Skip to content
Release

Release #70

Sign in to view logs

Release

Release #70

Workflow file for this run

.github/workflows/release.yml at e2c6ac3
# Release Workflow
#
# This workflow is responsible for creating official releases:
# - Verifies that a version bump is needed based on conventional commits
# - Fast-forwards master branch from dev
# - Bumps the version in package.json and creates a version commit on master
# - Publishes to npm with the '@latest' tag
# - Creates a git tag and GitHub release
# - Rebases the version bump commit back to dev branch
#
# Workflow Behavior:
# - Triggered manually via workflow_dispatch
# - Ensures code can only be released if it contains commits that justify a version bump
# - Creates proper versioning in both npm and git
# - Maintains synchronization between master and dev branches
#
# Relationship with release-next.yml:
# - release-next.yml publishes RC versions with the '@next' tag during development
# - This workflow publishes final versions with the '@latest' tag
# - The rebase-dev job ensures the version bump commit is pulled back to dev with [skip ci]
# which prevents release-next.yml from running again on this commit
name: Release
on:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
env:
NODE_VERSION: 22
PROVIDER_URL: ${{ secrets.PROVIDER_URL }}
jobs:
# First step: Determine if the commits since last tag require a version bump
# Outputs:
# - bump_type: The type of semantic version bump (major, minor, patch)
# - triggers_bump: 'true' if a version bump is needed, 'false' otherwise
check-version-bump:
uses: NexusMutual/workflows/.github/workflows/check-version-bump.yml@master
with:
ref: dev
environment: production
bump-command: |
timeout 5s npx conventional-recommended-bump --config .github/config/conventional-bump-setup.js
secrets:
DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
DEPLOYER_APP_PK: ${{ secrets.DEPLOYER_APP_PK }}
# Second step: Fails the workflow if the commits since last tag does not trigger a version bump
# This ensures we don't create releases without meaningful changes
validate-version-bump:
needs: check-version-bump
runs-on: ubuntu-22.04
steps:
- name: Verify version bump is needed
if: needs.check-version-bump.outputs.triggers_bump != 'true'
run: |
echo "::error::Forbidden to release a version without a version bump"
echo "::warning::Commit messages on the dev branch must include changes beyond 'docs', 'style', 'test', or 'ci'"
echo "Please ensure your commits reflect meaningful changes to trigger an automatic version bump."
exit 1
- name: Confirm version bump
run: |
echo "Version bump of type '${{ needs.check-version-bump.outputs.bump_type }}' will be applied"
# Third step: Fast-forward master branch to match dev
# This ensures master contains all changes from dev before creating the release
ff-master:
needs: [check-version-bump, validate-version-bump]
uses: NexusMutual/workflows/.github/workflows/fast-forward.yml@master
with:
environment: production
source-ref: dev
target-ref: master
secrets:
DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
DEPLOYER_APP_PK: ${{ secrets.DEPLOYER_APP_PK }}
# Fourth step: Apply the version bump to package.json and create a commit
# This creates the official version bump commit on the master branch
# Outputs:
# - bumped_version: The new version number
bump-version:
needs: [check-version-bump, ff-master]
uses: NexusMutual/workflows/.github/workflows/bump.yml@master
with:
environment: production
ref: master
bump-command: |
echo 'Executing npm version bump: ${{ needs.check-version-bump.outputs.bump_type }}'
npm version "${{ needs.check-version-bump.outputs.bump_type }}" --no-git-tag-version
secrets:
DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
DEPLOYER_APP_PK: ${{ secrets.DEPLOYER_APP_PK }}
# Fifth step: Build the code and run all checks
# Ensures the release is stable before publishing
build-and-checks:
runs-on: ubuntu-22.04
needs: bump-version
steps:
- uses: actions/checkout@v4
with:
ref: master
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
cache-dependency-path: package-lock.json
- name: Install dependencies
run: npm ci --ignore-scripts --prefer-offline --no-audit --no-fund
# Run build script to generate `/generated` dir which is needed by ts:check and test scripts
- name: Build package
run: npm run build
- name: Run linter
run: npm run lint
- name: Check types and typescript
run: npm run ts:check
- name: Run tests
run: npm run test
# Save build artifacts for the publish job
- uses: actions/upload-artifact@v4
with:
name: sdk-${{ needs.bump-version.outputs.bumped_version }}
path: dist
# Sixth step: Publish the package to npm with the '@latest' tag
# This makes the new version the default when users run `npm install`
publish:
runs-on: ubuntu-22.04
needs: [bump-version, build-and-checks]
environment: production
steps:
- uses: actions/checkout@v4
with:
ref: master
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
registry-url: 'https://registry.npmjs.org'
# Download the build artifacts from the build-and-checks job
- uses: actions/download-artifact@v4
with:
name: sdk-${{ needs.bump-version.outputs.bumped_version }}
path: dist
# Remove the prepare script to avoid running it during npm publish
- name: Remove prepare script
run: npm pkg delete scripts.prepare
# Publish the package to npm with the '@latest' tag (default)
- name: Publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
run: npm publish --access public --ignore-scripts
# Seventh step: Create a git tag and GitHub release
# This marks the commit in git history and creates a release on GitHub
git-tag-release:
needs: build-and-checks
uses: NexusMutual/workflows/.github/workflows/git-tag-github-release.yml@master
with:
environment: production
ref: master
secrets:
DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
DEPLOYER_APP_PK: ${{ secrets.DEPLOYER_APP_PK }}
# Eighth step: Rebase the version bump commit back to dev
# This ensures dev branch has the version bump commit
# The commit includes [skip ci] so release-next.yml won't run on this commit
rebase-dev:
needs: build-and-checks
uses: NexusMutual/workflows/.github/workflows/rebase.yml@master
with:
environment: production
source-ref: master
target-ref: dev
secrets:
DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
DEPLOYER_APP_PK: ${{ secrets.DEPLOYER_APP_PK }}
# Final step: Create PRs to update SDK version in dependent repositories
sdk-bump-prs:
needs: [bump-version, publish]
strategy:
matrix:
include:
- repo: frontend-next
base-branch: develop
change-type: feat
- repo: event-scanner
base-branch: dev
change-type: build
- repo: notification-processor
base-branch: dev
change-type: build
- repo: order-book
base-branch: dev
change-type: build
- repo: workers
base-branch: dev
change-type: build
fail-fast: false # Allow other matrix jobs to continue even if one fails
uses: NexusMutual/workflows/.github/workflows/open-pr.yml@master
with:
environment: production
repository: ${{ matrix.repo }}
base-branch: ${{ matrix.base-branch }}
branch-name: '${{ matrix.change-type }}/nexusmutual-sdk-version-bump-${{ needs.bump-version.outputs.bumped_version }}-${{ github.run_id }}'
change-command: npm i --save-exact @nexusmutual/sdk@${{ needs.bump-version.outputs.bumped_version }}
commit-message: '${{ matrix.change-type }}: update @nexusmutual/sdk to ${{ needs.bump-version.outputs.bumped_version }}'
pr-body: 'updated @nexusmutual/sdk to [${{ needs.bump-version.outputs.bumped_version }}](https://github.com/NexusMutual/sdk/releases/tag/v${{ needs.bump-version.outputs.bumped_version }})'
secrets:
DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
DEPLOYER_APP_PK: ${{ secrets.DEPLOYER_APP_PK }}