feat: add checks to release pull request

.github/workflows/audit.yml

@@ -10,9 +10,12 @@ on:
 
 jobs:
   audit:
-    name: Audit
+    name: Audit Dependencies
     if: github.repository_owner == 'npm'
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
       - name: Checkout
         uses: actions/checkout@v3

.github/workflows/ci-release.yml

@@ -8,13 +8,33 @@ on:
       ref:
         required: true
         type: string
+      check-sha:
+        required: true
+        type: string
 
 jobs:
   lint-all:
     name: Lint All
     if: github.repository_owner == 'npm'
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
+      - name: Create Check
+        uses: LouisBrunner/checks-action@v1.3.1
+        id: check
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          status: in_progress
+          name: Lint All
+          sha: ${{ inputs.check-sha }}
+          # XXX: this does not work when using the default GITHUB_TOKEN.
+          # Instead we post the main job url to the PR as a comment which
+          # will link to all the other checks. To work around this we would
+          # need to create a GitHub that would create on-demand tokens.
+          # https://github.com/LouisBrunner/checks-action/issues/18
+          # details_url:
       - name: Checkout
         uses: actions/checkout@v3
         with:
@@ -37,6 +57,13 @@ jobs:
         run: npm run lint --ignore-scripts
       - name: Post Lint
         run: npm run postlint --ignore-scripts
+      - name: Conclude Check
+        uses: LouisBrunner/checks-action@v1.3.1
+        if: always()
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          conclusion: ${{ job.status }}
+          check_id: ${{ steps.check.outputs.check_id }}
 
   test-all:
     name: Test All - ${{ matrix.platform.name }} - Node ${{ matrix.node-version }}
@@ -66,6 +93,20 @@ jobs:
       run:
         shell: ${{ matrix.platform.shell }}
     steps:
+      - name: Create Check
+        uses: LouisBrunner/checks-action@v1.3.1
+        id: check
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          status: in_progress
+          name: Test All - ${{ matrix.platform.name }} - Node ${{ matrix.node-version }}
+          sha: ${{ inputs.check-sha }}
+          # XXX: this does not work when using the default GITHUB_TOKEN.
+          # Instead we post the main job url to the PR as a comment which
+          # will link to all the other checks. To work around this we would
+          # need to create a GitHub that would create on-demand tokens.
+          # https://github.com/LouisBrunner/checks-action/issues/18
+          # details_url:
       - name: Checkout
         uses: actions/checkout@v3
         with:
@@ -102,3 +143,10 @@ jobs:
         run: echo "::add-matcher::.github/matchers/tap.json"
       - name: Test
         run: npm test --ignore-scripts -ws -iwr --if-present
+      - name: Conclude Check
+        uses: LouisBrunner/checks-action@v1.3.1
+        if: always()
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          conclusion: ${{ job.status }}
+          check_id: ${{ steps.check.outputs.check_id }}

.github/workflows/ci.yml

@@ -18,6 +18,9 @@ jobs:
     name: Lint
     if: github.repository_owner == 'npm'
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -41,7 +44,7 @@ jobs:
         run: npm run postlint --ignore-scripts
 
   test:
-    name: Test - ${{ matrix.platform.name }} - Node ${{ matrix.node-version }}
+    name: Test All - ${{ matrix.platform.name }} - Node ${{ matrix.node-version }}
     if: github.repository_owner == 'npm'
     strategy:
       fail-fast: false

.github/workflows/post-dependabot.yml

@@ -9,9 +9,12 @@ permissions:
 
 jobs:
   template-oss:
-    name: "@npmcli/template-oss"
+    name: template-oss
     if: github.repository_owner == 'npm' && github.actor == 'dependabot[bot]'
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
       - name: Checkout
         uses: actions/checkout@v3

.github/workflows/pull-request.yml

@@ -15,6 +15,9 @@ jobs:
     name: Lint Commits
     if: github.repository_owner == 'npm'
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
       - name: Checkout
         uses: actions/checkout@v3

.github/workflows/release.yml

@@ -11,15 +11,22 @@ on:
 permissions:
   contents: write
   pull-requests: write
+  checks: write
 
 jobs:
-  release-please:
-    name: Release Please
+  release:
     outputs:
-      pr: ${{ steps.release.outputs.pr }}
-      release: ${{ steps.release.outputs.release }}
+      pr: steps.release.outputs.pr
+      branch: ${{ fromJSON(steps.release.outputs.pr).headBranchName }}
+      pr-number: ${{ fromJSON(steps.release.outputs.pr).number }}
+      comment-id: ${{ fromJSON(steps.pr-metadata.outputs.result).commentId }}
+      check-id: ${{ steps.check.outputs.check_id }}
+    name: Release
     if: github.repository_owner == 'npm'
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -37,29 +44,76 @@ jobs:
         run: npm -v
       - name: Install Dependencies
         run: npm i --ignore-scripts --no-audit --no-fund
-      - name: npx template-oss-release-please ${{ github.ref_name }}
+      - name: Release Please
         id: release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: npx --offline template-oss-release-please ${{ github.ref_name }}
+      - name: Post Workflow URL Comment
+        if: steps.release.outputs.pr
+        uses: actions/github-script@v6
+        id: pr-metadata
+        env:
+          PR_NUMBER: ${{ fromJSON(steps.release.outputs.pr).number }}
+        with:
+          result-encoding: string
+          script: |
+            const repo = { owner: context.repo.owner, repo: context.repo.repo }
+            const pull = { ...repo, pull_number: process.env.PR_NUMBER }
+            const issue = { ...repo, issue_number: process.env.PR_NUMBER }
 
-  post-pr:
-    name: Post Pull Request
-    needs: release-please
-    if: needs.release-please.outputs.pr
-    runs-on: ubuntu-latest
+            const { data: workflow } = await github.rest.actions.getWorkflowRun({ ...repo, run_id: context.runId })
+
+            let body = '## Release Manager\n\nSee the CI for this release is at '
+
+            const comments = await github.paginate(github.rest.issues.listComments, issue)
+            let commentId = comments?.find(c => c.user.login === 'github-actions[bot]' && c.body.startsWith(body))?.id
+
+            body += workflow.html_url
+            if (commentId) {
+              await github.rest.issues.updateComment({ ...repo, comment_id: commentId, body })
+            } else {
+              const comment = await github.rest.issues.createComment({ ...issue, body })
+              commentId = comment?.id
+            }
+
+            const commits = await github.paginate(github.rest.pulls.listCommits, pull)
+            return {
+              commentId,
+              sha: commits?.[commits.length - 1]?.sha,
+            }
+      - name: Create Check
+        uses: LouisBrunner/checks-action@v1.3.1
+        id: check
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          status: in_progress
+          name: Release
+          sha: ${{ fromJSON(steps.pr-metadata.outputs.result).sha }}
+          # XXX: this does not work when using the default GITHUB_TOKEN.
+          # Instead we post the main job url to the PR as a comment which
+          # will link to all the other checks. To work around this we would
+          # need to create a GitHub that would create on-demand tokens.
+          # https://github.com/LouisBrunner/checks-action/issues/18
+          # details_url:
+
+  update:
+    needs: release
     outputs:
-      ref: ${{ steps.ref.outputs.branch }}
       sha: ${{ steps.commit.outputs.sha }}
+      check-id: ${{ steps.check.outputs.check_id }}
+    name: Update Release
+    if: github.repository_owner == 'npm' && needs.release.outputs.pr
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
-      - name: Output PR Head Branch
-        id: ref
-        run: echo "::set-output name=branch::${{ fromJSON(needs.release-please.outputs.pr).headBranchName }}"
       - name: Checkout
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
-          ref: ${{ steps.ref.outputs.branch }}
+          ref: ${{ needs.release.outputs.branch }}
       - name: Setup Git User
         run: |
           git config --global user.email "npm-cli+bot@github.com"
@@ -75,47 +129,75 @@ jobs:
       - name: Install Dependencies
         run: npm i --ignore-scripts --no-audit --no-fund
       - name: Run Post Pull Request Actions
+        env:
+          RELEASE_PR_NUMBER: ${{ needs.release.outputs.pr-number }}
+          RELEASE_COMMENT_ID: ${{ needs.release.outputs.comment-id }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: npm run rp-pull-request --ignore-scripts -ws -iwr --if-present
-      - name: Commit and Push
+      - name: Commit
         id: commit
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          git commit -am "chore: post pull request" || true
-          echo "::set-output sha=$(git rev-parse HEAD)"
-          git push
+          git commit --all --amend --no-edit || true
+          git push --force-with-lease
+          echo "::set-output  name=sha::$(git rev-parse HEAD)"
+      # We changed the commit sha so we end the check_run from the previous job
+      # and start a new one on the new commit sha
+      - name: Create Check
+        uses: LouisBrunner/checks-action@v1.3.1
+        id: check
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          status: in_progress
+          name: Release
+          sha: ${{ steps.commit.outputs.sha }}
+          # XXX: this does not work when using the default GITHUB_TOKEN.
+          # Instead we post the main job url to the PR as a comment which
+          # will link to all the other checks. To work around this we would
+          # need to create a GitHub that would create on-demand tokens.
+          # https://github.com/LouisBrunner/checks-action/issues/18
+          # details_url:
+      - name: Conclude Check
+        uses: LouisBrunner/checks-action@v1.3.1
+        if: always()
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          conclusion: ${{ job.status }}
+          check_id: ${{ needs.release.outputs.check-id }}
 
-  release-test:
-    name: Test
-    needs: post-pr
-    if: needs.post-pr.outputs.ref
+  ci:
+    name: CI - Release
+    needs: [ release, update ]
+    if: needs.release.outputs.pr
     uses: ./.github/workflows/ci-release.yml
     with:
-      ref: ${{ needs.post-pr.outputs.ref }}
-      sha: ${{ needs.post-pr.outputs.sha }}
+      ref: ${{ needs.release.outputs.branch }}
+      check-sha: ${{ needs.update.outputs.sha }}
 
-  post-release:
-    name: Post Release
-    needs: release-please
-    if: github.repository_owner == 'npm' && needs.release-please.outputs.release
+  post-ci:
+    needs: [ release, update, ci ]
+    name: Post CI - Release
+    if: github.repository_owner == 'npm' && needs.release.outputs.pr && always()
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Setup Git User
+      - name: Get Needs Result
+        id: needs-result
         run: |
-          git config --global user.email "npm-cli+bot@github.com"
-          git config --global user.name "npm CLI robot"
-      - name: Setup Node
-        uses: actions/setup-node@v3
+          if [[ "${{ contains(needs.*.result, 'failure') }}" == "true" ]]; then
+            echo "::set-output name=result::failure"
+          elif [[ "${{ contains(needs.*.result, 'cancelled') }}" == "true" ]]; then
+            echo "::set-output name=result::cancelled"
+          else
+            echo "::set-output name=result::success"
+          fi
+      - name: Conclude Check
+        uses: LouisBrunner/checks-action@v1.3.1
+        if: always()
         with:
-          node-version: 18.x
-      - name: Install npm@latest
-        run: npm i --prefer-online --no-fund --no-audit -g npm@latest
-      - name: npm Version
-        run: npm -v
-      - name: Install Dependencies
-        run: npm i --ignore-scripts --no-audit --no-fund
-      - name: Run Post Release Actions
-        run: |
-          npm run rp-release --ignore-scripts -ws -iwr --if-present
+          token: ${{ secrets.GITHUB_TOKEN }}
+          conclusion: ${{ steps.needs-result.outputs.result }}
+          check_id: ${{ needs.update.outputs.check-id }}

lib/content/_setup-job-matrix.yml → lib/content/_job-matrix.yml

@@ -1,3 +1,4 @@
+name: {{ jobName }}
 if: github.repository_owner == 'npm'
 strategy:
   fail-fast: false
@@ -25,6 +26,4 @@ defaults:
   run:
     shell: $\{{ matrix.platform.shell }}
 steps:
-  {{> setupGit }}
-  {{> setupNode jobUseMatrix=true }}
-  {{> setupDeps }}
+  {{> stepsSetup jobNodeMatrix=true }}

lib/content/_setup-job.yml → lib/content/_job.yml

@@ -1,6 +1,8 @@
+name: {{ jobName }}
 if: github.repository_owner == 'npm' {{~#if jobIf}} && {{{ jobIf }}}{{/if}}
 runs-on: ubuntu-latest
+defaults:
+  run:
+    shell: bash
 steps:
-  {{> setupGit }}
-  {{> setupNode }}
-  {{> setupDeps }}
+  {{> stepsSetup }}