Files
2026-07-13 12:47:58 +08:00

112 lines
3.4 KiB
YAML

name: Publish Packages
on:
workflow_call:
secrets:
E2B_API_KEY:
required: true
PYPI_TOKEN:
required: true
permissions:
contents: write
id-token: write
jobs:
test:
name: Build and test SDK
runs-on: ubuntu-22.04
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.VERSION_BUMPER_APPID }}
private-key: ${{ secrets.VERSION_BUMPER_SECRET }}
- name: Checkout Repo
uses: actions/checkout@v3
with:
token: ${{ steps.app-token.outputs.token }}
- name: Parse .tool-versions
uses: wistia/parse-tool-versions@v2.1.1
with:
filename: '.tool-versions'
uppercase: 'true'
prefix: 'tool_version_'
- name: Install uv
uses: astral-sh/setup-uv@v6
with:
version: '${{ env.TOOL_VERSION_UV }}'
python-version: '${{ env.TOOL_VERSION_PYTHON }}'
enable-cache: true
- uses: pnpm/action-setup@v4
with:
version: '${{ env.TOOL_VERSION_PNPM }}'
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '${{ env.TOOL_VERSION_NODEJS }}'
registry-url: 'https://registry.npmjs.org'
cache: pnpm
- name: Configure pnpm
run: |
pnpm config set auto-install-peers true
pnpm config set exclude-links-from-lockfile true
- name: Update npm
run: |
npm install -g npm@^11.6
npm --version
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Create new versions
run: pnpm run version
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Release new versions
uses: changesets/action@v1
with:
publish: pnpm run publish
createGithubReleases: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: "" # See https://github.com/changesets/changesets/issues/1152#issuecomment-3190884868
PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
- name: Update lock file
run: pnpm i --no-link --no-frozen-lockfile
- name: Commit new versions
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git commit -am "[skip ci] Release new versions" || exit 0
# A PR merging mid-release makes this push a non-fast-forward. The
# artifacts were already published from the checked-out tree, so we
# only rebase the version bump over incoming changes that don't touch
# packages/. Otherwise the source would claim the published version
# contains code that isn't in the artifacts, so we fail loudly.
if git push; then
exit 0
fi
git fetch origin "${GITHUB_REF_NAME}"
if git diff --name-only "HEAD~1" FETCH_HEAD -- packages/ | grep -q .; then
echo "::error::'${GITHUB_REF_NAME}' advanced with changes under packages/ during the release. Refusing to rebase the version bump onto unpublished package code (the source would diverge from the published artifacts). Reconcile manually."
exit 1
fi
git pull --rebase origin "${GITHUB_REF_NAME}"
git push
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}