fix(ci): npm install -g @changesets/cli, bun skips the .bin shim #9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| # Changesets-driven release flow: | |
| # 1. Contributors include `.changeset/*.md` files in their PRs describing | |
| # the version bump (patch | minor | major) and the change. | |
| # 2. When PRs land on main, this workflow runs and the changesets bot | |
| # either: | |
| # a. Opens (or updates) a single "Version Packages" PR that bumps | |
| # package.json versions, regenerates CHANGELOG.md, and deletes | |
| # the consumed changeset files. Reviewers approve + merge it | |
| # when ready to ship. | |
| # b. If no pending changesets exist (i.e. the Version PR was just | |
| # merged), runs `bun run release` which builds the package and | |
| # runs `changeset publish` — that calls `npm publish` for every | |
| # package version not yet on the registry, then tags + GitHub | |
| # releases each. | |
| # | |
| # No manual git tags, no manual package.json edits, no main-branch | |
| # bypasses. Releases go through the normal PR + status-check + approval | |
| # flow like any other change. | |
| # | |
| # `--provenance` is intentionally omitted from the publish: npm requires | |
| # a public source repository for provenance attestations and this repo | |
| # is `internal`-visibility. Re-add via .changeset/config.json once the | |
| # repo flips public. | |
| on: | |
| push: | |
| branches: [main] | |
| permissions: | |
| contents: write # opening/merging the version PR + tagging releases | |
| pull-requests: write # opening the version PR | |
| id-token: write # npm OIDC trusted publishing | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: "1.2.21" | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| registry-url: 'https://registry.npmjs.org' | |
| # OIDC trusted publishing requires npm >= 11.5.1; the version | |
| # bundled with Node 20 is older. | |
| - name: Ensure latest npm | |
| run: npm install -g npm@latest | |
| - name: Install dependencies | |
| run: bun install --frozen-lockfile | |
| # `bun install` skips the standard node_modules/.bin/changeset shim | |
| # that npm/pnpm/yarn create, so neither npx nor PATH-based lookups | |
| # find the binary. Installing @changesets/cli globally via npm gives | |
| # us a clean `changeset` on PATH for the action below. We keep using | |
| # bun for the workspace install so the project lockfile stays in use. | |
| - name: Install changesets CLI (global, for binary on PATH) | |
| run: npm install -g @changesets/cli | |
| - name: Build package | |
| run: bun run --filter '@onkernel/managed-auth-react' build | |
| # The package's `files: ["dist", "README.md", "LICENSE"]` references | |
| # a LICENSE that lives at the repo root, not in the package directory. | |
| - name: Copy LICENSE into package | |
| run: cp LICENSE packages/managed-auth-react/LICENSE | |
| - name: Create release PR or publish | |
| uses: changesets/action@v1 | |
| with: | |
| publish: changeset publish | |
| title: "chore: version packages" | |
| commit: "chore: version packages" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |