name: release / create-pr on: workflow_dispatch: inputs: scope: description: "What to release" required: true type: choice options: - monorepo - angular - channels - channels-discord - channels-intelligence - channels-slack - channels-teams - channels-telegram - channels-whatsapp bump: description: "Version bump level" required: true type: choice options: - patch - minor - major dry_run: description: "Dry run (preview without creating PR)" required: false default: false type: boolean concurrency: # Scope the lock to the package being released so that, e.g., a `monorepo` # create-pr run and an `angular` create-pr run proceed in independent lanes # instead of queuing behind each other. Same-scope runs still serialize # (cancel-in-progress: false), which is what protects the version bump. group: release-pr-${{ inputs.scope }} cancel-in-progress: false permissions: contents: write pull-requests: write env: NX_VERBOSE_LOGGING: true jobs: create-release-pr: if: github.ref == 'refs/heads/main' runs-on: ubuntu-latest timeout-minutes: 15 environment: npm steps: - name: Check for existing release PR uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | const { owner, repo } = context.repo; const { data: prs } = await github.rest.pulls.list({ owner, repo, state: "open", head_prefix: `${owner}:release/publish/`, }); const releasePRs = prs.filter(pr => pr.head.ref.startsWith("release/publish/")); if (releasePRs.length > 0) { const existing = releasePRs.map(pr => ` - #${pr.number}: ${pr.title} (${pr.html_url})`).join("\n"); core.setFailed( `An open release PR already exists. Close or merge it before creating a new one:\n${existing}` ); } - name: Checkout Repo uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} persist-credentials: false - name: Setup pnpm # Omit `version:` so pnpm/action-setup inherits from the repo's # `packageManager` field in package.json (via corepack). uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9 - name: Setup Node uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 20.x - name: Install Dependencies run: pnpm install --frozen-lockfile - name: Prepare release id: prepare run: | if [ "${{ inputs.dry_run }}" == "true" ]; then pnpm tsx scripts/release/prepare-release.ts --bump ${{ inputs.bump }} --scope ${{ inputs.scope }} --dry-run else pnpm tsx scripts/release/prepare-release.ts --bump ${{ inputs.bump }} --scope ${{ inputs.scope }} fi - name: Sync plugin skills if: inputs.dry_run != true run: pnpm sync:plugin-skills - name: Generate AI release notes if: inputs.dry_run != true id: ai_notes run: pnpm tsx scripts/release/generate-ai-release-notes.ts "${{ steps.prepare.outputs.version }}" env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} NOTION_API_KEY: ${{ secrets.NOTION_API_KEY }} NOTION_RELEASE_NOTES_PAGE: ${{ secrets.NOTION_RELEASE_NOTES_PAGE }} - name: Mint devops-bot token if: inputs.dry_run != true id: app-token uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 with: app-id: 1108748 private-key: ${{ secrets.DEVOPS_BOT_PRIVATE_KEY }} permission-contents: write permission-pull-requests: write permission-issues: write - name: Create release PR if: inputs.dry_run != true id: create_pr uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8 env: # The PR branch is validated by CI after creation; do not run local # developer pre-commit hooks inside the automation commit. LEFTHOOK: "0" with: token: ${{ steps.app-token.outputs.token }} branch: release/publish/${{ inputs.scope }}/v${{ steps.prepare.outputs.version }} delete-branch: true commit-message: "chore: release ${{ inputs.scope }} v${{ steps.prepare.outputs.version }}" title: "chore: release ${{ inputs.scope }} v${{ steps.prepare.outputs.version }}" body: | ## Release ${{ inputs.scope }} v${{ steps.prepare.outputs.version }} **Scope:** `${{ inputs.scope }}` | **Bump:** `${{ inputs.bump }}` --- ### How this release process works 1. **This PR was created automatically** by the "release / create-pr" workflow. It bumped the `${{ inputs.scope }}` packages to `${{ steps.prepare.outputs.version }}` and generated AI-enhanced release notes. 2. **CI runs on this PR** — the full test suite (unit tests, lint, type checks, build) must pass before merging. This is the review gate. 3. **Review the release notes** in `release-notes.md` in this PR. If a Notion draft was created, you can edit the release notes there before merging. 4. **When this PR is merged**, the `release / publish` workflow automatically: - Builds all packages - Publishes the `${{ inputs.scope }}` packages to npm at version `${{ steps.prepare.outputs.version }}` - Creates git tag `${{ inputs.scope }}/v${{ steps.prepare.outputs.version }}` - Creates a GitHub Release with the final release notes ### Before merging - [ ] CI is green (tests, lint, types, build) - [ ] Version bumps look correct - [ ] Release notes are accurate (edit in Notion if a draft was created) --- > **Do not merge until CI is fully green.** The full test suite runs automatically on this PR. labels: release - name: Comment Notion link on PR if: inputs.dry_run != true && steps.ai_notes.outputs.notion_url uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 env: NOTION_URL: ${{ steps.ai_notes.outputs.notion_url }} PR_NUMBER: ${{ steps.create_pr.outputs.pull-request-number }} with: github-token: ${{ steps.app-token.outputs.token }} script: | const { owner, repo } = context.repo; const prNumber = parseInt(process.env.PR_NUMBER, 10); const notionUrl = process.env.NOTION_URL; if (prNumber && notionUrl) { await github.rest.issues.createComment({ owner, repo, issue_number: prNumber, body: `📝 **Release notes draft:** ${notionUrl}\n\nYou can edit the release notes in Notion before merging. The final content will be used for the GitHub Release.`, }); }