-
-
Notifications
You must be signed in to change notification settings - Fork 957
feat(releases): require approval for package releases #2753
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,102 @@ | ||
| name: 🦋 Changeset PR | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - "packages/**" | ||
| - ".changeset/**" | ||
| - "package.json" | ||
| - "pnpm-lock.yaml" | ||
|
|
||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref }} | ||
| cancel-in-progress: true | ||
|
|
||
| jobs: | ||
| release-pr: | ||
| name: Create Release PR | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: write | ||
| pull-requests: write | ||
| if: github.repository == 'triggerdotdev/trigger.dev' | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Setup pnpm | ||
| uses: pnpm/action-setup@v4 | ||
|
|
||
| - name: Setup node | ||
| uses: buildjet/setup-node@v4 | ||
| with: | ||
| node-version: 20.19.0 | ||
| cache: "pnpm" | ||
|
|
||
| - name: Install dependencies | ||
| run: pnpm install --frozen-lockfile | ||
|
|
||
| - name: Create release PR | ||
| id: changesets | ||
| uses: changesets/action@v1 | ||
| with: | ||
| version: pnpm run changeset:version | ||
| commit: "chore: release" | ||
| title: "chore: release" | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Update PR title with version | ||
| if: steps.changesets.outputs.published != 'true' | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: | | ||
| PR_NUMBER=$(gh pr list --head changeset-release/main --json number --jq '.[0].number') | ||
| if [ -n "$PR_NUMBER" ]; then | ||
| git fetch origin changeset-release/main | ||
| # we arbitrarily reference the version of the cli package here; it is the same for all package releases | ||
| VERSION=$(git show origin/changeset-release/main:packages/cli-v3/package.json | jq -r '.version') | ||
| gh pr edit "$PR_NUMBER" --title "chore: release v$VERSION" | ||
| fi | ||
|
|
||
| update-lockfile: | ||
| name: Update lockfile on release PR | ||
| runs-on: ubuntu-latest | ||
| needs: release-pr | ||
| permissions: | ||
| contents: write | ||
| steps: | ||
| - name: Checkout release branch | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| ref: changeset-release/main | ||
|
|
||
| - name: Setup pnpm | ||
| uses: pnpm/action-setup@v4 | ||
| with: | ||
| version: 10.23.0 | ||
|
|
||
| - name: Setup node | ||
| uses: buildjet/setup-node@v4 | ||
| with: | ||
| node-version: 20.19.0 | ||
|
|
||
| - name: Install and update lockfile | ||
| run: pnpm install --no-frozen-lockfile | ||
|
|
||
| - name: Commit and push lockfile | ||
| run: | | ||
| set -e | ||
| if git diff --quiet pnpm-lock.yaml; then | ||
| echo "No lockfile changes" | ||
| else | ||
| git config user.name "github-actions[bot]" | ||
| git config user.email "github-actions[bot]@users.noreply.github.com" | ||
| git add pnpm-lock.yaml | ||
| git commit -m "chore: update lockfile for release" | ||
| git push origin changeset-release/main | ||
| fi | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,14 +1,10 @@ | ||
| name: 🦋 Changesets Release | ||
| name: 🚀 Release npm packages | ||
|
|
||
| on: | ||
| push: | ||
| pull_request: | ||
| types: [closed] | ||
| branches: | ||
| - main | ||
| paths-ignore: | ||
| - "docs/**" | ||
| - "**.md" | ||
| - ".github/CODEOWNERS" | ||
| - ".github/ISSUE_TEMPLATE/**" | ||
| workflow_dispatch: | ||
| inputs: | ||
| ref: | ||
|
|
@@ -19,22 +15,26 @@ on: | |
| description: "The npm dist-tag for the prerelease (e.g., 'v4-prerelease')" | ||
| required: true | ||
| type: string | ||
| default: "v4-prerelease" | ||
| default: "prerelease" | ||
|
|
||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref }} | ||
| cancel-in-progress: true | ||
| group: ${{ github.workflow }} | ||
| cancel-in-progress: false | ||
|
|
||
| jobs: | ||
| release: | ||
| name: 🦋 Changesets Release | ||
| runs-on: ubuntu-latest | ||
| environment: npm-publish | ||
| permissions: | ||
| contents: write | ||
| contents: read | ||
| packages: write | ||
| pull-requests: write | ||
| id-token: write | ||
| if: github.repository == 'triggerdotdev/trigger.dev' && github.event_name != 'workflow_dispatch' | ||
| if: | | ||
| github.repository == 'triggerdotdev/trigger.dev' && | ||
| github.event_name != 'workflow_dispatch' && | ||
| github.event.pull_request.merged == true && | ||
| startsWith(github.event.pull_request.head.ref, 'changeset-release/') | ||
| outputs: | ||
| published: ${{ steps.changesets.outputs.published }} | ||
| published_packages: ${{ steps.changesets.outputs.publishedPackages }} | ||
|
|
@@ -56,10 +56,10 @@ jobs: | |
| node-version: 20.19.0 | ||
| cache: "pnpm" | ||
|
|
||
| - name: Download deps | ||
| - name: Install dependencies | ||
| run: pnpm install --frozen-lockfile | ||
|
|
||
| - name: Generate Prisma Client | ||
| - name: Generate Prisma client | ||
| run: pnpm run generate | ||
|
|
||
| - name: Build | ||
|
|
@@ -68,99 +68,35 @@ jobs: | |
| - name: Type check | ||
| run: pnpm run typecheck --filter "@trigger.dev/*" --filter "trigger.dev" | ||
|
|
||
| # This action has two responsibilities. The first time the workflow runs | ||
| # (initial push to the `main` branch) it will create a new branch and | ||
| # then open a PR with the related changes for the new version. After the | ||
| # PR is merged, the workflow will run again and this action will build + | ||
| # publish to npm. | ||
| - name: Publish | ||
| if: ${{ !env.ACT }} | ||
| id: changesets | ||
| uses: changesets/action@v1 | ||
| with: | ||
| version: pnpm run changeset:version | ||
| commit: "chore: release packages" | ||
| title: "chore: release packages" | ||
| publish: pnpm run changeset:release | ||
| createGithubReleases: true | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Get package version | ||
| - name: Show package version | ||
| if: steps.changesets.outputs.published == 'true' | ||
| id: get_version | ||
| run: | | ||
| package_version=$(echo '${{ steps.changesets.outputs.publishedPackages }}' | jq -r '.[0].version') | ||
| echo "package_version=${package_version}" >> "$GITHUB_OUTPUT" | ||
|
|
||
| # this triggers the publish workflow for the docker images | ||
| - name: Create and push docker tag | ||
| - name: Create and push Docker tag | ||
| if: steps.changesets.outputs.published == 'true' | ||
| run: | | ||
| set -e | ||
| git tag "v.docker.${{ steps.get_version.outputs.package_version }}" | ||
| git push origin "v.docker.${{ steps.get_version.outputs.package_version }}" | ||
|
|
||
| - name: Update PR title with version | ||
| if: steps.changesets.outputs.published != 'true' | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: | | ||
| PR_NUMBER=$(gh pr list --head changeset-release/main --json number --jq '.[0].number') | ||
| if [ -n "$PR_NUMBER" ]; then | ||
| git fetch origin changeset-release/main | ||
| # we arbitrarily reference the version of the cli package here; it is the same for all package releases | ||
| VERSION=$(git show origin/changeset-release/main:packages/cli-v3/package.json | jq -r '.version') | ||
| gh pr edit "$PR_NUMBER" --title "chore: release v$VERSION" | ||
| fi | ||
|
|
||
| update-lockfile: | ||
| name: Update lockfile on release PR | ||
| runs-on: ubuntu-latest | ||
| needs: release | ||
| if: needs.release.outputs.published != 'true' | ||
| permissions: | ||
| contents: write | ||
| steps: | ||
| - name: Checkout release branch | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| ref: changeset-release/main | ||
|
|
||
| - name: Setup pnpm | ||
| uses: pnpm/action-setup@v4 | ||
| with: | ||
| version: 10.23.0 | ||
|
|
||
| - name: Setup node | ||
| uses: buildjet/setup-node@v4 | ||
| with: | ||
| node-version: 20.19.0 | ||
|
|
||
| # npm v11.5.1 or newer is required for OIDC support | ||
| # https://github.blog/changelog/2025-07-31-npm-trusted-publishing-with-oidc-is-generally-available/#whats-new | ||
| - name: Setup npm 11.x for OIDC | ||
| run: npm install -g [email protected] | ||
|
|
||
| - name: Install and update lockfile | ||
| run: pnpm install --no-frozen-lockfile | ||
|
|
||
| - name: Commit and push lockfile | ||
| run: | | ||
| set -e | ||
| if git diff --quiet pnpm-lock.yaml; then | ||
| echo "No lockfile changes" | ||
| else | ||
| git config user.name "github-actions[bot]" | ||
| git config user.email "github-actions[bot]@users.noreply.github.com" | ||
| git add pnpm-lock.yaml | ||
| git commit -m "chore: update lockfile for release" | ||
| git push origin changeset-release/main | ||
| fi | ||
|
|
||
| # The prerelease job needs to be on the same workflow file due to a limitation related to how npm verifies OIDC claims. | ||
| prerelease: | ||
| name: 🚀 Prerelease | ||
| name: 🧪 Prerelease | ||
| runs-on: ubuntu-latest | ||
| environment: npm-publish | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.