release-package #7

Workflow file for this run

.github/workflows/pkg_release.yml at 9e09696

	name: Package Release Process

	on:
	repository_dispatch:
	types: [release-package]

	jobs:
	# 1. Auto-merge if validation passed
	check-conflicts-in-merge:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Generate GitHub App token
	id: generate-token
	uses: tibdex/github-app-token@v2
	with:
	app_id: ${{ secrets.HATCH_WORKFLOW_APP_ID }}
	private_key: ${{ secrets.HATCH_WORKFLOW_APP_PRIVATE_KEY }}

	- name: Check PR for conflicts
	id: check-conflicts
	uses: actions/github-script@v7
	with:
	github-token: ${{ steps.generate-token.outputs.token }}
	script: \|
	const repository = '${{ github.repository }}';
	const [owner, repo] = repository.split('/');
	const prNumber = ${{ github.event.client_payload.pr_number }};

	const pr = await github.rest.pulls.get({
	owner: owner,
	repo: repo,
	pull_number: prNumber
	});

	if (pr.data.mergeable === false) {
	console.log('PR has conflicts that need to be resolved');
	await github.rest.issues.createComment({
	owner: owner,
	repo: repo,
	issue_number: prNumber,
	body: '⚠️ This PR has merge conflicts that need to be resolved before it can be auto-merged. Please resolve the conflicts and try again.'
	});
	return { can_merge: false };
	}

	console.log('PR is ready to be merged');

	// Add the automerge label
	await github.rest.issues.addLabels({
	owner: owner,
	repo: repo,
	issue_number: prNumber,
	labels: ['automerge']
	});

	return { can_merge: true };

	# 2. Create Release and Review Issue
	create-release-and-review:
	needs: [check-conflicts-in-merge]
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Generate GitHub App token
	id: generate-token
	uses: tibdex/github-app-token@v2
	with:
	app_id: ${{ secrets.HATCH_WORKFLOW_APP_ID }}
	private_key: ${{ secrets.HATCH_WORKFLOW_APP_PRIVATE_KEY }}

	# Retrieve the original artifact of the package used to be validated by the registry
	- name: Retrieve package artifact
	id: retrieve-artifact
	uses: dawidd6/action-download-artifact@v9
	with:
	github_token: ${{ steps.generate-token.outputs.token }}
	workflow: ${{ github.event.client_payload.workflow_id }}
	run_id: ${{ github.event.client_payload.run_id }}
	name: ${{ github.event.client_payload.artifact_name }}
	repo: ${{ github.repository }}
	path: downloaded-package

	- name: Extract package info
	id: package-info
	run: \|

	# Extract version from metadata file (adapt based on your format)
	VERSION=$(jq -r .version downloaded-package/hatch_metadata.json)

	echo "version=$VERSION" >> $GITHUB_OUTPUT
	echo "release_name=${{ github.event.client_payload.package_name }}-v${VERSION}" >> $GITHUB_OUTPUT

	- name: Create release artifact
	run: \|
	cd downloaded-package
	zip -r ../${{ steps.package-info.outputs.release_name }}.zip .

	- name: Create GitHub Release
	id: create-release
	uses: softprops/action-gh-release@v1
	with:
	files: ${{ steps.package-info.outputs.release_name }}.zip
	name: ${{ steps.package-info.outputs.release_name }}
	tag_name: ${{ steps.package-info.outputs.release_name }}
	token: ${{ steps.generate-token.outputs.token }}

	- name: Retrieve PR author information
	id: author-info
	uses: actions/github-script@v7
	with:
	github-token: ${{ steps.generate-token.outputs.token }}
	script: \|
	const prNumber = ${{ github.event.client_payload.pr_number }};
	const [owner, repo] = '${{ github.repository }}'.split('/');

	const pr = await github.rest.pulls.get({
	owner: owner,
	repo: repo,
	pull_number: prNumber
	});

	core.setOutput("author_id", pr.data.user.login);
	core.setOutput("author_email", pr.data.user.email \|\| pr.data.user.login + "@not-provided.com");

	# Trigger registry update with package details including author info
	- name: Trigger registry update
	uses: peter-evans/repository-dispatch@v3
	with:
	token: ${{ steps.generate-token.outputs.token }}
	repository: CrackingShells/Hatch-Registry
	event-type: add-package
	client-payload: \|-
	{
	"repository": "${{ github.repository }}",
	"package_name": "${{ github.event.client_payload.package_name }}",
	"workflow_id": "${{ github.event.client_payload.workflow_id }}",
	"run_id": "${{ github.event.client_payload.run_id }}",
	"artifact_name": "${{ github.event.client_payload.artifact_name }}",
	"author": {
	"GitHubID": "${{ steps.author-info.outputs.author_id }}",
	"email": "${{ steps.author-info.outputs.author_email }}"
	},
	"version": "${{ steps.package-info.outputs.version }}"
	}

	# Create review issue in the Registry repository
	- name: Create review issue
	uses: actions/github-script@v7
	with:
	github-token: ${{ steps.generate-token.outputs.token }}
	script: \|
	const package_name = "${{ github.event.client_payload.package_name }}";
	const version = "${{ steps.package-info.outputs.version }}";
	const author_id = "${{ steps.author-info.outputs.author_id }}";
	const release_url = "${{ steps.create-release.outputs.url }}";
	const repository = '${{ github.event.client_payload.repository }}'
	const [owner, repo] = repository.split('/');

	await github.rest.issues.create({
	owner: owner,
	repo: repo,
	title: `Package Review: ${package_name} v${version}`,
	body: `## Package Review Needed

	- Package: ${package_name}
	- Version: ${version}
	- Author: @${author_id}
	- Release: ${release_url}
	- PR: https://github.com/${{ github.repository }}/pull/${{ github.event.client_payload.pr_number }}

	Please review this package for quality and security concerns.
	Once reviewed, update the trust level using the registry update tool.

	### Review Checklist

	- [ ] Code quality and readability
	- [ ] Functionality and performance
	- [ ] Security concerns
	- [ ] Documentation completeness
	- [ ] License compliance
	`,
	labels: ['ready-for-review', 'package']
	});

	# 3. Auto-approve and merge PR if validation, release, and review issue creation were successful
	approve-and-merge:
	runs-on: ubuntu-latest
	needs: [check-conflicts-in-merge, create-release-and-review]
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Generate GitHub App token
	id: generate-token
	uses: tibdex/github-app-token@v2
	with:
	app_id: ${{ secrets.HATCH_WORKFLOW_APP_ID }}
	private_key: ${{ secrets.HATCH_WORKFLOW_APP_PRIVATE_KEY }}

	- name: Notify PR author of success
	uses: actions/github-script@v7
	with:
	github-token: ${{ steps.generate-token.outputs.token }}
	script: \|
	const message = [
	"### ✅ No conflicts detected.",
	"",
	"The package has been successfully validated and [released](https://github.com/${{ github.repository }}/releases",
	"This PR will be auto-approved and auto-merged shortly.",
	"",
	"### Next Steps",
	"",
	"1. The package will be released to the registry under the lowest trust level: unreviewed.",
	"2. The package will be available for download from the Hatch! package manager.",
	"3. A review issue will be created in the [repository](https://github.com/${{ github.repository }}/issues) for this package.",
	" - Package authors are encouraged to check the review issue and respond to any questions or concerns raised by the reviewers.",
	"4. Once the review is complete, the package's trust level will be raised to: reviewed.",

	].join('\n');

	const prNumber = ${{ github.event.client_payload.pr_number }};
	const [owner, repo] = '${{ github.repository }}'.split('/');

	await github.rest.issues.createComment({
	issue_number: prNumber,
	owner: owner,
	repo: repo,
	body: message
	})

	- name: Approve and merge PR
	uses: hmarr/auto-approve-action@v4
	with:
	github-token: ${{ steps.generate-token.outputs.token }}
	pull-request-number: ${{ github.event.client_payload.pr_number }}

	- name: Auto-merge PR
	uses: pascalgn/automerge-action@v0.16.4
	env:
	GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
	MERGE_METHOD: merge
	MERGE_LABELS: "validation-passed,automerge"
	MERGE_REMOVE_LABELS: "validation-passed,automerge"
	MERGE_FORKS: true
	PULL_REQUEST: ${{ github.event.client_payload.pr_number }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

release-package #7

Workflow file

release-package #7

Uh oh!

Workflow file for this run