New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add release action #123
Conversation
perfect. please also link the issue so that it's closed when we merge this PR |
ee91e13
to
da5d546
Compare
@simoneb I've linked the issue in the commit description |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we can't use this action yet, more details to follow
I'm blocking this PR because I just recalled that there's something that the release automation action doesn't do for us and we need to decide how to handle it, or this won't do what we expect. This action has a build npm script. This script needs to be executed in order to generate the dist folder which is what is actually being executed when the action runs. The release automation action does npm install (this thing has a problem in itself because it runs on whatever Node.js version the action runs on, NOT what we would like it to run on, but that's another issue), but it runs no other scripts. Without running the build script, the published released will not contain the changes it would need to contain. I see 2 options here:
|
Opened an issue about this in nearform-actions/optic-release-automation-action#27 |
Just to share that, by default, the GitHub nodejs action template provides you this workflow to check the https://github.com/Eomm/why-don-t-you-tweet/blob/main/.github/workflows/check-dist.yml This is a reminder to build the source code actually. |
Great, thanks for the feedback! Given the above, I think it would make sense to go with:
Just a question aside, why we compile everything via |
The action needs to be self contained, so either we commit node_modules or we bundle it. This second approach is also what's recommended in https://docs.github.com/en/actions/creating-actions/creating-a-javascript-action#commit-tag-and-push-your-action-to-github. In fact, we should probably be doing the same for the release action! I'll create an issue. |
Oh thanks for the link!
👍 |
There's one more thing that we have to do before we go ahead with this PR. We first need to release a new version capable of automerging semver-like. So we should keep doing manual releases until #124 is released. |
@nuragic no but thanks for bringing it up because the dependency was not explicit. We also depend on nearform-actions/optic-release-automation-action#27 |
@nuragic @Eomm is there a chance that in fact we're already good here? See https://github.com/fastify/github-action-merge-dependabot/blob/main/.husky/pre-commit |
I don't think we have done here: the local hooks can be skipped and a malicious user may manipulate the When we will release this PR nearform-actions/optic-release-automation-action#30 we are ready to go here. |
Co-authored-by: Manuel Spigolon <behemoth89@gmail.com>
Co-authored-by: Manuel Spigolon <behemoth89@gmail.com>
Co-authored-by: Manuel Spigolon <behemoth89@gmail.com>
Close #112.