name: Publish Packages on: workflow_call: secrets: E2B_API_KEY: required: true PYPI_TOKEN: required: true permissions: contents: write id-token: write jobs: test: name: Build and test SDK runs-on: ubuntu-22.04 steps: - uses: actions/create-github-app-token@v1 id: app-token with: app-id: ${{ vars.VERSION_BUMPER_APPID }} private-key: ${{ secrets.VERSION_BUMPER_SECRET }} - name: Checkout Repo uses: actions/checkout@v3 with: token: ${{ steps.app-token.outputs.token }} - name: Parse .tool-versions uses: wistia/parse-tool-versions@v2.1.1 with: filename: '.tool-versions' uppercase: 'true' prefix: 'tool_version_' - name: Install uv uses: astral-sh/setup-uv@v6 with: version: '${{ env.TOOL_VERSION_UV }}' python-version: '${{ env.TOOL_VERSION_PYTHON }}' enable-cache: true - uses: pnpm/action-setup@v4 with: version: '${{ env.TOOL_VERSION_PNPM }}' - name: Setup Node.js uses: actions/setup-node@v6 with: node-version: '${{ env.TOOL_VERSION_NODEJS }}' registry-url: 'https://registry.npmjs.org' cache: pnpm - name: Configure pnpm run: | pnpm config set auto-install-peers true pnpm config set exclude-links-from-lockfile true - name: Update npm run: | npm install -g npm@^11.6 npm --version - name: Install dependencies run: pnpm install --frozen-lockfile - name: Create new versions run: pnpm run version env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Release new versions uses: changesets/action@v1 with: publish: pnpm run publish createGithubReleases: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} NPM_TOKEN: "" # See https://github.com/changesets/changesets/issues/1152#issuecomment-3190884868 PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }} - name: Update lock file run: pnpm i --no-link --no-frozen-lockfile - name: Commit new versions run: | git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" git commit -am "[skip ci] Release new versions" || exit 0 # A PR merging mid-release makes this push a non-fast-forward. The # artifacts were already published from the checked-out tree, so we # only rebase the version bump over incoming changes that don't touch # packages/. Otherwise the source would claim the published version # contains code that isn't in the artifacts, so we fail loudly. if git push; then exit 0 fi git fetch origin "${GITHUB_REF_NAME}" if git diff --name-only "HEAD~1" FETCH_HEAD -- packages/ | grep -q .; then echo "::error::'${GITHUB_REF_NAME}' advanced with changes under packages/ during the release. Refusing to rebase the version bump onto unpublished package code (the source would diverge from the published artifacts). Reconcile manually." exit 1 fi git pull --rebase origin "${GITHUB_REF_NAME}" git push env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}