd8fcaaa5acb9b819d79407a36 Mon Sep 17 00:00:00 2001 From: Paul Sachs Date: Wed, 2 Jul 2025 17:35:35 -0400 Subject: [PATCH 4/9] Add support for alternative base ref Signed-off-by: Paul Sachs --- .github/workflows/prepare-release.yml | 5 +++-- .github/workflows/publish-release.yml | 6 ++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index 9047e6a5..075caf2d 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -8,7 +8,7 @@ on: required: true type: string base_branch: - description: "Base branch for release" + description: "Base branch for release (e.g. release/v1.x, hotfix/v1.2.x)" required: false default: "main" type: string @@ -81,6 +81,7 @@ jobs: run: | gh pr create \ --title "Release ${{ inputs.version }}" \ - --body "${{ steps.release_notes.outputs.notes }}" + --body "${{ steps.release_notes.outputs.notes }}" \ + --base "${{ inputs.base_branch }}" env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 86a5ddff..5c11a377 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -5,6 +5,8 @@ on: types: [closed] branches: - main + - 'release/**' + - 'hotfix/**' jobs: publish-release: @@ -24,10 +26,10 @@ jobs: VERSION=$(echo "$BRANCH_NAME" | sed 's/release\/prep-release-//') echo "version=$VERSION" >> $GITHUB_OUTPUT - - name: Checkout main branch + - name: Checkout base branch uses: actions/checkout@v4 with: - ref: main + ref: ${{ github.event.pull_request.base.ref }} fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} From da0dc69f4dd89d379cdc0ce76fbd2029478d4bcd Mon Sep 17 00:00:00 2001 From: Paul Sachs Date: Wed, 2 Jul 2025 17:50:05 -0400 Subject: [PATCH 5/9] Format again Signed-off-by: Paul Sachs --- .github/workflows/publish-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 5c11a377..49b8ab75 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -5,8 +5,8 @@ on: types: [closed] branches: - main - - 'release/**' - - 'hotfix/**' + - "release/**" + - "hotfix/**" jobs: publish-release: From e608382b66ac4c4a237ec02da41a28bc3f213d3f Mon Sep 17 00:00:00 2001 From: Paul Sachs Date: Tue, 15 Jul 2025 11:43:42 -0400 Subject: [PATCH 6/9] Review updates - Moved to npm ci - Split issue updates into a distinct action - Removed unnecessary registry option on publish setup Signed-off-by: Paul Sachs --- .github/workflows/prepare-release.yml | 11 +-- .github/workflows/publish-release.yml | 57 +-------------- .github/workflows/update-fixed-issues.yaml | 82 ++++++++++++++++++++++ 3 files changed, 84 insertions(+), 66 deletions(-) create mode 100644 .github/workflows/update-fixed-issues.yaml diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index 075caf2d..6bb2d753 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -34,17 +34,8 @@ jobs: node-version-file: ".nvmrc" cache: "npm" - - name: Validate semver version - run: | - if ! echo "${{ inputs.version }}" | grep -E '^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+(\.[a-zA-Z0-9]+)*)?(\+[a-zA-Z0-9]+(\.[a-zA-Z0-9]+)*)?$'; then - echo "Error: '${{ inputs.version }}' is not a valid semver version" - echo "Expected format: MAJOR.MINOR.PATCH (e.g., 1.2.3) or with pre-release/build metadata (e.g., 1.2.3-alpha.1+build.1)" - exit 1 - fi - echo "✓ Version '${{ inputs.version }}' is valid semver" - - name: Install dependencies - run: npm install + run: npm ci - name: Create draft release run: gh release create v${{ inputs.version }} --draft --generate-notes diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 49b8ab75..49981adf 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -38,10 +38,9 @@ jobs: with: node-version-file: ".nvmrc" cache: "npm" - registry-url: "https://registry.npmjs.org" - name: Install dependencies - run: npm install + run: npm ci - name: Get updated release notes from PR id: pr_notes @@ -65,60 +64,6 @@ jobs: --draft=false env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Get release info for issue comments - id: release_info - run: | - # Get last two releases - RELEASES=$(gh api repos/${{ github.repository }}/releases --jq ".[0:2].[].name") - LATEST_RELEASE=$(echo "${RELEASES}" | head -1) - PREV_RELEASE=$(echo "${RELEASES}" | tail -1) - - echo "latest=$LATEST_RELEASE" >> $GITHUB_OUTPUT - echo "previous=$PREV_RELEASE" >> $GITHUB_OUTPUT - - RELEASE_URL=$(gh release view v${{ steps.extract_version.outputs.version }} --json url | jq -r ".url") - echo "release_url=$RELEASE_URL" >> $GITHUB_OUTPUT - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Comment on fixed issues - run: | - # Get PRs included in this release - START=$(gh release view ${{ steps.release_info.outputs.previous }} --json publishedAt | jq -r ".publishedAt") - END=$(gh release view ${{ steps.release_info.outputs.latest }} --json publishedAt | jq -r ".publishedAt") - PRS=$(gh pr list --search="merged:$START..$END" --json="number" | jq -r ".[].number") - - # For each PR, get the issues it fixes and comment on them - echo "$PRS" | while IFS= read -r pr; do - if [[ -z "$pr" ]]; then - continue - fi - - ISSUES=$(gh api graphql -F owner='${{ github.repository_owner }}' -F repo='${{ github.event.repository.name }}' -F pr=$pr -f query=' - query ($owner: String!, $repo: String!, $pr: Int!) { - repository(owner: $owner, name: $repo) { - pullRequest(number: $pr) { - closingIssuesReferences(first: 100) { - nodes { - number - } - } - } - } - }' | jq -r '.data.repository.pullRequest.closingIssuesReferences.nodes[].number') - - echo "$ISSUES" | while IFS= read -r issue; do - issue=$(echo $issue | tr -d '\n') - if [[ -z "$issue" ]]; then - continue - fi - echo "Adding comment to issue $issue" - gh issue comment $issue -b "Released in [${{ steps.extract_version.outputs.version }}](${{ steps.release_info.outputs.release_url }}) 🚀" - done - done - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} cleanup-canceled-release: runs-on: ubuntu-latest # Only run if PR was closed without merge and branch name starts with release/prep-release- diff --git a/.github/workflows/update-fixed-issues.yaml b/.github/workflows/update-fixed-issues.yaml new file mode 100644 index 00000000..4b4ec026 --- /dev/null +++ b/.github/workflows/update-fixed-issues.yaml @@ -0,0 +1,82 @@ +name: Update Fixed Issues + +on: + release: + types: [published] + +jobs: + update-fixed-issues: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + issues: write + + steps: + - name: Extract version from release + id: extract_version + run: | + VERSION="${{ github.event.release.tag_name }}" + # Remove 'v' prefix if present + VERSION=$(echo "$VERSION" | sed 's/^v//') + echo "version=$VERSION" >> $GITHUB_OUTPUT + + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get release info for issue comments + id: release_info + run: | + # Get last two releases + RELEASES=$(gh api repos/${{ github.repository }}/releases --jq ".[0:2].[].name") + LATEST_RELEASE=$(echo "${RELEASES}" | head -1) + PREV_RELEASE=$(echo "${RELEASES}" | tail -1) + + echo "latest=$LATEST_RELEASE" >> $GITHUB_OUTPUT + echo "previous=$PREV_RELEASE" >> $GITHUB_OUTPUT + + RELEASE_URL=$(gh release view v${{ steps.extract_version.outputs.version }} --json url | jq -r ".url") + echo "release_url=$RELEASE_URL" >> $GITHUB_OUTPUT + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Comment on fixed issues + run: | + # Get PRs included in this release + START=$(gh release view ${{ steps.release_info.outputs.previous }} --json publishedAt | jq -r ".publishedAt") + END=$(gh release view ${{ steps.release_info.outputs.latest }} --json publishedAt | jq -r ".publishedAt") + PRS=$(gh pr list --search="merged:$START..$END" --json="number" | jq -r ".[].number") + + # For each PR, get the issues it fixes and comment on them + echo "$PRS" | while IFS= read -r pr; do + if [[ -z "$pr" ]]; then + continue + fi + + ISSUES=$(gh api graphql -F owner='${{ github.repository_owner }}' -F repo='${{ github.event.repository.name }}' -F pr=$pr -f query=' + query ($owner: String!, $repo: String!, $pr: Int!) { + repository(owner: $owner, name: $repo) { + pullRequest(number: $pr) { + closingIssuesReferences(first: 100) { + nodes { + number + } + } + } + } + }' | jq -r '.data.repository.pullRequest.closingIssuesReferences.nodes[].number') + + echo "$ISSUES" | while IFS= read -r issue; do + issue=$(echo $issue | tr -d '\n') + if [[ -z "$issue" ]]; then + continue + fi + echo "Adding comment to issue $issue" + gh issue comment $issue -b "Released in [${{ steps.extract_version.outputs.version }}](${{ steps.release_info.outputs.release_url }}) 🚀" + done + done + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 495369045bd4f59317baacbdfcf3997a2b1aa75d Mon Sep 17 00:00:00 2001 From: Paul Sachs Date: Tue, 15 Jul 2025 11:47:51 -0400 Subject: [PATCH 7/9] Naming files consistently Signed-off-by: Paul Sachs --- .github/workflows/{add-to-project.yaml => add-to-project.yml} | 0 .../{update-fixed-issues.yaml => update-fixed-issues.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{add-to-project.yaml => add-to-project.yml} (100%) rename .github/workflows/{update-fixed-issues.yaml => update-fixed-issues.yml} (100%) diff --git a/.github/workflows/add-to-project.yaml b/.github/workflows/add-to-project.yml similarity index 100% rename from .github/workflows/add-to-project.yaml rename to .github/workflows/add-to-project.yml diff --git a/.github/workflows/update-fixed-issues.yaml b/.github/workflows/update-fixed-issues.yml similarity index 100% rename from .github/workflows/update-fixed-issues.yaml rename to .github/workflows/update-fixed-issues.yml From 7ec7e0914f00f4d71d779102deabb3989d4e9e61 Mon Sep 17 00:00:00 2001 From: Paul Sachs Date: Wed, 17 Sep 2025 15:40:48 -0400 Subject: [PATCH 8/9] Use npm trusted publishing Signed-off-by: Paul Sachs --- .github/workflows/publish-release.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 49981adf..f2786832 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -8,6 +8,10 @@ on: - "release/**" - "hotfix/**" +permissions: + id-token: write # Required for OIDC + contents: read + jobs: publish-release: runs-on: ubuntu-latest @@ -54,8 +58,6 @@ jobs: - name: Publish to npm run: npm run release - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - name: Publish GitHub release run: | From fda61ca0845df5e1081c6e39cd69e3814f24ed55 Mon Sep 17 00:00:00 2001 From: Paul Sachs Date: Wed, 17 Sep 2025 15:43:11 -0400 Subject: [PATCH 9/9] Move permissions to single location Signed-off-by: Paul Sachs --- .github/workflows/publish-release.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index f2786832..8704dac7 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -8,16 +8,13 @@ on: - "release/**" - "hotfix/**" -permissions: - id-token: write # Required for OIDC - contents: read - jobs: publish-release: runs-on: ubuntu-latest # Only run if PR was merged and branch name starts with release/prep-release- if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.head.ref, 'release/prep-release-') permissions: + id-token: write # Required for OIDC contents: write pull-requests: write issues: write