343 lines
11 KiB
YAML
343 lines
11 KiB
YAML
name: Node Packages Release
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: "Package version to publish, for example 0.4.4"
|
|
required: true
|
|
|
|
permissions:
|
|
contents: write
|
|
id-token: write
|
|
|
|
concurrency:
|
|
group: dbx-release-main
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
prepare:
|
|
name: Prepare package release
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
version: ${{ steps.version.outputs.version }}
|
|
tag: ${{ steps.version.outputs.tag }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup pnpm
|
|
uses: pnpm/action-setup@v6
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v6
|
|
with:
|
|
node-version: 22.13.0
|
|
registry-url: https://registry.npmjs.org
|
|
cache: pnpm
|
|
cache-dependency-path: pnpm-lock.yaml
|
|
|
|
- name: Check npm token
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
run: |
|
|
if [ -z "${NODE_AUTH_TOKEN}" ]; then
|
|
echo "::error::NPM_TOKEN secret is required to publish DBX Node packages."
|
|
exit 1
|
|
fi
|
|
|
|
- name: Install native build dependencies
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y libsecret-1-dev
|
|
|
|
- name: Install dependencies
|
|
run: pnpm install --frozen-lockfile
|
|
|
|
- name: Set package versions
|
|
id: version
|
|
env:
|
|
VERSION: ${{ github.event.inputs.version }}
|
|
run: |
|
|
node <<'NODE'
|
|
const fs = require("fs");
|
|
|
|
const version = process.env.VERSION.trim();
|
|
if (!/^\d+\.\d+\.\d+(-[0-9A-Za-z.-]+)?$/.test(version)) {
|
|
throw new Error(`Invalid semver version: ${version}`);
|
|
}
|
|
|
|
const readJson = (path) => JSON.parse(fs.readFileSync(path, "utf8"));
|
|
const writeJson = (path, data) => fs.writeFileSync(path, `${JSON.stringify(data, null, 2)}\n`);
|
|
|
|
for (const path of [
|
|
"packages/node-core/package.json",
|
|
"packages/cli/package.json",
|
|
"packages/mcp-server/package.json",
|
|
]) {
|
|
const pkg = readJson(path);
|
|
pkg.version = version;
|
|
writeJson(path, pkg);
|
|
}
|
|
|
|
const serverPath = "packages/mcp-server/server.json";
|
|
const server = readJson(serverPath);
|
|
server.version = version;
|
|
for (const packageInfo of server.packages ?? []) {
|
|
if (packageInfo.registryType === "npm" && packageInfo.identifier === "@dbx-app/mcp-server") {
|
|
packageInfo.version = version;
|
|
}
|
|
}
|
|
writeJson(serverPath, server);
|
|
|
|
fs.appendFileSync(process.env.GITHUB_OUTPUT, `version=${version}\n`);
|
|
fs.appendFileSync(process.env.GITHUB_OUTPUT, `tag=packages-v${version}\n`);
|
|
NODE
|
|
|
|
- name: Run package tests
|
|
run: pnpm test:packages
|
|
|
|
- name: Build and pack packages
|
|
run: pnpm publish:dry-run
|
|
|
|
- name: Configure git author
|
|
run: |
|
|
git config user.name "github-actions[bot]"
|
|
git config user.email "github-actions[bot]@users.noreply.github.com"
|
|
|
|
- name: Commit package release version
|
|
run: |
|
|
VERSION="${{ steps.version.outputs.version }}"
|
|
git add packages/node-core/package.json packages/cli/package.json packages/mcp-server/package.json packages/mcp-server/server.json
|
|
if git diff --cached --quiet; then
|
|
echo "Package versions already committed for ${VERSION}."
|
|
else
|
|
git commit -m "chore(packages): release ${VERSION} [skip node-packages-release]"
|
|
fi
|
|
|
|
- name: Rebase package release commit and push
|
|
env:
|
|
RELEASE_TOKEN: ${{ secrets.MCP_RELEASE_TOKEN }}
|
|
run: |
|
|
TAG="${{ steps.version.outputs.tag }}"
|
|
if [ -n "${RELEASE_TOKEN}" ]; then
|
|
git remote set-url origin "https://x-access-token:${RELEASE_TOKEN}@github.com/${GITHUB_REPOSITORY}.git"
|
|
fi
|
|
git fetch origin main --no-tags
|
|
git rebase origin/main
|
|
REMOTE_TAG_SHA="$(git ls-remote --tags origin "refs/tags/${TAG}" | awk '{print $1}')"
|
|
HEAD_SHA="$(git rev-parse HEAD)"
|
|
if [ -n "${REMOTE_TAG_SHA}" ]; then
|
|
if [ "${REMOTE_TAG_SHA}" != "${HEAD_SHA}" ]; then
|
|
echo "::error::Remote tag ${TAG} already exists at ${REMOTE_TAG_SHA}, expected ${HEAD_SHA}."
|
|
exit 1
|
|
fi
|
|
echo "Remote tag ${TAG} already points at ${HEAD_SHA}."
|
|
else
|
|
git tag -f "${TAG}" "${HEAD_SHA}"
|
|
fi
|
|
git push origin HEAD:main
|
|
if [ -z "${REMOTE_TAG_SHA}" ]; then
|
|
git push origin "refs/tags/${TAG}:refs/tags/${TAG}"
|
|
fi
|
|
|
|
publish-node-core:
|
|
name: Publish node-core
|
|
runs-on: ubuntu-latest
|
|
needs: prepare
|
|
outputs:
|
|
published-or-existing: ${{ steps.publish.outputs.published_or_existing }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
with:
|
|
ref: ${{ needs.prepare.outputs.tag }}
|
|
|
|
- name: Setup pnpm
|
|
uses: pnpm/action-setup@v6
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v6
|
|
with:
|
|
node-version: 22.13.0
|
|
registry-url: https://registry.npmjs.org
|
|
cache: pnpm
|
|
cache-dependency-path: pnpm-lock.yaml
|
|
|
|
- name: Install native build dependencies
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y libsecret-1-dev
|
|
|
|
- name: Install dependencies
|
|
run: pnpm install --frozen-lockfile
|
|
|
|
- name: Publish Node core
|
|
id: publish
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
VERSION: ${{ needs.prepare.outputs.version }}
|
|
run: |
|
|
if npm view "@dbx-app/node-core@${VERSION}" version >/dev/null 2>&1; then
|
|
echo "@dbx-app/node-core@${VERSION} already exists on npm; skipping."
|
|
echo "published_or_existing=true" >> "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
pnpm --filter @dbx-app/node-core publish --access public --provenance --no-git-checks
|
|
echo "published_or_existing=true" >> "$GITHUB_OUTPUT"
|
|
|
|
publish-leaf-packages:
|
|
name: Publish ${{ matrix.package-name }}
|
|
runs-on: ubuntu-latest
|
|
needs: [prepare, publish-node-core]
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- package-name: "@dbx-app/cli"
|
|
filter: "@dbx-app/cli"
|
|
- package-name: "@dbx-app/mcp-server"
|
|
filter: "@dbx-app/mcp-server"
|
|
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
with:
|
|
ref: ${{ needs.prepare.outputs.tag }}
|
|
|
|
- name: Setup pnpm
|
|
uses: pnpm/action-setup@v6
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v6
|
|
with:
|
|
node-version: 22.13.0
|
|
registry-url: https://registry.npmjs.org
|
|
cache: pnpm
|
|
cache-dependency-path: pnpm-lock.yaml
|
|
|
|
- name: Install native build dependencies
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y libsecret-1-dev
|
|
|
|
- name: Install dependencies
|
|
run: pnpm install --frozen-lockfile
|
|
|
|
- name: Build workspace dependencies
|
|
run: pnpm --filter @dbx-app/node-core build
|
|
|
|
- name: Publish package
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
VERSION: ${{ needs.prepare.outputs.version }}
|
|
PACKAGE_NAME: ${{ matrix.package-name }}
|
|
PACKAGE_FILTER: ${{ matrix.filter }}
|
|
run: |
|
|
if npm view "${PACKAGE_NAME}@${VERSION}" version >/dev/null 2>&1; then
|
|
echo "${PACKAGE_NAME}@${VERSION} already exists on npm; skipping."
|
|
exit 0
|
|
fi
|
|
pnpm --filter "${PACKAGE_FILTER}" publish --access public --provenance --no-git-checks
|
|
|
|
publish-homebrew-formula:
|
|
name: Publish Homebrew formula
|
|
runs-on: ubuntu-latest
|
|
needs: [prepare, publish-leaf-packages]
|
|
steps:
|
|
- name: Download CLI npm tarball and compute SHA256
|
|
id: cli-hash
|
|
env:
|
|
VERSION: ${{ needs.prepare.outputs.version }}
|
|
run: |
|
|
VERSION="${VERSION}"
|
|
NPM_TARBALL="cli-${VERSION}.tgz"
|
|
NPM_URL="https://registry.npmjs.org/@dbx-app/cli/-/${NPM_TARBALL}"
|
|
|
|
# Poll npm until the package is available (CDN propagation delay)
|
|
for i in $(seq 1 12); do
|
|
if curl -fsSLI "${NPM_URL}" >/dev/null 2>&1; then
|
|
echo "Package found on attempt ${i}"
|
|
break
|
|
fi
|
|
echo "Waiting for npm CDN (attempt ${i}/12)..."
|
|
sleep 10
|
|
done
|
|
|
|
curl -fsSL -o "${NPM_TARBALL}" "${NPM_URL}"
|
|
CLI_SHA256=$(sha256sum "${NPM_TARBALL}" | cut -d ' ' -f 1)
|
|
echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
|
|
echo "sha256=${CLI_SHA256}" >> "$GITHUB_OUTPUT"
|
|
echo " cli version: ${VERSION}"
|
|
echo " sha256: ${CLI_SHA256}"
|
|
|
|
- name: Push formula to homebrew-tap
|
|
env:
|
|
TAP_GITHUB_TOKEN: ${{ secrets.TAP_GITHUB_TOKEN }}
|
|
CLI_VERSION: ${{ steps.cli-hash.outputs.version }}
|
|
CLI_SHA256: ${{ steps.cli-hash.outputs.sha256 }}
|
|
run: |
|
|
git clone --depth 1 \
|
|
"https://x-access-token:${TAP_GITHUB_TOKEN}@github.com/t8y2/homebrew-tap.git" \
|
|
homebrew-tap
|
|
cd homebrew-tap
|
|
mkdir -p Formula
|
|
|
|
cat > Formula/dbx-cli.rb <<'RUBY_EOF'
|
|
class DbxCli < Formula
|
|
desc "Command-line interface for DBX database connections, schema, and safe queries"
|
|
homepage "https://github.com/t8y2/dbx"
|
|
url "https://registry.npmjs.org/@dbx-app/cli/-/cli-__CLI_VERSION__.tgz"
|
|
sha256 "__CLI_SHA256__"
|
|
license "Apache-2.0"
|
|
|
|
depends_on "node"
|
|
|
|
on_linux do
|
|
depends_on "pkgconf" => :build
|
|
depends_on "libsecret"
|
|
end
|
|
|
|
def install
|
|
system "npm", "install", *std_npm_args
|
|
bin.install_symlink libexec.glob("bin/*")
|
|
|
|
# Rebuild better-sqlite3 and keytar native bindings for the current platform.
|
|
# prebuild-install is blocked by the Homebrew sandbox during npm install,
|
|
# so we must rebuild them explicitly via node-gyp.
|
|
node_modules = libexec/"lib/node_modules/@dbx-app/cli/node_modules"
|
|
|
|
cd node_modules/"better-sqlite3" do
|
|
system "npm", "run", "build-release"
|
|
end
|
|
|
|
cd node_modules/"keytar" do
|
|
rm_r "prebuilds" if File.directory?("prebuilds")
|
|
system "npm", "run", "build"
|
|
end
|
|
end
|
|
|
|
test do
|
|
assert_path_exists bin/"dbx"
|
|
system bin/"dbx", "doctor"
|
|
end
|
|
end
|
|
RUBY_EOF
|
|
|
|
sed -i 's/^ //' Formula/dbx-cli.rb
|
|
sed -i "s/__CLI_VERSION__/${CLI_VERSION}/g" Formula/dbx-cli.rb
|
|
sed -i "s/__CLI_SHA256__/${CLI_SHA256}/g" Formula/dbx-cli.rb
|
|
|
|
git config user.name "github-actions[bot]"
|
|
git config user.email "github-actions[bot]@users.noreply.github.com"
|
|
git add Formula/dbx-cli.rb
|
|
|
|
if git diff --cached --quiet; then
|
|
echo "CLI Homebrew formula is already up to date."
|
|
else
|
|
git commit -m "dbx-cli ${CLI_VERSION}"
|
|
git push
|
|
echo "::notice::CLI Homebrew formula updated to ${CLI_VERSION}"
|
|
fi
|