name: TS SDK Release on: workflow_dispatch: push: branches: [next] permissions: contents: read # Print Turborepo telemetry events to the logs instead of sending them. env: TURBO_TELEMETRY_DEBUG: 1 jobs: release: name: Release Typescript SDK runs-on: ubuntu-latest permissions: contents: read id-token: write steps: # Mint a short-lived GitHub App installation token instead of a long-lived # PAT. App tokens don't expire out from under us (the old CI_BOT_TOKEN PAT # did), and — unlike the default GITHUB_TOKEN — events they create (the # "Release: update version" PR and its eventual merge) still trigger # downstream workflows like build-cli-binaries.yml, so publishing fires. - name: Generate GitHub App token id: app-token uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 with: client-id: ${{ vars.RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.RELEASE_BOT_APP_PRIVATE_KEY }} - name: Checkout Code uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 # Required for git show HEAD^ when comparing published package versions token: ${{ steps.app-token.outputs.token }} - name: Setup Node.js, pnpm, Bun uses: ./.github/actions/setup-node-pnpm-bun with: # Pin Node.js 24 for the release job only: the npm it bundles supports # OIDC trusted publishing, which the toolchain's Node 22 (mise.toml) # does not. Intentionally a release-only override, not centralized. node-version: '24.17.0' - name: Install Dependencies run: pnpm install --frozen-lockfile - name: Run Linting run: pnpm lint - name: Run Build run: pnpm run build:packages - name: Create Release Pull Request & Publish packages id: changesets uses: changesets/action@a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d # v1.9.0 if: github.event_name != 'workflow_dispatch' # only run on master merges env: GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} GITHUB_ACCESS_TOKEN: ${{ steps.app-token.outputs.token }} with: publish: pnpm changeset:release commit: 'Release: update version' title: 'Release: update version' - name: Set Version Info if: steps.changesets.outputs.published == 'true' env: PUBLISHED_PACKAGES: ${{ steps.changesets.outputs.publishedPackages }} run: | SLACK_VERSIONS="" while read -r pkg; do NAME=$(jq -r '.name // empty' <<<"$pkg" 2>/dev/null || echo "") NEW_VERSION=$(jq -r '.version // empty' <<<"$pkg" 2>/dev/null || echo "") if [ -z "$NAME" ] || [ -z "$NEW_VERSION" ]; then continue fi VERSION_LINE="⚡️ $NAME: \`$NEW_VERSION\`" PKG_PATH=$(pnpm list --filter "$NAME" --json 2>/dev/null | jq -r '.[0].path // empty' 2>/dev/null || echo "") if [ -n "$PKG_PATH" ]; then REL_PKG_JSON_PATH="${PKG_PATH#$GITHUB_WORKSPACE/}/package.json" OLD_VERSION=$(git show "HEAD^:$REL_PKG_JSON_PATH" 2>/dev/null | jq -r '.version // empty' 2>/dev/null || echo "") if [ -n "$OLD_VERSION" ] && [ "$OLD_VERSION" != "$NEW_VERSION" ]; then VERSION_LINE="⚡️ $NAME: \`$OLD_VERSION\` -> \`$NEW_VERSION\`" fi fi if [ -n "$SLACK_VERSIONS" ]; then SLACK_VERSIONS="${SLACK_VERSIONS}"$'\n'"${VERSION_LINE}" else SLACK_VERSIONS="$VERSION_LINE" fi done < <(jq -c 'if type == "array" then .[] else empty end' <<<"$PUBLISHED_PACKAGES" 2>/dev/null || true) if [ -z "$SLACK_VERSIONS" ]; then SLACK_VERSIONS="No version info available" fi # Build a single-line JSON payload so multiline version info is safely escaped. SLACK_PAYLOAD=$(jq -nc \ --arg repository "$GITHUB_REPOSITORY" \ --arg versions "$SLACK_VERSIONS" \ --arg sha "$GITHUB_SHA" \ '{text: "🚀 New SDK version published!\n*Repository:* \($repository)\n*Versions:*\n\($versions)\n*Commit:* \($sha)"}') echo "SLACK_PAYLOAD=$SLACK_PAYLOAD" >> "$GITHUB_ENV" - name: Send Slack Notification if: steps.changesets.outputs.published == 'true' uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 with: webhook: ${{ secrets.SLACK_RELEASE_WEBHOOK_URL }} webhook-type: incoming-webhook payload: ${{ env.SLACK_PAYLOAD }}