diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 4da8739..6ec179d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -16,6 +16,8 @@ jobs: # Validation job - runs on both tag push and manual trigger validate: runs-on: ubuntu-latest + permissions: + contents: read outputs: version: ${{ steps.get_version.outputs.version }} is_tag: ${{ steps.check_trigger.outputs.is_tag }} @@ -24,7 +26,7 @@ jobs: - name: Checkout code uses: actions/checkout@v4 with: - fetch-depth: 0 # Fetch all history for proper git operations + fetch-depth: 0 - name: Check trigger type id: check_trigger @@ -46,11 +48,6 @@ jobs: - name: Install dependencies run: npm ci - # Linter temporarily disabled - code changes required to make linter pass - # TODO: Re-enable after fixing linting errors - # - name: Run linter - # run: npm run lint - - name: Build project run: npm run build @@ -105,17 +102,14 @@ jobs: - name: Verify package.json configuration run: | echo "Verifying package.json configuration..." - # Check main entry point MAIN=$(node -p "require('./package.json').main") if [ "$MAIN" != "dist/index.js" ]; then echo "⚠️ Warning: main entry point is '$MAIN', expected 'dist/index.js'" fi - # Check types entry point TYPES=$(node -p "require('./package.json').types") if [ "$TYPES" != "dist/types/index.d.ts" ]; then echo "⚠️ Warning: types entry point is '$TYPES', expected 'dist/types/index.d.ts'" fi - # Check files array FILES=$(node -p "JSON.stringify(require('./package.json').files || [])") echo "Package includes files: $FILES" echo "✅ Package configuration verified" @@ -126,19 +120,14 @@ jobs: if: needs.validate.outputs.is_tag == 'true' && startsWith(github.ref, 'refs/tags/') runs-on: ubuntu-latest permissions: - contents: write # Required to create releases and push to branches + contents: write steps: - - name: Harden Runner - uses: step-security/harden-runner@v2 - with: - egress-policy: audit - - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 - token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.PAT_TOKEN || secrets.GITHUB_TOKEN }} - name: Setup Node.js uses: actions/setup-node@v4 @@ -166,81 +155,55 @@ jobs: git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" - - name: Update release branch with built artifacts + - name: Add built artifacts to tag run: | TAG_NAME=${GITHUB_REF#refs/tags/} - echo "Updating release branch to tag: $TAG_NAME with built artifacts" - - # Fetch all branches and tags - git fetch --all --tags - - # Check if release branch exists on remote - if git ls-remote --heads origin release | grep -q release; then - echo "Release branch exists, checking it out..." - git checkout release - git pull origin release || true - else - echo "Creating new release branch..." - git checkout -b release - fi - - # Reset to the tagged commit - echo "Resetting release branch to $TAG_NAME..." - git reset --hard $TAG_NAME + echo "Adding built artifacts to tag: $TAG_NAME" # Add built artifacts (force add despite .gitignore) - echo "Adding built artifacts..." git add -f dist/ - # Commit if there are changes - if ! git diff --staged --quiet; then - git commit -m "chore: add built artifacts for release $TAG_NAME + # Commit the built artifacts + git commit -m "chore: add built artifacts for $TAG_NAME" \ + -m "Auto-generated by GitHub Actions workflow." \ + -m "Built from commit: ${{ github.sha }}" -Auto-generated by GitHub Actions workflow. -Built from commit: ${{ github.sha }}" - echo "✅ Built artifacts committed" - else - echo "No changes to commit" - fi + # Delete the old tag locally and remotely + git tag -d $TAG_NAME + git push origin :refs/tags/$TAG_NAME - # Force push the release branch - echo "Pushing release branch..." - git push origin release --force + # Create new tag with built artifacts + git tag $TAG_NAME - echo "✅ Release branch updated successfully" + # Push the updated tag + git push origin $TAG_NAME + + echo "✅ Tag $TAG_NAME updated with built artifacts" - - name: Update tag with built artifacts + - name: Update release branch with built artifacts run: | TAG_NAME=${GITHUB_REF#refs/tags/} - echo "Updating tag $TAG_NAME with built artifacts" - - # Checkout the tag - git checkout $TAG_NAME + echo "Updating release branch to point to: $TAG_NAME" - # Add built artifacts - git add -f dist/ - - # Commit if there are changes - if ! git diff --staged --quiet; then - git commit -m "chore: add built artifacts for $TAG_NAME + # Fetch all branches and tags + git fetch origin -Auto-generated by GitHub Actions workflow. -Built from commit: ${{ github.sha }}" + # Delete local release branch if it exists + git branch -D release 2>/dev/null || true - # Delete old tag locally and remotely - git tag -d $TAG_NAME - git push --delete origin $TAG_NAME + # Create new release branch from current commit (which has dist/) + echo "Creating release branch..." + git checkout -b release - # Create new tag at current commit - git tag -a $TAG_NAME -m "Release $TAG_NAME with built artifacts" + # Delete remote release branch if it exists + echo "Deleting old release branch on remote (if exists)..." + git push origin --delete release 2>/dev/null || echo "No existing release branch to delete" - # Push new tag - git push origin $TAG_NAME + # Push the new release branch + echo "Pushing release branch..." + git push origin release - echo "✅ Tag $TAG_NAME updated with built artifacts" - else - echo "No changes needed for tag" - fi + echo "✅ Release branch updated successfully" - name: Create GitHub Release uses: softprops/action-gh-release@v2 @@ -258,7 +221,7 @@ Built from commit: ${{ github.sha }}" ```json { "dependencies": { - "@smythos/server-common": "github:SmythOS/server-common#release" + "server-common": "github:${{ github.repository }}#release" } } ``` @@ -269,7 +232,7 @@ Built from commit: ${{ github.sha }}" ```json { "dependencies": { - "@smythos/server-common": "github:SmythOS/server-common#v${{ needs.validate.outputs.version }}" + "server-common": "github:${{ github.repository }}#v${{ needs.validate.outputs.version }}" } } ``` @@ -293,7 +256,6 @@ Built from commit: ${{ github.sha }}" ### 📋 What's included - ✅ Build validated and verified - - ✅ Linting passed - ✅ Pre-built JavaScript bundles - ✅ TypeScript type definitions - ✅ Source maps for debugging diff --git a/package.json b/package.json index 0c2d8de..25457fb 100644 --- a/package.json +++ b/package.json @@ -33,9 +33,9 @@ "build": "npm run clean && npm run build:rollup && npm run build:types", "build:link": "npm link @smythos/sdk", "build:local": "npm run build:link && npm run build && npm link", - "release:patch": "npm version patch && git push && git push --tags", - "release:minor": "npm version minor && git push && git push --tags", - "release:major": "npm version major && git push && git push --tags", + "release:patch": "npm version patch && git push origin main --follow-tags", + "release:minor": "npm version minor && git push origin main --follow-tags", + "release:major": "npm version major && git push origin main --follow-tags", "lint": "npm exec eslint \"src/**/*.ts\"", "lint:fix": "npm exec eslint \"src/**/*.ts\" --fix" },