openknowledge/.github/workflows/release.yml at main · openknowledge-sh/openknowledge · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
name: Release

on:
  workflow_dispatch:
    inputs:
      version:
        description: "Version to release, for example 0.1.0 or v0.1.0"
        required: true
        type: string

permissions:
  contents: read

jobs:
  goreleaser:
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Resolve release tag
        id: release
        shell: bash
        run: |
          raw="${{ inputs.version }}"
          version="${raw#v}"
          tag="v${version}"

          if [[ ! "$tag" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[0-9A-Za-z.-]+)?$ ]]; then
            echo "Release version must look like 0.1.0, v0.1.0, or v0.1.0-rc.1" >&2
            exit 1
          fi

          echo "version=$version" >> "$GITHUB_OUTPUT"
          echo "tag=$tag" >> "$GITHUB_OUTPUT"

      - name: Prepare release tag
        shell: bash
        run: |
          tag="${{ steps.release.outputs.tag }}"
          git fetch --force origin "refs/tags/$tag:refs/tags/$tag" || true

          if git rev-parse --verify --quiet "$tag" >/dev/null; then
            tag_commit="$(git rev-list -n 1 "$tag")"
            head_commit="$(git rev-parse HEAD)"

            if [ "$tag_commit" != "$head_commit" ]; then
              echo "Tag $tag already exists but points at $tag_commit, not current commit $head_commit" >&2
              exit 1
            fi

            echo "Reusing existing tag $tag on current commit"
            git checkout --detach "$tag"
            exit 0
          fi

          git config user.name "github-actions[bot]"
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git tag -a "$tag" -m "Release $tag"
          git push origin "refs/tags/$tag"
          git checkout --detach "$tag"

      - name: Setup Go
        uses: actions/setup-go@v5
        with:
          go-version-file: packages/cli/go.mod

      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v6
        with:
          distribution: goreleaser
          version: latest
          args: release --clean
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  # TODO: Re-enable after GitHub Release artifacts are stable and npm publishing
  # is ready to ship.
  #
  # npm:
  #   needs: goreleaser
  #   runs-on: ubuntu-latest
  #   permissions:
  #     contents: read
  #     id-token: write
  #   steps:
  #     - name: Checkout
  #       uses: actions/checkout@v4
  #
  #     - name: Setup Node
  #       uses: actions/setup-node@v4
  #       with:
  #         node-version: 22
  #         registry-url: https://registry.npmjs.org
  #
  #     - name: Verify npm package version
  #       run: |
  #         node -e 'const pkg = require("./packages/npm/package.json"); const expected = process.env.GITHUB_REF_NAME.replace(/^v/, ""); if (pkg.version !== expected) { console.error(`packages/npm version ${pkg.version} does not match tag ${process.env.GITHUB_REF_NAME}`); process.exit(1); }'
  #
  #     - name: Require npm token
  #       run: |
  #         if [ -z "$NODE_AUTH_TOKEN" ]; then
  #           echo "NPM_TOKEN secret is required to publish @openknowledge-sh/openknowledge" >&2
  #           exit 1
  #         fi
  #       env:
  #         NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
  #
  #     - name: Publish npm package
  #       run: npm publish --provenance --access public
  #       working-directory: packages/npm
  #       env:
  #         NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}