Revised release and publish workflows #73
Conversation
There was a problem hiding this comment.
Pull request overview
This PR revises the release and publish workflows to comply with branch protection rules by introducing a two-stage release process. Instead of creating releases directly on the main branch, the workflows now create a release PR that requires review before triggering the automated GitHub release and npm publish steps.
Changes:
- Removed the old
publish.ymlworkflow that triggered on GitHub release events - Added
publish-release.ymlworkflow that triggers when package.json changes on main, automatically creating a GitHub release and publishing to npm when a version bump commit is detected - Modified
create-release.ymlto create a release branch with version bump and open a PR instead of directly committing to main
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 8 comments.
| File | Description |
|---|---|
.github/workflows/publish.yml |
Removed old workflow that published to npm when a GitHub release was created |
.github/workflows/publish-release.yml |
New workflow that detects version bump commits on main and automatically creates GitHub releases and publishes to npm |
.github/workflows/create-release.yml |
Modified to create a release branch and PR instead of committing directly to main, now includes proper permissions for PR creation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - name: Publish to npm | ||
| if: steps.check_commit.outputs.is_version_bump == 'true' | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
| run: npm publish |
There was a problem hiding this comment.
The workflow doesn't run tests or linting before publishing to npm. This is a significant risk as it could publish a broken package. The CI workflow runs on pull requests, but if someone bypasses the PR process or if tests weren't run for any reason, a broken version could be published. Consider adding test and lint steps before the publish step to ensure quality.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
| - name: Create Pull Request | ||
| id: create_pr | ||
| uses: peter-evans/create-pull-request@v6 | ||
| with: | ||
| tag_name: ${{ env.new_version }} | ||
| body: 'Automated release ${{ env.new_version }}.' | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| branch: release/${{ env.new_version }} | ||
| title: 'chore: Release ${{ env.new_version }}' | ||
| body: | | ||
| Automated version bump to ${{ env.new_version }} | ||
|
|
||
| This PR was automatically created by the release workflow. | ||
| Once merged, a GitHub release will be created automatically. | ||
| base: main |
There was a problem hiding this comment.
The create-pull-request action is being used on a branch that was already created and pushed manually. This is not the intended usage pattern for this action. The action expects to create the branch itself or work with an existing branch that it manages. Using it after manually pushing may result in unexpected behavior or the action attempting to force-push changes, which could fail. Either let the action handle the entire branch creation and commit process, or use the GitHub CLI or API to create the PR instead.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
| - name: Create GitHub Release | ||
| if: steps.check_commit.outputs.is_version_bump == 'true' | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| uses: softprops/action-gh-release@v1 | ||
| with: | ||
| tag_name: ${{ steps.get_version.outputs.version }} | ||
| name: Release ${{ steps.get_version.outputs.version }} | ||
| body: 'Automated release ${{ steps.get_version.outputs.version }}' | ||
| draft: false | ||
| prerelease: false |
There was a problem hiding this comment.
The workflow creates a GitHub release but doesn't verify that the tag doesn't already exist. If the workflow is triggered multiple times (e.g., due to a retry or manual trigger), or if a tag with the same version already exists, the release creation will fail. Consider checking if the tag/release already exists before attempting to create it, or handle the error gracefully.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
| - name: Create GitHub Release | ||
| if: steps.check_commit.outputs.is_version_bump == 'true' | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| uses: softprops/action-gh-release@v1 | ||
| with: | ||
| tag_name: ${{ steps.get_version.outputs.version }} | ||
| name: Release ${{ steps.get_version.outputs.version }} | ||
| body: 'Automated release ${{ steps.get_version.outputs.version }}' | ||
| draft: false | ||
| prerelease: false | ||
|
|
||
| - name: Publish to npm | ||
| if: steps.check_commit.outputs.is_version_bump == 'true' | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
| run: npm publish |
There was a problem hiding this comment.
If npm publish fails after the GitHub release has been created, the workflow will leave the repository in an inconsistent state with a release that doesn't correspond to a published npm package. Consider either creating the release after a successful npm publish, or implement error handling to delete the release if publishing fails.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
| - name: Create release branch | ||
| run: | | ||
| BRANCH_NAME="release/${{ env.new_version }}" | ||
| git config user.name "github-actions[bot]" | ||
| git config user.email "github-actions[bot]@users.noreply.github.com" | ||
| git commit -am "chore: Bump version to $NEW_VERSION" | ||
| git tag $NEW_VERSION | ||
| git push origin main --tags | ||
|
|
||
| - name: Create GitHub Release | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| uses: softprops/action-gh-release@v1 | ||
| git checkout -b $BRANCH_NAME | ||
| git commit -am "chore: Bump version to ${{ env.new_version }}" | ||
| git push origin $BRANCH_NAME | ||
|
|
||
| - name: Create Pull Request | ||
| id: create_pr | ||
| uses: peter-evans/create-pull-request@v6 |
There was a problem hiding this comment.
There's a redundancy issue here. Lines 50-57 manually create a branch, commit changes, and push them using Git commands. Then, the create-pull-request action (lines 59-61) is also configured to work with the same branch. The create-pull-request action can handle creating the branch, committing changes, and pushing automatically if you provide the changed files. This creates unnecessary complexity and potential for conflicts. Consider either removing the manual Git operations and letting the create-pull-request action handle everything, or removing the create-pull-request action and creating the PR using GitHub API.
| - name: Check if version bump commit | ||
| id: check_commit | ||
| run: | | ||
| commit_message=$(git log -1 --pretty=%B) | ||
| if [[ "$commit_message" =~ ^chore:\ Bump\ version\ to ]]; then | ||
| echo "is_version_bump=true" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "is_version_bump=false" >> $GITHUB_OUTPUT | ||
| fi |
There was a problem hiding this comment.
The commit message check relies on an exact pattern match with 'chore: Bump version to'. However, in a PR merge, especially with squash merges, GitHub may modify the commit message by adding PR numbers or other metadata. This could cause the workflow to fail to recognize valid version bump commits. Consider using a more flexible pattern or checking for changes in the version field of package.json directly instead of relying solely on the commit message.
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - 'package.json' |
There was a problem hiding this comment.
The workflow triggers on any push to main that modifies package.json. This means it will run even when package.json is updated for reasons other than version bumps (e.g., dependency updates, metadata changes). While the commit message check should filter these out, it's inefficient and may cause confusion. Consider adding a more specific trigger condition or documenting this behavior more clearly.
Co-authored-by: mkistler <800728+mkistler@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Add test and lint steps to publish workflow
|
I'm going to start over on this. |
This is a second attempt at workflows to create a GitHub release and then publish to nom.
The first attempt failed because it was creating the release directly on main, which ran afoul of the branch protection rules in the repo.
These new workflows create the a "release PR" the bumps the version number in package.json. This PR then needs to be reviewed and merged. When it is merged the second workflow, publish-release, will trigger automatically, create the GitHub release and then publish to npm.