chore: Automate releases #5386
chore: Automate releases #5386
Conversation
Signed-off-by: Matteo Collina <hello@matteocollina.com>
|
PTAL |
|
You can see it in action at https://github.com/mcollina/test-publish/actions/runs/8579478592 |
|
Unfortunately this is not compatible with protected branches. Ideas would be welcomed at this point... I'm not entirely sure how to work around this.
|
|
Yep. This has been the big blocker the whole time. |
|
Not sure if it's doable but we could maybe do:
Edit: this might be confusing |
|
I implemented releases actually differently: https://github.com/cthulhu-oidc/workflows/blob/master/.github/workflows/release.yml It uses the github release feature to commit the release and set the tags correctly. It also contained the npm publish once cthulhu-oidc/workflows@5bdf367 So yeah, maybe instead triggering the release manually via a workflow dispatch, using the release feature is sexier? |
How does it work? The release feature require you to point to a commit, which must be added to main. |
.github/workflows/release.yml
Outdated
| env: | ||
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
|
|
||
| releasenotes: |
There was a problem hiding this comment.
| releasenotes: | |
| release-notes: |
I think we do allow force push |
|
If you protect the branches using the new ruleset feature rather than the old branch protection feature, then you can grant certain apps / roles a bypass: https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-branch-or-tag-ruleset
|
|
@voxpelli how that has anything to do with secrets access? |
@mcollina It doesn't, it was in regards to protected branches and not being able to push to them:
|
Signed-off-by: Matteo Collina <hello@matteocollina.com>
|
I've pushed a fix done in Undici.
|
|
I remembered the new protections feature a bit ago but kept forgetting to revisit this thread. Thanks @voxpelli. |
| git config --global user.email "github-actions@github.com" | ||
| git config --global user.name "github-actions" |
There was a problem hiding this comment.
See the pull request by @voxpelli actions/checkout#1184
| git config --global user.email "github-actions@github.com" | |
| git config --global user.name "github-actions" | |
| git config --global user.name "github-actions[bot]" | |
| git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" |
| repo | ||
| }) | ||
|
|
||
| const previousRelease = releases.find((r) => r.tag_name.startsWith('v6')) |
There was a problem hiding this comment.
v6?
Maybe:
releases.map(r => r.tag_name).sort().at(-1)
| run: npm publish --provenance --access public | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
| - run: node scripts/generate-undici-types-package-json.js |
| env: | ||
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
| - run: node scripts/generate-undici-types-package-json.js | ||
| - run: npm publish --provenance |
There was a problem hiding this comment.
Why do we run npm publish twice?
I would add a name to this step for clarity
|
I would go back to this work after we ship v5, right now it's probably a lot of bespoke work. |
Automate releases for Fastify main package.
If the approach works, we can automate all modules using this GitHub script and org-wide release token.
Checklist
and the Code of conduct