feat(publish): per-lexicon independent versioning and publish-on-merge#547
Merged
Conversation
#528) Add a publish-on-merge workflow with the push trigger disabled (safety gate): merging this PR is a no-op for npm. A human removes the comment block on the push trigger after confirming the trusted-publisher OIDC record covers the new workflow file name. Workflow design: one job, sequential steps, cheap version comparison first (npm view vs local package.json). Only packages whose version differs from the published npm version run prepack + publish. Reuses the OIDC trusted-publisher setup from publish.yml (no registry-url, no placeholder token). Extend LexiconUpgradeOp to bump the lexicon's package.json version in pull-request mode for pinned lexicons (k8s, gcp, docker, gitlab). The semver label computed from the surface delta drives the bump: additive -> minor, breaking -> major. Rolling lexicons (aws, azure, github) are excluded and will move to drift-issues (#546). New exports: computeBumpedVersion, bumpPackageJsonVersion, BumpPackageVersionFn. All injectable for tests via _bumpPackageVersion. Unit tests: computeBumpedVersion (minor/breaking/v-prefix/unparseable), bumpPackageJsonVersion (writes version, preserves fields, trailing newline), and two integration tests for the pull-request mode flow (pinned bumps package.json; rolling does not). Docs: add independent versioning note to guide/managing-lexicons.mdx explaining the per-package cadence and the ^ peer range.
The PR-automation git calls (branch/checkout/commit/push) used execAsync directly while only gh() was injectable, so the pull-request-mode tests executed real git — passing locally (with push auth) by force-pushing to origin and failing in CI (no auth). Route all git through the injected gh runner (defaults to execAsync, so production is unchanged); tests now mock every shell-out and run hermetically (27 tests, 4ms, no network).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #528.
Summary
.github/workflows/publish-on-merge.yml— publish-on-merge workflow with thepush:trigger commented out (safety gate). Onlyworkflow_dispatchis active. Merging this PR publishes nothing.LexiconUpgradeOp(pull-request mode, pinned lexicons) to bump the lexicon'spackage.jsonversion alongside the spec version constant. Semver label drives the bump:minor→ minor bump,breaking→ major bump. Rolling lexicons excluded (feat(lexicon-upgrade): rolling lexicons should emit a drift issue, not a baseline-only PR #546).computeBumpedVersion,bumpPackageJsonVersion,BumpPackageVersionFn(all injectable).lexicon-upgrade.test.tspass.guide/managing-lexicons.mdx.Safety gate
The
push:trigger inpublish-on-merge.ymlis commented out with an explicit explanation:Only
workflow_dispatchis wired. Merging this PR cannot publish any package.To un-gate: confirm the trusted-publisher OIDC record on npmjs.com covers
publish-on-merge.yml, then remove the comment block on thepush:trigger.Publish-on-merge flow (once un-gated)
maintriggers the workflow.package.jsonversion; callnpm view <pkg> version.npm run prepack(generates/bundles/validates) thennpm publish --access public --provenance.Version-bump-in-PR flow (pinned lexicons)
When a
LexiconUpgradeOpinpull-requestmode finds a pinned upgrade with validation passing:versions.ts(existing_applyBump).package.json.computeBumpedVersion(current, semverLabel)→ new version string.bumpPackageJsonVersion(pkgJsonPath, newVersion)to write the new version.package.jsonalongside the spec constant change.Merging that PR carries both changes to
main, which triggers publish-on-merge for exactly that lexicon.Validation
Deferred