ci: migrate releases to semantic-release

.github/workflows/check-semantic-pull-request.yml

@@ -0,0 +1,23 @@
+name: Semantic Pull Request
+
+on:
+  pull_request_target:
+    types:
+      - edited
+      - opened
+      - reopened
+      - synchronize
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  validate-title:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Validate pull request title
+        uses: amannn/action-semantic-pull-request@01d5fd8a8ebb9aafe902c40c53f0f4744f7381eb
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/publish.yml

@@ -1,28 +1,50 @@
 name: Release @doist/react-interpolate package
 
 on:
-  release:
-    types: [created]
-  workflow_dispatch:
+  push:
+    branches:
+      - main
 
 permissions:
-  # Enable the use of OIDC for trusted publishing and npm provenance
+  contents: write
+  issues: write
+  pull-requests: write
   id-token: write
-  # Enable the use of GitHub Packages registry
   packages: write
 
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: false
+
 jobs:
   publish:
     runs-on: ubuntu-latest
     timeout-minutes: 60
     steps:
+      - name: Generate release bot token
+        id: release-bot
+        if: ${{ secrets.DOIST_RELEASE_BOT_ID != '' && secrets.DOIST_RELEASE_BOT_PRIVATE_KEY != '' }}
+        uses: actions/create-github-app-token@v3
+        with:
+          app-id: ${{ secrets.DOIST_RELEASE_BOT_ID }}
+          private-key: ${{ secrets.DOIST_RELEASE_BOT_PRIVATE_KEY }}
+          permission-contents: write
+          permission-issues: write
+          permission-pull-requests: write
+
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ steps.release-bot.outputs.token || github.token }}
 
       - name: Setup Node.js from .node-version
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
+          cache: npm
           node-version-file: .node-version
+          registry-url: https://registry.npmjs.org/
+          scope: "@doist"
 
       - name: Ensure npm 11.5.1 or later is installed
         run: npm install -g npm@latest
@@ -35,26 +57,39 @@ jobs:
         env:
           CI: true
 
+      - name: Test the codebase
+        run: npm run test
+        env:
+          CI: true
+
       - name: Build the codebase
         run: npm run build
 
-      - name: Publish to GitHub Package Registry
-        uses: actions/setup-node@v3
-        with:
-          node-version-file: .node-version
-          registry-url: https://npm.pkg.github.com/
-          scope: "@doist"
-      - run: npm publish
+      - name: Publish package to npm registry
+        id: semantic-release
+        run: npx semantic-release
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.release-bot.outputs.token || github.token }}
+          GIT_AUTHOR_EMAIL: doistbot@users.noreply.github.com
+          GIT_AUTHOR_NAME: Doist Bot
+          GIT_COMMITTER_EMAIL: doistbot@users.noreply.github.com
+          GIT_COMMITTER_NAME: Doist Bot
 
-      - name: Clear npm config between GitHub/npm registries
-        run: rm -f $NPM_CONFIG_USERCONFIG
+      - name: Clear npm config between registries
+        if: ${{ steps.semantic-release.outputs.package-published == 'true' }}
+        run: rm -f "$NPM_CONFIG_USERCONFIG"
 
-      - name: Publish to npm registry
-        uses: actions/setup-node@v3
+      - name: Setup GitHub Packages registry
+        if: ${{ steps.semantic-release.outputs.package-published == 'true' }}
+        uses: actions/setup-node@v4
         with:
+          cache: npm
           node-version-file: .node-version
-          registry-url: https://registry.npmjs.org/
+          registry-url: https://npm.pkg.github.com/
           scope: "@doist"
-      - run: npm publish --provenance --access public
+
+      - name: Publish package to GitHub Packages
+        if: ${{ steps.semantic-release.outputs.package-published == 'true' }}
+        run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ github.token }}

README.md

@@ -215,14 +215,15 @@ import { SYNTAX_I18NEXT } from "react-interpolate"
 
 # Releasing
 
-A new version of @doist/react-interpolate is published both on npm and GitHub Package Registry whenever a new release on GitHub is created.
+Merges to `main` automatically trigger `semantic-release`.
 
-To update the version in both `package.json` and `package-lock.json` run:
+The release workflow will:
 
-```sh
-npm --no-git-tag-version version <major|minor|patch>
-```
+- determine the next version from Conventional Commits
+- update `package.json`, `package-lock.json`, and `CHANGELOG.md`
+- create the Git tag and GitHub release
+- publish `@doist/react-interpolate` to both npm and GitHub Packages
 
-Once these changes have been pushed and merged, create a release on GitHub.
+This means there is no manual version bump and no manual GitHub release creation step anymore.
 
-A GitHub Action will automatically perform all the necessary steps and will release the version number that's specified inside the `package.json`'s `version` field so make sure that the release tag reflects the version you want to publish.
+Because the repository uses squash-merge style commit messages, pull request titles must follow the [Conventional Commits specification](https://www.conventionalcommits.org/). CI validates this automatically.