-
Notifications
You must be signed in to change notification settings - Fork 2k
211 lines (188 loc) · 7.28 KB
/
release.yml
File metadata and controls
211 lines (188 loc) · 7.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
name: Release
on:
push:
branches:
- 17.x.x
permissions: {}
jobs:
check-publish:
name: Check for publish need and prepare artifacts
# Keep this guard on every job for defense-in-depth in case job dependencies are refactored.
if: ${{ !github.event.repository.fork && github.repository == 'graphql/graphql-js' && github.ref_name == '17.x.x' }}
runs-on: ubuntu-latest
outputs:
should_publish: ${{ steps.release_metadata.outputs.should_publish }}
tag: ${{ steps.release_metadata.outputs.tag }}
dist_tag: ${{ steps.release_metadata.outputs.dist_tag }}
prerelease: ${{ steps.release_metadata.outputs.prerelease }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
permissions:
contents: read # for actions/checkout
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
# Keep checkout fast: we should only need to scroll back a few
# commits for release notes. If the release commit is older than
# this depth, release:metadata will emit empty release notes.
fetch-depth: 10
persist-credentials: false
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: npm
node-version-file: '.node-version'
- name: Install Dependencies
run: npm ci --ignore-scripts
- name: Read release metadata
id: release_metadata
run: |
release_metadata_json="$(npm run --silent release:metadata)"
jq -r '
"version=\(.version)",
"tag=\(.tag)",
"dist_tag=\(.distTag)",
"prerelease=\(.prerelease)",
"package_spec=\(.packageSpec)",
"should_publish=\(.shouldPublish)"
' <<< "${release_metadata_json}" >> "${GITHUB_OUTPUT}"
jq -r '.releaseNotes' <<< "${release_metadata_json}" > ./release-notes.md
- name: Log publish decision
run: |
if [ "${{ steps.release_metadata.outputs.should_publish }}" = "true" ]; then
echo "${{ steps.release_metadata.outputs.package_spec }} is not published yet."
else
echo "${{ steps.release_metadata.outputs.package_spec }} is already published."
fi
- name: Build NPM package
if: steps.release_metadata.outputs.should_publish == 'true'
run: npm run build:npm
- name: Upload npmDist package
if: steps.release_metadata.outputs.should_publish == 'true'
uses: actions/upload-artifact@v4
with:
name: npmDist
path: ./npmDist
- name: Build Deno package
if: steps.release_metadata.outputs.should_publish == 'true'
run: npm run build:deno
- name: Upload denoDist package
if: steps.release_metadata.outputs.should_publish == 'true'
uses: actions/upload-artifact@v4
with:
name: denoDist
path: ./denoDist
- name: Upload release notes
if: steps.release_metadata.outputs.should_publish == 'true'
uses: actions/upload-artifact@v4
with:
name: release-notes
path: ./release-notes.md
publish-npm:
name: Publish npm package
needs: check-publish
# Keep this guard on every job for defense-in-depth in case job dependencies are refactored.
if: ${{ !github.event.repository.fork && github.repository == 'graphql/graphql-js' && github.ref_name == '17.x.x' && needs.check-publish.outputs.should_publish == 'true' }}
runs-on: ubuntu-latest
environment: release
permissions:
contents: read # for actions/checkout
id-token: write # for npm trusted publishing via OIDC
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version-file: '.node-version'
- name: Download npmDist package
uses: actions/download-artifact@v4
with:
name: npmDist
path: ./npmDist
- name: Publish to npm
working-directory: ./npmDist
run: |
if [ -n "${{ needs.check-publish.outputs.dist_tag }}" ]; then
npm publish --provenance --tag "${{ needs.check-publish.outputs.dist_tag }}"
else
npm publish --provenance
fi
publish-jsr:
name: Publish JSR package
needs: check-publish
# Keep this guard on every job for defense-in-depth in case job dependencies are refactored.
if: ${{ !github.event.repository.fork && github.repository == 'graphql/graphql-js' && github.ref_name == '17.x.x' && needs.check-publish.outputs.should_publish == 'true' }}
runs-on: ubuntu-latest
environment: release
permissions:
contents: read # for actions/download-artifact
id-token: write # for JSR trusted publishing via OIDC
steps:
- name: Download denoDist package
uses: actions/download-artifact@v4
with:
name: denoDist
path: ./denoDist
- name: Setup Deno
uses: denoland/setup-deno@v2
with:
deno-version: v2.x
- name: Publish to JSR
working-directory: ./denoDist
run: deno publish
create-release:
name: Create release
needs: check-publish
# Keep this guard on every job for defense-in-depth in case job dependencies are refactored.
if: ${{ !github.event.repository.fork && github.repository == 'graphql/graphql-js' && github.ref_name == '17.x.x' && needs.check-publish.outputs.should_publish == 'true' }}
runs-on: ubuntu-latest
environment: release
permissions:
contents: write # for creating GitHub release
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Download release notes
uses: actions/download-artifact@v4
with:
name: release-notes
path: ./artifacts
- name: Create release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
tag="${{ needs.check-publish.outputs.tag }}"
if gh release view "${tag}" > /dev/null 2>&1; then
echo "GitHub release ${tag} already exists. Skipping release creation."
exit 0
fi
if git ls-remote --exit-code --tags origin "refs/tags/${tag}" > /dev/null; then
echo "Tag ${tag} already exists on origin."
else
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git tag -a "${tag}" "${GITHUB_SHA}" -m "${tag}"
gh auth setup-git
git push origin "refs/tags/${tag}"
echo "Created annotated tag ${tag} at ${GITHUB_SHA}."
fi
release_notes_file="./artifacts/release-notes.md"
if [ "${{ needs.check-publish.outputs.prerelease }}" = "true" ]; then
gh release create "${tag}" \
--verify-tag \
--title "${tag}" \
--notes-file "${release_notes_file}" \
--prerelease
else
gh release create "${tag}" \
--verify-tag \
--title "${tag}" \
--notes-file "${release_notes_file}"
fi