ci: release with app-identity #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release and Publish | |
| on: | |
| push: | |
| branches: [main] | |
| permissions: | |
| contents: write | |
| packages: write | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Enable Corepack | |
| run: corepack enable | |
| - name: Install pnpm via Corepack | |
| run: corepack prepare [email protected] --activate | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v5 | |
| with: | |
| node-version: "22" | |
| - name: Install dependencies | |
| run: pnpm install | |
| - name: Check formatting | |
| run: pnpm run format | |
| - name: Run linting | |
| run: pnpm run lint | |
| - name: Build project | |
| run: pnpm run build | |
| - name: Run tests | |
| run: pnpm test | |
| release: | |
| needs: test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Generate GitHub App Token | |
| id: generate_token | |
| uses: tibdex/github-app-token@v2 | |
| with: | |
| app_id: ${{ vars.VERSION_BUMPER_APPID }} | |
| private_key: ${{ secrets.VERSION_BUMPER_SECRET }} | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Enable Corepack | |
| run: corepack enable | |
| - name: Install pnpm via Corepack | |
| run: corepack prepare [email protected] --activate | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v5 | |
| with: | |
| node-version: "22" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Install dependencies | |
| run: pnpm install | |
| - name: Build project | |
| run: pnpm run build | |
| - name: Bump version and create tag | |
| id: version | |
| uses: mathieudutour/[email protected] | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| default_bump: patch | |
| tag_prefix: v | |
| - name: Update package.json version | |
| if: steps.version.outputs.new_tag | |
| run: | | |
| NEW_VERSION=${{ steps.version.outputs.new_version }} | |
| # Update root package.json | |
| pnpm version $NEW_VERSION --no-git-tag-version | |
| # Update all workspace package versions | |
| pnpm -r exec pnpm version $NEW_VERSION --no-git-tag-version | |
| git config --local user.email "[email protected]" | |
| git config --local user.name "GitHub Action" | |
| git add package.json packages/*/package.json pnpm-lock.yaml | |
| git commit -m "chore: bump version to $NEW_VERSION [skip ci]" || exit 0 | |
| git push | |
| env: | |
| GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} | |
| - name: Create GitHub Release | |
| if: steps.version.outputs.new_tag | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| tag_name: ${{ steps.version.outputs.new_tag }} | |
| name: Release ${{ steps.version.outputs.new_tag }} | |
| body: ${{ steps.version.outputs.changelog }} | |
| draft: false | |
| prerelease: false | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Publish to npm | |
| if: steps.version.outputs.new_tag | |
| run: | | |
| NEW_VERSION=${{ steps.version.outputs.new_version }} | |
| # Publish core package first as mcp-server depends on it | |
| cd packages/core | |
| pnpm publish --access public --no-git-checks | |
| cd ../.. | |
| # Update workspace dependency to actual version for mcp-server | |
| cd packages/mcp-server | |
| sed -i 's/"@codemcp\/quiet-shell-core": "workspace:\*"/"@codemcp\/quiet-shell-core": "^'$NEW_VERSION'"/g' package.json | |
| pnpm publish --access public --no-git-checks | |
| cd ../.. | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |