diff --git a/.changeset/README.md b/.changeset/README.md index 926a62b..fceb2e7 100644 --- a/.changeset/README.md +++ b/.changeset/README.md @@ -3,6 +3,5 @@ Every user-facing CLI change must include a changeset created with `pnpm changeset`. Choose the SemVer bump that matches the change and commit the generated Markdown file. -After that change reaches `main`, GitHub creates or updates the **Version Packages** -pull request. Merging that generated pull request updates the package version and -changelog; the release workflow then publishes the new version to npm through OIDC. +After that change reaches `main`, GitHub updates the package version and changelog, +commits them to `main`, and publishes the new version to npm through OIDC. diff --git a/.github/workflows/version-packages.yml b/.github/workflows/version-packages.yml index 843752c..f56934b 100644 --- a/.github/workflows/version-packages.yml +++ b/.github/workflows/version-packages.yml @@ -1,4 +1,4 @@ -name: Version Packages +name: Version and Publish Packages on: push: @@ -9,23 +9,48 @@ concurrency: cancel-in-progress: false jobs: - version: + release: runs-on: ubuntu-latest permissions: contents: write - pull-requests: write + id-token: write steps: - uses: actions/checkout@v4 + with: + fetch-depth: 0 - uses: pnpm/action-setup@v4 - uses: actions/setup-node@v4 with: node-version: 22 cache: pnpm + registry-url: "https://registry.npmjs.org" - run: pnpm install --frozen-lockfile - - uses: changesets/action@v1 - with: - version: pnpm changeset version - commit: "chore: version packages" - title: "chore: version packages" - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - id: changesets + run: | + pnpm changeset status --output=changeset-status.json + if node -e "process.exit(require('./changeset-status.json').releases.length ? 0 : 1)"; then + echo "pending=true" >> "$GITHUB_OUTPUT" + else + echo "pending=false" >> "$GITHUB_OUTPUT" + fi + - if: steps.changesets.outputs.pending == 'true' + run: pnpm changeset version + - if: steps.changesets.outputs.pending == 'true' + run: pnpm generate + - if: steps.changesets.outputs.pending == 'true' + run: pnpm test + - if: steps.changesets.outputs.pending == 'true' + run: pnpm build + - if: steps.changesets.outputs.pending == 'true' + run: | + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + git add .changeset CHANGELOG.md package.json + git commit -m "chore: version packages" + git push origin HEAD:main + # npm Trusted Publishing exchanges this GitHub OIDC identity for a + # short-lived publish credential; no long-lived NPM_TOKEN is stored. + - if: steps.changesets.outputs.pending == 'true' + run: npm install --global npm@latest + - if: steps.changesets.outputs.pending == 'true' + run: npm publish --provenance --access public diff --git a/README.md b/README.md index 84dcc4c..a244e82 100644 --- a/README.md +++ b/README.md @@ -164,9 +164,9 @@ pnpm lint # biome ### Releases Use `pnpm changeset` for every user-facing CLI change and commit the generated -file in `.changeset/`. Once the change is merged to `main`, GitHub opens or -updates a version PR. Merging that version PR publishes the new package version -to npm automatically with provenance; no npm token or manual tag is required. +file in `.changeset/`. Once the change is merged to `main`, GitHub publishes the +new package version to npm automatically with provenance. The version and +changelog update are committed to `main`; no npm token or manual tag is required. ### Keeping the client in sync with the backend