v1.62.1 #141
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release to npm | |
| on: | |
| release: | |
| types: [published] | |
| jobs: | |
| publish: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: '22' | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Set version from release tag | |
| run: | | |
| VERSION="${GITHUB_REF_NAME#v}" | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| - name: Verify Quality checks passed for release commit | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| SHA=$(git rev-parse HEAD) | |
| echo "Verifying Quality checks status for $SHA" | |
| # Wait for the push-triggered `quality` check-run on this exact | |
| # commit to appear and finish. If it concludes anything other than | |
| # success, refuse to publish. This prevents the situation where a | |
| # red CI ships to npm because the release workflow runs on | |
| # `release: published` and is otherwise decoupled from push-time CI. | |
| # | |
| # Polling (rather than a single snapshot) is required because | |
| # `release: published` often fires before the push-triggered | |
| # Quality workflow has even registered its check-run — the tag and | |
| # the push typically land within the same second. | |
| DEADLINE=$(( $(date +%s) + 1800 )) # 30 min | |
| STATUS="" | |
| CONCLUSION="" | |
| while [ "$(date +%s)" -lt "$DEADLINE" ]; do | |
| read -r STATUS CONCLUSION <<<"$(gh api "repos/${{ github.repository }}/commits/$SHA/check-runs" \ | |
| --jq '[.check_runs[] | select(.name == "quality")] | sort_by(.started_at) | last | "\(.status // "missing") \(.conclusion // "null")"')" | |
| echo "quality check-run: status=$STATUS conclusion=$CONCLUSION" | |
| if [ "$STATUS" = "completed" ]; then | |
| break | |
| fi | |
| sleep 15 | |
| done | |
| if [ "$STATUS" != "completed" ]; then | |
| echo "::error::Quality checks for $SHA never completed within 30min (last status: $STATUS). Investigate the Quality checks workflow run." | |
| exit 1 | |
| fi | |
| if [ "$CONCLUSION" != "success" ]; then | |
| echo "::error::Quality checks for $SHA did not succeed (conclusion: $CONCLUSION). Fix the red Quality run before re-releasing." | |
| exit 1 | |
| fi | |
| echo "Quality checks succeeded for $SHA" | |
| - name: Verify committed package versions match release tag | |
| run: node scripts/release/check-source.mjs "$VERSION" | |
| - name: Normalize publish-time dependencies | |
| run: node scripts/release/normalize-publish-deps.mjs "$VERSION" | |
| - name: Install dependencies | |
| run: bun install | |
| - name: Build publishable packages | |
| run: bun run build | |
| - name: Verify publish package contents | |
| run: bun run release:verify-pack | |
| - name: Publish packages | |
| run: node scripts/release/publish-packages.mjs | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |