New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: Automate releases #5386
base: main
Are you sure you want to change the base?
chore: Automate releases #5386
Conversation
Signed-off-by: Matteo Collina <hello@matteocollina.com>
PTAL |
You can see it in action at https://github.com/mcollina/test-publish/actions/runs/8579478592 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
Unfortunately this is not compatible with protected branches. Ideas would be welcomed at this point... I'm not entirely sure how to work around this.
|
Yep. This has been the big blocker the whole time. |
Not sure if it's doable but we could maybe do:
Edit: this might be confusing |
I implemented releases actually differently: https://github.com/cthulhu-oidc/workflows/blob/master/.github/workflows/release.yml It uses the github release feature to commit the release and set the tags correctly. It also contained the npm publish once cthulhu-oidc/workflows@5bdf367 So yeah, maybe instead triggering the release manually via a workflow dispatch, using the release feature is sexier? |
How does it work? The release feature require you to point to a commit, which must be added to main. |
.github/workflows/release.yml
Outdated
env: | ||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
|
||
releasenotes: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
releasenotes: | |
release-notes: |
I think we do allow force push |
If you protect the branches using the new ruleset feature rather than the old branch protection feature, then you can grant certain apps / roles a bypass: https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#granting-bypass-permissions-for-your-branch-or-tag-ruleset |
@voxpelli how that has anything to do with secrets access? |
@mcollina It doesn't, it was in regards to protected branches and not being able to push to them:
|
Signed-off-by: Matteo Collina <hello@matteocollina.com>
I've pushed a fix done in Undici.
|
I remembered the new protections feature a bit ago but kept forgetting to revisit this thread. Thanks @voxpelli. |
git config --global user.email "github-actions@github.com" | ||
git config --global user.name "github-actions" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See the pull request by @voxpelli actions/checkout#1184
git config --global user.email "github-actions@github.com" | |
git config --global user.name "github-actions" | |
git config --global user.name "github-actions[bot]" | |
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" |
repo | ||
}) | ||
|
||
const previousRelease = releases.find((r) => r.tag_name.startsWith('v6')) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
v6?
Maybe:
releases.map(r => r.tag_name).sort().at(-1)
run: npm publish --provenance --access public | ||
env: | ||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
- run: node scripts/generate-undici-types-package-json.js |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this script does not exist here
env: | ||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
- run: node scripts/generate-undici-types-package-json.js | ||
- run: npm publish --provenance |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we run npm publish
twice?
I would add a name
to this step for clarity
I would go back to this work after we ship v5, right now it's probably a lot of bespoke work. |
Agreed. |
Automate releases for Fastify main package.
If the approach works, we can automate all modules using this GitHub script and org-wide release token.
Checklist
and the Code of conduct