feat: add checks to release pull request

.github/workflows/audit.yml

@@ -10,10 +10,14 @@ on:
 
 jobs:
   audit:
-    name: Audit
+    name: Audit Dependencies
     if: github.repository_owner == 'npm'
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
+
       - name: Checkout
         uses: actions/checkout@v3
       - name: Setup Git User

.github/workflows/ci-release.yml

@@ -8,13 +8,34 @@ on:
       ref:
         required: true
         type: string
+      check-sha:
+        required: true
+        type: string
 
 jobs:
   lint-all:
     name: Lint All
     if: github.repository_owner == 'npm'
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
+      - name: Create Check
+        uses: LouisBrunner/checks-action@v1.3.1
+        id: check
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          status: in_progress
+          name: Lint All
+          sha: ${{ inputs.check-sha }}
+          # XXX: this does not work when using the default GITHUB_TOKEN.
+          # Instead we post the main job url to the PR as a comment which
+          # will link to all the other checks. To work around this we would
+          # need to create a GitHub that would create on-demand tokens.
+          # https://github.com/LouisBrunner/checks-action/issues/18
+          # details_url:
+
       - name: Checkout
         uses: actions/checkout@v3
         with:
@@ -37,6 +58,13 @@ jobs:
         run: npm run lint --ignore-scripts
       - name: Post Lint
         run: npm run postlint --ignore-scripts
+      - name: Conclude Check
+        uses: LouisBrunner/checks-action@v1.3.1
+        if: always()
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          conclusion: ${{ job.status }}
+          check_id: ${{ steps.check.outputs.check_id }}
 
   test-all:
     name: Test All - ${{ matrix.platform.name }} - Node ${{ matrix.node-version }}
@@ -66,6 +94,21 @@ jobs:
       run:
         shell: ${{ matrix.platform.shell }}
     steps:
+      - name: Create Check
+        uses: LouisBrunner/checks-action@v1.3.1
+        id: check
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          status: in_progress
+          name: Test All - ${{ matrix.platform.name }} - Node ${{ matrix.node-version }}
+          sha: ${{ inputs.check-sha }}
+          # XXX: this does not work when using the default GITHUB_TOKEN.
+          # Instead we post the main job url to the PR as a comment which
+          # will link to all the other checks. To work around this we would
+          # need to create a GitHub that would create on-demand tokens.
+          # https://github.com/LouisBrunner/checks-action/issues/18
+          # details_url:
+
       - name: Checkout
         uses: actions/checkout@v3
         with:
@@ -102,3 +145,10 @@ jobs:
         run: echo "::add-matcher::.github/matchers/tap.json"
       - name: Test
         run: npm test --ignore-scripts -ws -iwr --if-present
+      - name: Conclude Check
+        uses: LouisBrunner/checks-action@v1.3.1
+        if: always()
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          conclusion: ${{ job.status }}
+          check_id: ${{ steps.check.outputs.check_id }}

.github/workflows/ci.yml

@@ -18,7 +18,11 @@ jobs:
     name: Lint
     if: github.repository_owner == 'npm'
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
+
       - name: Checkout
         uses: actions/checkout@v3
       - name: Setup Git User
@@ -41,7 +45,7 @@ jobs:
         run: npm run postlint --ignore-scripts
 
   test:
-    name: Test - ${{ matrix.platform.name }} - Node ${{ matrix.node-version }}
+    name: Test All - ${{ matrix.platform.name }} - Node ${{ matrix.node-version }}
     if: github.repository_owner == 'npm'
     strategy:
       fail-fast: false
@@ -68,6 +72,7 @@ jobs:
       run:
         shell: ${{ matrix.platform.shell }}
     steps:
+
       - name: Checkout
         uses: actions/checkout@v3
       - name: Setup Git User

.github/workflows/post-dependabot.yml

@@ -9,10 +9,14 @@ permissions:
 
 jobs:
   template-oss:
-    name: "@npmcli/template-oss"
+    name: template-oss
     if: github.repository_owner == 'npm' && github.actor == 'dependabot[bot]'
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
+
       - name: Checkout
         uses: actions/checkout@v3
         with:

.github/workflows/pull-request.yml

@@ -15,7 +15,11 @@ jobs:
     name: Lint Commits
     if: github.repository_owner == 'npm'
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
+
       - name: Checkout
         uses: actions/checkout@v3
         with:

.github/workflows/release.yml

@@ -11,16 +11,21 @@ on:
 permissions:
   contents: write
   pull-requests: write
+  checks: write
 
 jobs:
-  release-please:
-    name: Release Please
+  release:
     outputs:
-      pr: ${{ steps.release.outputs.pr }}
-      release: ${{ steps.release.outputs.release }}
+      branch: ${{ fromJSON(steps.release.outputs.pr).headBranchName }}
+      check-id: ${{ steps.check.outputs.check_id }}
+    name: Release
     if: github.repository_owner == 'npm'
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
+
       - name: Checkout
         uses: actions/checkout@v3
       - name: Setup Git User
@@ -37,29 +42,73 @@ jobs:
         run: npm -v
       - name: Install Dependencies
         run: npm i --ignore-scripts --no-audit --no-fund
-      - name: npx template-oss-release-please ${{ github.ref_name }}
+      - name: Release Please
         id: release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: npx --offline template-oss-release-please ${{ github.ref_name }}
+      - name: Post Workflow URL Comment
+        if: steps.release.outputs.pr
+        uses: actions/github-script@v6
+        id: pr-sha
+        env:
+          PR_NUMBER: ${{ fromJSON(steps.release.outputs.pr).number }}
+        with:
+          result-encoding: string
+          script: |
+            const repo = { owner: context.repo.owner, repo: context.repo.repo }
+            const pull = { ...repo, pull_number: process.env.PR_NUMBER }
+            const issue = { ...repo, issue_number: process.env.PR_NUMBER }
 
-  post-pr:
-    name: Post Pull Request
-    needs: release-please
-    if: needs.release-please.outputs.pr
-    runs-on: ubuntu-latest
+            const { data: workflow } = await github.rest.actions.getWorkflowRun({ ...repo, run_id: context.runId })
+
+            let body = 'See the CI for this release is at '
+
+            const comments = await github.paginate(github.rest.issues.listComments, issue)
+            const commentId = comments?.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id
+
+            body += workflow.html_url
+            if (commentId) {
+              await github.rest.issues.updateComment({ ...repo, comment_id: commentId, body })
+            } else {
+              await github.rest.issues.createComment({ ...issue, body })
+            }
+
+            const commits = await github.paginate(github.rest.pulls.listCommits, pull)
+            return commits?.[commits.length - 1]?.sha
+      - name: Create Check
+        uses: LouisBrunner/checks-action@v1.3.1
+        id: check
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          status: in_progress
+          name: Release
+          sha: ${{ steps.pr-sha.outputs.result }}
+          # XXX: this does not work when using the default GITHUB_TOKEN.
+          # Instead we post the main job url to the PR as a comment which
+          # will link to all the other checks. To work around this we would
+          # need to create a GitHub that would create on-demand tokens.
+          # https://github.com/LouisBrunner/checks-action/issues/18
+          # details_url:
+
+  update:
+    needs: release
     outputs:
-      ref: ${{ steps.ref.outputs.branch }}
       sha: ${{ steps.commit.outputs.sha }}
+      check-id: ${{ steps.check.outputs.check_id }}
+    name: Update Release
+    if: github.repository_owner == 'npm' && needs.release.outputs.branch && needs.release.outputs.check-id
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
-      - name: Output PR Head Branch
-        id: ref
-        run: echo "::set-output name=branch::${{ fromJSON(needs.release-please.outputs.pr).headBranchName }}"
+
       - name: Checkout
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
-          ref: ${{ steps.ref.outputs.branch }}
+          ref: ${{ needs.release.outputs.branch }}
       - name: Setup Git User
         run: |
           git config --global user.email "npm-cli+bot@github.com"
@@ -76,46 +125,70 @@ jobs:
         run: npm i --ignore-scripts --no-audit --no-fund
       - name: Run Post Pull Request Actions
         run: npm run rp-pull-request --ignore-scripts -ws -iwr --if-present
-      - name: Commit and Push
+      - name: Commit
         id: commit
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          git commit -am "chore: post pull request" || true
-          echo "::set-output sha=$(git rev-parse HEAD)"
-          git push
+          git commit --all --amend --no-edit || true
+          git push --force-with-lease
+          echo "::set-output  name=sha::$(git rev-parse HEAD)"
+      # We changed the commit sha so we end the check_run from the previous job
+      # and start a new one on the new commit sha
+      - name: Create Check
+        uses: LouisBrunner/checks-action@v1.3.1
+        id: check
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          status: in_progress
+          name: Release
+          sha: ${{ steps.commit.outputs.sha }}
+          # XXX: this does not work when using the default GITHUB_TOKEN.
+          # Instead we post the main job url to the PR as a comment which
+          # will link to all the other checks. To work around this we would
+          # need to create a GitHub that would create on-demand tokens.
+          # https://github.com/LouisBrunner/checks-action/issues/18
+          # details_url:
+      - name: Conclude Check
+        uses: LouisBrunner/checks-action@v1.3.1
+        if: always()
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          conclusion: ${{ job.status }}
+          check_id: ${{ needs.release.outputs.check-id }}
 
-  release-test:
-    name: Test
-    needs: post-pr
-    if: needs.post-pr.outputs.ref
+  ci:
+    name: CI - Release
+    needs: [ release, update ]
     uses: ./.github/workflows/ci-release.yml
     with:
-      ref: ${{ needs.post-pr.outputs.ref }}
-      sha: ${{ needs.post-pr.outputs.sha }}
+      ref: ${{ needs.release.outputs.branch }}
+      check-sha: ${{ needs.update.outputs.sha }}
 
-  post-release:
-    name: Post Release
-    needs: release-please
-    if: github.repository_owner == 'npm' && needs.release-please.outputs.release
+  post-ci:
+    needs: [ release, update, ci ]
+    name: Post CI - Release
+    if: github.repository_owner == 'npm' && always()
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Setup Git User
+
+      - name: Get Needs Result
+        id: needs-result
         run: |
-          git config --global user.email "npm-cli+bot@github.com"
-          git config --global user.name "npm CLI robot"
-      - name: Setup Node
-        uses: actions/setup-node@v3
+          if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" ]]; then
+            echo "::set-output name=result::failure"
+          elif [[ "${{ contains(needs.*.result, 'cancelled') }}" == "true" ]]; then
+            echo "::set-output name=result::cancelled"
+          else
+            echo "::set-output name=result::success"
+          fi
+      - name: Conclude Check
+        uses: LouisBrunner/checks-action@v1.3.1
+        if: always()
         with:
-          node-version: 18.x
-      - name: Install npm@latest
-        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
-      - name: npm Version
-        run: npm -v
-      - name: Install Dependencies
-        run: npm i --ignore-scripts --no-audit --no-fund
-      - name: Run Post Release Actions
-        run: |
-          npm run rp-release --ignore-scripts -ws -iwr --if-present
+          token: ${{ secrets.GITHUB_TOKEN }}
+          conclusion: ${{ steps.needs-result.outputs.result }}
+          check_id: ${{ needs.update.outputs.check-id }}

lib/content/_setup-job-matrix.yml → lib/content/_job-matrix.yml

@@ -1,3 +1,4 @@
+name: {{ jobName }}
 if: github.repository_owner == 'npm'
 strategy:
   fail-fast: false
@@ -25,6 +26,4 @@ defaults:
   run:
     shell: $\{{ matrix.platform.shell }}
 steps:
-  {{> setupGit }}
-  {{> setupNode jobUseMatrix=true }}
-  {{> setupDeps }}
+  {{> stepsSetup jobNodeMatrix=true }}

lib/content/_setup-job.yml → lib/content/_job.yml

@@ -1,6 +1,8 @@
+name: {{ jobName }}
 if: github.repository_owner == 'npm' {{~#if jobIf}} && {{{ jobIf }}}{{/if}}
 runs-on: ubuntu-latest
+defaults:
+  run:
+    shell: bash
 steps:
-  {{> setupGit }}
-  {{> setupNode }}
-  {{> setupDeps }}
+  {{> stepsSetup }}