Files
2026-07-13 12:58:18 +08:00

201 lines
7.5 KiB
YAML

name: release / create-pr
on:
workflow_dispatch:
inputs:
scope:
description: "What to release"
required: true
type: choice
options:
- monorepo
- angular
- channels
- channels-discord
- channels-intelligence
- channels-slack
- channels-teams
- channels-telegram
- channels-whatsapp
bump:
description: "Version bump level"
required: true
type: choice
options:
- patch
- minor
- major
dry_run:
description: "Dry run (preview without creating PR)"
required: false
default: false
type: boolean
concurrency:
# Scope the lock to the package being released so that, e.g., a `monorepo`
# create-pr run and an `angular` create-pr run proceed in independent lanes
# instead of queuing behind each other. Same-scope runs still serialize
# (cancel-in-progress: false), which is what protects the version bump.
group: release-pr-${{ inputs.scope }}
cancel-in-progress: false
permissions:
contents: write
pull-requests: write
env:
NX_VERBOSE_LOGGING: true
jobs:
create-release-pr:
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
timeout-minutes: 15
environment: npm
steps:
- name: Check for existing release PR
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { owner, repo } = context.repo;
const { data: prs } = await github.rest.pulls.list({
owner,
repo,
state: "open",
head_prefix: `${owner}:release/publish/`,
});
const releasePRs = prs.filter(pr => pr.head.ref.startsWith("release/publish/"));
if (releasePRs.length > 0) {
const existing = releasePRs.map(pr => ` - #${pr.number}: ${pr.title} (${pr.html_url})`).join("\n");
core.setFailed(
`An open release PR already exists. Close or merge it before creating a new one:\n${existing}`
);
}
- name: Checkout Repo
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
persist-credentials: false
- name: Setup pnpm
# Omit `version:` so pnpm/action-setup inherits from the repo's
# `packageManager` field in package.json (via corepack).
uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9
- name: Setup Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 20.x
- name: Install Dependencies
run: pnpm install --frozen-lockfile
- name: Prepare release
id: prepare
run: |
if [ "${{ inputs.dry_run }}" == "true" ]; then
pnpm tsx scripts/release/prepare-release.ts --bump ${{ inputs.bump }} --scope ${{ inputs.scope }} --dry-run
else
pnpm tsx scripts/release/prepare-release.ts --bump ${{ inputs.bump }} --scope ${{ inputs.scope }}
fi
- name: Sync plugin skills
if: inputs.dry_run != true
run: pnpm sync:plugin-skills
- name: Generate AI release notes
if: inputs.dry_run != true
id: ai_notes
run: pnpm tsx scripts/release/generate-ai-release-notes.ts "${{ steps.prepare.outputs.version }}"
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
NOTION_API_KEY: ${{ secrets.NOTION_API_KEY }}
NOTION_RELEASE_NOTES_PAGE: ${{ secrets.NOTION_RELEASE_NOTES_PAGE }}
- name: Mint devops-bot token
if: inputs.dry_run != true
id: app-token
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
with:
app-id: 1108748
private-key: ${{ secrets.DEVOPS_BOT_PRIVATE_KEY }}
permission-contents: write
permission-pull-requests: write
permission-issues: write
- name: Create release PR
if: inputs.dry_run != true
id: create_pr
uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8
env:
# The PR branch is validated by CI after creation; do not run local
# developer pre-commit hooks inside the automation commit.
LEFTHOOK: "0"
with:
token: ${{ steps.app-token.outputs.token }}
branch: release/publish/${{ inputs.scope }}/v${{ steps.prepare.outputs.version }}
delete-branch: true
commit-message: "chore: release ${{ inputs.scope }} v${{ steps.prepare.outputs.version }}"
title: "chore: release ${{ inputs.scope }} v${{ steps.prepare.outputs.version }}"
body: |
## Release ${{ inputs.scope }} v${{ steps.prepare.outputs.version }}
**Scope:** `${{ inputs.scope }}` | **Bump:** `${{ inputs.bump }}`
---
### How this release process works
1. **This PR was created automatically** by the "release / create-pr" workflow.
It bumped the `${{ inputs.scope }}` packages to `${{ steps.prepare.outputs.version }}`
and generated AI-enhanced release notes.
2. **CI runs on this PR** — the full test suite (unit tests, lint, type checks, build)
must pass before merging. This is the review gate.
3. **Review the release notes** in `release-notes.md` in this PR.
If a Notion draft was created, you can edit the release notes there before merging.
4. **When this PR is merged**, the `release / publish` workflow automatically:
- Builds all packages
- Publishes the `${{ inputs.scope }}` packages to npm at version `${{ steps.prepare.outputs.version }}`
- Creates git tag `${{ inputs.scope }}/v${{ steps.prepare.outputs.version }}`
- Creates a GitHub Release with the final release notes
### Before merging
- [ ] CI is green (tests, lint, types, build)
- [ ] Version bumps look correct
- [ ] Release notes are accurate (edit in Notion if a draft was created)
---
> **Do not merge until CI is fully green.** The full test suite runs automatically on this PR.
labels: release
- name: Comment Notion link on PR
if: inputs.dry_run != true && steps.ai_notes.outputs.notion_url
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
env:
NOTION_URL: ${{ steps.ai_notes.outputs.notion_url }}
PR_NUMBER: ${{ steps.create_pr.outputs.pull-request-number }}
with:
github-token: ${{ steps.app-token.outputs.token }}
script: |
const { owner, repo } = context.repo;
const prNumber = parseInt(process.env.PR_NUMBER, 10);
const notionUrl = process.env.NOTION_URL;
if (prNumber && notionUrl) {
await github.rest.issues.createComment({
owner,
repo,
issue_number: prNumber,
body: `📝 **Release notes draft:** ${notionUrl}\n\nYou can edit the release notes in Notion before merging. The final content will be used for the GitHub Release.`,
});
}