chore: import upstream snapshot with attribution
Deploy (to testing) and Test Playground Preview Worker / Deploy Playground Preview Worker (testing) (push) Has been skipped
Deploy Workers Shared Staging / Deploy Workers Shared Staging (push) Failing after 0s
Prerelease / build (push) Has been skipped
Handle Changesets / Handle Changesets (push) Has been cancelled
Semgrep OSS scan / semgrep-oss (push) Has been cancelled
Deploy (to testing) and Test Playground Preview Worker / Deploy Playground Preview Worker (testing) (push) Has been skipped
Deploy Workers Shared Staging / Deploy Workers Shared Staging (push) Failing after 0s
Prerelease / build (push) Has been skipped
Handle Changesets / Handle Changesets (push) Has been cancelled
Semgrep OSS scan / semgrep-oss (push) Has been cancelled
This commit is contained in:
@@ -0,0 +1,108 @@
|
||||
name: Handle Changesets
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
|
||||
permissions:
|
||||
id-token: write
|
||||
contents: read
|
||||
# note: no write permissions are needed since the workflow uses GH_ACCESS_TOKEN instead of GITHUB_TOKEN
|
||||
|
||||
env:
|
||||
# This workflow only builds and publishes — it never runs Playwright tests.
|
||||
# Skip the browser download to avoid the postinstall script hanging in CI.
|
||||
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: "1"
|
||||
|
||||
jobs:
|
||||
release:
|
||||
if: ${{ github.repository_owner == 'cloudflare' }}
|
||||
name: Handle Changesets
|
||||
runs-on: macos-latest-large
|
||||
steps:
|
||||
- name: Checkout Repo
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
with:
|
||||
# See https://github.com/changesets/action/issues/187
|
||||
token: ${{ secrets.GH_ACCESS_TOKEN }}
|
||||
persist-credentials: true
|
||||
# Pull in more history to cover the changeset commits
|
||||
fetch-depth: 500
|
||||
|
||||
- name: Install Dependencies
|
||||
# Defense in depth: do not pass Turbo remote cache credentials and
|
||||
# disable the pnpm store cache so release builds always resolve
|
||||
# packages from the registry and rebuild every task from source,
|
||||
# rather than restoring from a (potentially poisoned) cache.
|
||||
uses: ./.github/actions/install-dependencies
|
||||
with:
|
||||
# Pinned to 24.18.0 (rather than floating `24`) until it's safe to
|
||||
# float back: Node 24.17.0 regressed node-fetch@2 keep-alive responses
|
||||
# with ERR_STREAM_PREMATURE_CLOSE (nodejs/node#63989, fixed in 24.18.0).
|
||||
node-version: 24.18.0
|
||||
disable-cache: "true"
|
||||
|
||||
- name: Check npm version
|
||||
run: node -r esbuild-register tools/deployments/check-npm-version.ts
|
||||
|
||||
- name: Check the changesets
|
||||
run: node -r esbuild-register tools/deployments/validate-changesets.ts
|
||||
|
||||
- name: Build all packages
|
||||
run: pnpm run build
|
||||
env:
|
||||
CI_OS: ${{ runner.os }}
|
||||
SOURCEMAPS: "false"
|
||||
ALGOLIA_APP_ID: ${{ secrets.ALGOLIA_APP_ID }}
|
||||
ALGOLIA_PUBLIC_KEY: ${{ secrets.ALGOLIA_PUBLIC_KEY }}
|
||||
SENTRY_DSN: "https://9edbb8417b284aa2bbead9b4c318918b@sentry10.cfdata.org/583"
|
||||
NODE_ENV: "production"
|
||||
# This is the "production" key for sparrow analytics.
|
||||
# Include this here because this step will rebuild Wrangler and needs to have this available
|
||||
SPARROW_SOURCE_KEY: "50598e014ed44c739ec8074fdc16057c"
|
||||
|
||||
- name: Create Version PR or Publish to NPM
|
||||
id: changesets
|
||||
uses: changesets/action@a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d # v1.9.0
|
||||
with:
|
||||
version: node .github/changeset-version.js
|
||||
publish: pnpm exec changeset publish
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}
|
||||
|
||||
# Switch to Node 22 for non-npm package deployments because quick-edit
|
||||
# builds native modules (tree-sitter) that are not compatible with
|
||||
# Node 24's C++20 requirement for V8 headers.
|
||||
- name: Switch to Node 22 for non-npm package deployments
|
||||
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
|
||||
with:
|
||||
# Pinned to 22.23.1 (rather than floating `22`) until it's safe to
|
||||
# float back: Node 22.23.0 regressed node-fetch@2 keep-alive responses
|
||||
# with ERR_STREAM_PREMATURE_CLOSE (nodejs/node#63989, fixed in 22.23.1).
|
||||
node-version: 22.23.1
|
||||
|
||||
- name: Deploy non-NPM Packages
|
||||
id: deploy
|
||||
run: |
|
||||
node -r esbuild-register tools/deployments/deploy-non-npm-packages.ts
|
||||
echo "status=$(cat deployment-status.json)" >> $GITHUB_OUTPUT;
|
||||
env:
|
||||
PUBLISHED_PACKAGES: ${{ steps.changesets.outputs.publishedPackages }}
|
||||
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
||||
WORKERS_NEW_CLOUDFLARE_ACCOUNT_ID: ${{ secrets.WORKERS_NEW_CLOUDFLARE_ACCOUNT_ID }}
|
||||
WORKERS_NEW_CLOUDFLARE_API_TOKEN: ${{ secrets.WORKERS_NEW_CLOUDFLARE_API_TOKEN }}
|
||||
WORKERS_DEPLOY_AND_CONFIG_CLOUDFLARE_API_TOKEN: ${{ secrets.WORKERS_DEPLOY_AND_CONFIG_CLOUDFLARE_API_TOKEN }}
|
||||
WORKERS_SHARED_SENTRY_ACCESS_ID: ${{ secrets.WORKERS_SHARED_SENTRY_ACCESS_ID }}
|
||||
WORKERS_SHARED_SENTRY_ACCESS_SECRET: ${{ secrets.WORKERS_SHARED_SENTRY_ACCESS_SECRET }}
|
||||
WORKERS_SHARED_SENTRY_AUTH_TOKEN: ${{ secrets.WORKERS_SHARED_SENTRY_AUTH_TOKEN }}
|
||||
|
||||
- name: Send Alert
|
||||
if: always()
|
||||
run: node -r esbuild-register tools/deployments/alert-on-error.ts
|
||||
env:
|
||||
PUBLISH_STATUS: ${{ steps.changesets.outcome }}
|
||||
HAS_CHANGESETS: ${{ steps.changesets.outputs.hasChangesets }}
|
||||
DEPLOYMENT_STATUS: ${{ steps.deploy.outputs.status }}
|
||||
RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
|
||||
TOKEN: ${{ secrets.STATUS_BOT_SECRET }}
|
||||
Reference in New Issue
Block a user