Skip to content
Release

Release #13

Sign in to view logs

Release

Release #13

Workflow file for this run

.github/workflows/release.yml at b2bcdfd
name: Release
on:
workflow_dispatch:
permissions:
contents: write
id-token: write
issues: write
pull-requests: write
jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Verify admin permissions
run: |
# Use the repository's permission endpoint which works for both personal and org repos
RESPONSE=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission")
# Extract permission using jq if available, otherwise use grep
if command -v jq &> /dev/null; then
PERMISSION=$(echo "$RESPONSE" | jq -r '.permission // empty')
else
PERMISSION=$(echo "$RESPONSE" | grep -o '"permission":"[^"]*"' | head -1 | cut -d'"' -f4)
fi
if [ -z "$PERMISSION" ]; then
echo "Warning: Could not determine permission level. Response: $RESPONSE"
echo "Note: workflow_dispatch requires write access, proceeding..."
exit 0
fi
if [ "$PERMISSION" != "admin" ]; then
echo "Error: Only repository admins can trigger releases. Current permission: $PERMISSION"
exit 1
fi
echo "✓ Verified admin permission for ${{ github.actor }}"
- uses: actions/checkout@v4
with:
ref: main
fetch-depth: 0
- name: Setup git branch
run: |
git fetch --all --tags
git checkout -B main
git branch --set-upstream-to=origin/main main
- name: Debug branch info
run: |
echo "Current branch: $(git branch --show-current)"
echo "All branches: $(git branch -a)"
echo "Git remote: $(git remote -v)"
echo "Git status: $(git status)"
- uses: actions/setup-node@v4
with:
node-version: '20'
registry-url: 'https://registry.npmjs.org'
always-auth: true
- run: npm ci
- run: npm test --if-present
- name: Configure git
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
- name: Create initial tag if needed
run: |
if ! git rev-parse --verify "v1.0.0-beta.1" >/dev/null 2>&1; then
echo "Creating initial tag v1.0.0-beta.1"
git tag -a "v1.0.0-beta.1" -m "chore: initial beta release"
git push origin "v1.0.0-beta.1" || echo "Tag push failed (may not have permission or tag exists)"
else
echo "Tag v1.0.0-beta.1 already exists"
fi
- name: Debug semantic-release config
run: |
echo "=== .releaserc.json ==="
cat .releaserc.json
echo ""
echo "=== Git branches ==="
git branch -a
echo ""
echo "=== Current branch ==="
git branch --show-current
echo ""
echo "=== Git tags ==="
git tag
- name: Configure npm authentication for semantic-release
run: |
# actions/setup-node creates .npmrc in a temp location via NPM_CONFIG_USERCONFIG
# We need to ensure semantic-release can find it
if [ -f "$NPM_CONFIG_USERCONFIG" ]; then
echo "Found npmrc at $NPM_CONFIG_USERCONFIG"
# Copy to home directory for semantic-release to read
mkdir -p ~/.npm
cp "$NPM_CONFIG_USERCONFIG" ~/.npmrc
echo "Copied .npmrc to ~/.npmrc"
# Also extract token for NPM_TOKEN env var (semantic-release npm plugin requires it)
# We mask the token value in logs for security
TOKEN=$(grep -oP '(?<=//registry\.npmjs\.org/:_authToken=).*' ~/.npmrc 2>/dev/null || echo "")
if [ -n "$TOKEN" ]; then
echo "NPM_TOKEN=***" >> $GITHUB_ENV
echo "::add-mask::$TOKEN"
echo "NPM_TOKEN=$TOKEN" >> $GITHUB_ENV
echo "NPM_TOKEN configured (masked in logs)"
else
echo "Warning: Could not extract token from .npmrc"
fi
else
echo "Warning: NPM_CONFIG_USERCONFIG not found at $NPM_CONFIG_USERCONFIG"
fi
# Test npm auth (without exposing token)
echo "Testing npm authentication..."
npm whoami --registry=https://registry.npmjs.org >/dev/null 2>&1 && echo "✓ npm authentication successful" || echo "✗ npm authentication failed"
- name: Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: npx semantic-release