Release #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| id-token: write | |
| issues: write | |
| pull-requests: write | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Verify admin permissions | |
| run: | | |
| # Use the repository's permission endpoint which works for both personal and org repos | |
| RESPONSE=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| "https://api.github.com/repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission") | |
| # Extract permission using jq if available, otherwise use grep | |
| if command -v jq &> /dev/null; then | |
| PERMISSION=$(echo "$RESPONSE" | jq -r '.permission // empty') | |
| else | |
| PERMISSION=$(echo "$RESPONSE" | grep -o '"permission":"[^"]*"' | head -1 | cut -d'"' -f4) | |
| fi | |
| if [ -z "$PERMISSION" ]; then | |
| echo "Warning: Could not determine permission level. Response: $RESPONSE" | |
| echo "Note: workflow_dispatch requires write access, proceeding..." | |
| exit 0 | |
| fi | |
| if [ "$PERMISSION" != "admin" ]; then | |
| echo "Error: Only repository admins can trigger releases. Current permission: $PERMISSION" | |
| exit 1 | |
| fi | |
| echo "✓ Verified admin permission for ${{ github.actor }}" | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| fetch-depth: 0 | |
| - name: Setup git branch | |
| run: | | |
| git fetch --all --tags | |
| git checkout -B main | |
| git branch --set-upstream-to=origin/main main | |
| - name: Debug branch info | |
| run: | | |
| echo "Current branch: $(git branch --show-current)" | |
| echo "All branches: $(git branch -a)" | |
| echo "Git remote: $(git remote -v)" | |
| echo "Git status: $(git status)" | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| registry-url: 'https://registry.npmjs.org' | |
| always-auth: true | |
| - run: npm ci | |
| - run: npm test --if-present | |
| - name: Configure git | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| - name: Create initial tag if needed | |
| run: | | |
| if ! git rev-parse --verify "v1.0.0-beta.1" >/dev/null 2>&1; then | |
| echo "Creating initial tag v1.0.0-beta.1" | |
| git tag -a "v1.0.0-beta.1" -m "chore: initial beta release" | |
| git push origin "v1.0.0-beta.1" || echo "Tag push failed (may not have permission or tag exists)" | |
| else | |
| echo "Tag v1.0.0-beta.1 already exists" | |
| fi | |
| - name: Debug semantic-release config | |
| run: | | |
| echo "=== .releaserc.json ===" | |
| cat .releaserc.json | |
| echo "" | |
| echo "=== Git branches ===" | |
| git branch -a | |
| echo "" | |
| echo "=== Current branch ===" | |
| git branch --show-current | |
| echo "" | |
| echo "=== Git tags ===" | |
| git tag | |
| - name: Extract npm token from .npmrc | |
| run: | | |
| echo "=== Extracting npm token ===" | |
| echo "NPM_CONFIG_USERCONFIG: $NPM_CONFIG_USERCONFIG" | |
| # Copy .npmrc to home directory first | |
| if [ -f "$NPM_CONFIG_USERCONFIG" ]; then | |
| mkdir -p ~/.npm | |
| cp "$NPM_CONFIG_USERCONFIG" ~/.npmrc | |
| echo "✓ Copied .npmrc to ~/.npmrc" | |
| # Show .npmrc format (masked) for debugging | |
| echo "Contents of .npmrc (masked):" | |
| cat ~/.npmrc | sed 's/=.*/=***/' || true | |
| echo "" | |
| # Extract token - the format should be: //registry.npmjs.org/:_authToken=TOKEN | |
| NPM_TOKEN=$(awk -F'=' '/_authToken/ {print $2}' ~/.npmrc | head -1 | tr -d '\n' || echo "") | |
| # If that didn't work, try grep | |
| if [ -z "$NPM_TOKEN" ]; then | |
| NPM_TOKEN=$(grep -oP '(?<=_authToken=).*' ~/.npmrc | head -1 | tr -d '\n' || echo "") | |
| fi | |
| # If still empty, try without regex (simple sed) | |
| if [ -z "$NPM_TOKEN" ]; then | |
| NPM_TOKEN=$(grep '_authToken' ~/.npmrc | sed 's/.*_authToken=//' | tr -d '\n' || echo "") | |
| fi | |
| if [ -n "$NPM_TOKEN" ]; then | |
| echo "::add-mask::$NPM_TOKEN" | |
| echo "NPM_TOKEN=$NPM_TOKEN" >> $GITHUB_ENV | |
| echo "✓ NPM_TOKEN extracted and set" | |
| else | |
| echo "✗ Error: Could not extract token from .npmrc" | |
| echo "Full .npmrc content (tokens will be masked in actual output):" | |
| cat ~/.npmrc || true | |
| exit 1 | |
| fi | |
| else | |
| echo "✗ Error: .npmrc file not found at $NPM_CONFIG_USERCONFIG" | |
| echo "This means actions/setup-node did not create the .npmrc file" | |
| echo "NODE_AUTH_TOKEN is set: $([ -n "$NODE_AUTH_TOKEN" ] && echo 'yes' || echo 'no')" | |
| exit 1 | |
| fi | |
| # Test authentication | |
| echo "" | |
| echo "=== Testing npm authentication ===" | |
| npm whoami --registry=https://registry.npmjs.org && echo "✓ npm authentication successful" || echo "✗ npm authentication failed" | |
| - name: Release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: npx semantic-release |