From 9260259f5980988e32e2cb3574ab47f979a36d76 Mon Sep 17 00:00:00 2001 From: Matt Brophy Date: Thu, 6 Nov 2025 15:39:57 -0500 Subject: [PATCH] Setup github workflows for trusted publishing --- .github/workflows/release-experimental.yml | 59 ------- .github/workflows/release-nightly.yml | 95 ----------- .github/workflows/release-stage-2-alpha.yml | 86 ---------- .github/workflows/release.yml | 170 ++++++++++++++++++-- 4 files changed, 160 insertions(+), 250 deletions(-) delete mode 100644 .github/workflows/release-experimental.yml delete mode 100644 .github/workflows/release-nightly.yml delete mode 100644 .github/workflows/release-stage-2-alpha.yml diff --git a/.github/workflows/release-experimental.yml b/.github/workflows/release-experimental.yml deleted file mode 100644 index 373afa10ba..0000000000 --- a/.github/workflows/release-experimental.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: ๐Ÿงช Experimental Release - -on: - workflow_dispatch: - inputs: - branch: - required: true - -concurrency: ${{ github.workflow }}-${{ github.ref }} - -env: - CI: true - -jobs: - experimental: - name: ๐Ÿงช Experimental Release - if: github.repository == 'remix-run/react-router' - runs-on: ubuntu-latest - steps: - - name: โฌ‡๏ธ Checkout repo - uses: actions/checkout@v5 - with: - ref: ${{ github.event.inputs.branch }} - # checkout using a custom token so that we can push later on - token: ${{ secrets.GITHUB_TOKEN }} - fetch-depth: 0 - - - name: ๐Ÿ“ฆ Setup pnpm - uses: pnpm/action-setup@v4 - - - name: โŽ” Setup node - uses: actions/setup-node@v6 - with: - node-version-file: ".nvmrc" - cache: "pnpm" - - - name: ๐Ÿ“ฅ Install deps - run: pnpm install --frozen-lockfile - - - name: โคด๏ธ Update version - run: | - git config --local user.email "hello@remix.run" - git config --local user.name "Remix Run Bot" - SHORT_SHA=$(git rev-parse --short HEAD) - NEXT_VERSION=0.0.0-experimental-${SHORT_SHA} - git checkout -b experimental/${NEXT_VERSION} - pnpm run version ${NEXT_VERSION} - git push origin --tags - - - name: ๐Ÿ— Build - run: pnpm build - - - name: ๐Ÿ” Setup npm auth - run: | - echo "registry=https://registry.npmjs.org" >> ~/.npmrc - echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> ~/.npmrc - - - name: ๐Ÿš€ Publish - run: pnpm run publish diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml deleted file mode 100644 index be5ec510e8..0000000000 --- a/.github/workflows/release-nightly.yml +++ /dev/null @@ -1,95 +0,0 @@ -name: ๐ŸŒ’ Nightly Release - -on: - workflow_dispatch: - schedule: - - cron: "0 7 * * *" # every day at 12AM PST - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -env: - CI: true - -jobs: - # HEADS UP! this "nightly" job will only ever run on the `main` branch due to - # it being a cron job, and the last commit on main will be what github shows - # as the trigger however in the checkout below we specify the `dev` branch, - # so all the scripts in this job will be ran from that, confusing i know, so - # in some cases we'll need to create multiple PRs when modifying nightly - # release processes - nightly: - name: ๐ŸŒ’ Nightly Release - if: github.repository == 'remix-run/react-router' - runs-on: ubuntu-latest - outputs: - # allows this to be used in the `comment` job below - will be undefined - # if there's no release necessary - NEXT_VERSION: ${{ steps.version.outputs.NEXT_VERSION }} - steps: - - name: โฌ‡๏ธ Checkout repo - uses: actions/checkout@v5 - with: - ref: dev - # checkout using a custom token so that we can push later on - token: ${{ secrets.GITHUB_TOKEN }} - fetch-depth: 0 - - - name: ๐Ÿ“ฆ Setup pnpm - uses: pnpm/action-setup@v4 - - - name: โŽ” Setup node - uses: actions/setup-node@v6 - with: - node-version-file: ".nvmrc" - cache: "pnpm" - - - name: ๐Ÿ“ฅ Install deps - run: pnpm install --frozen-lockfile - - - name: ๐Ÿ•ต๏ธ Check for changes - id: version - run: | - SHORT_SHA=$(git rev-parse --short HEAD) - - # get latest nightly tag - LATEST_NIGHTLY_TAG=$(git tag -l v0.0.0-nightly-\* --sort=-creatordate | head -n 1) - - # check if last commit to dev starts with the nightly tag we're about - # to create (minus the date) - # if it is, we'll skip the nightly creation - # if not, we'll create a new nightly tag - if [[ ${LATEST_NIGHTLY_TAG} == v0.0.0-nightly-${SHORT_SHA}-* ]]; then - echo "๐Ÿ›‘ Latest nightly tag is the same as the latest commit sha, skipping nightly release" - else - # yyyyMMdd format (e.g. 20221207) - DATE=$(date '+%Y%m%d') - # v0.0.0-nightly-- - NEXT_VERSION=0.0.0-nightly-${SHORT_SHA}-${DATE} - # set output so it can be used in other jobs - echo "NEXT_VERSION=${NEXT_VERSION}" >> $GITHUB_OUTPUT - fi - - - name: โคด๏ธ Update version - if: steps.version.outputs.NEXT_VERSION - run: | - git config --local user.email "hello@remix.run" - git config --local user.name "Remix Run Bot" - git checkout -b nightly/${{ steps.version.outputs.NEXT_VERSION }} - pnpm run version ${{steps.version.outputs.NEXT_VERSION}} - git push origin --tags - - - name: ๐Ÿ— Build - if: steps.version.outputs.NEXT_VERSION - run: pnpm build - - - name: ๐Ÿ” Setup npm auth - if: steps.version.outputs.NEXT_VERSION - run: | - echo "registry=https://registry.npmjs.org" >> ~/.npmrc - echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> ~/.npmrc - - - name: ๐Ÿš€ Publish - if: steps.version.outputs.NEXT_VERSION - run: pnpm run publish diff --git a/.github/workflows/release-stage-2-alpha.yml b/.github/workflows/release-stage-2-alpha.yml deleted file mode 100644 index c82f906205..0000000000 --- a/.github/workflows/release-stage-2-alpha.yml +++ /dev/null @@ -1,86 +0,0 @@ -name: ๐Ÿงช Check Alpha Release - -on: - pull_request: - types: [labeled] - -concurrency: ${{ github.workflow }}-${{ github.ref }} - -env: - CI: true - -jobs: - alpha-release: - name: ๐Ÿงช Check Alpha Release - if: github.repository == 'remix-run/react-router' && github.event.label.name == 'alpha-release' - runs-on: ubuntu-latest - steps: - - name: ๐Ÿ“„ Log Info - run: | - echo "Label: ${{ github.event.label.name }}" - echo "Branch: ${{ github.event.pull_request.head.ref }}" - echo "SHA: ${{ github.event.pull_request.head.sha }}" - - - name: โฌ‡๏ธ Checkout repo - uses: actions/checkout@v5 - with: - ref: ${{ github.event.pull_request.head.sha }} - - - name: Log Git Info - run: | - git log -n 1 - git status - - - name: ๐Ÿ“ฆ Setup pnpm - uses: pnpm/action-setup@v4 - - - name: โŽ” Setup node - uses: actions/setup-node@v6 - with: - node-version-file: ".nvmrc" - cache: "pnpm" - - - name: ๐Ÿ“ฅ Install deps - run: pnpm install --frozen-lockfile - - - name: โคด๏ธ Update version - id: version - run: | - git config --local user.email "hello@remix.run" - git config --local user.name "Remix Run Bot" - SHORT_SHA=$(git rev-parse --short HEAD) - NEXT_VERSION=0.0.0-experimental-${SHORT_SHA} - git checkout -b experimental/${NEXT_VERSION} - pnpm run version ${NEXT_VERSION} - echo "version=${NEXT_VERSION}" >> "$GITHUB_OUTPUT" - - - name: ๐Ÿ— Build - run: pnpm build - - - name: ๐Ÿ” Setup npm auth - run: | - echo "registry=https://registry.npmjs.org" >> ~/.npmrc - echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> ~/.npmrc - - - name: ๐Ÿš€ Publish - run: pnpm run publish - - - name: ๐Ÿ’ฌ Comment - env: - GH_TOKEN: ${{ github.token }} - run: | - LATEST_RELEASE_SHA=$(gh release list --limit 1 --json tagName --jq ".[0].tagName") - BASE_SHA=$(echo ${{ github.event.pull_request.base.sha }} | cut -c1-7) - COMMAND="git log --pretty=oneline ${LATEST_RELEASE_SHA}..${BASE_SHA}" - echo -e \ - "[Alpha release](https://github.com/remix-run/react-router/blob/main/GOVERNANCE.md#stage-2--alpha) \ - created: \`${{ steps.version.outputs.version }}\`\n\n \ - โš ๏ธ **Note:** This release was created from the \`HEAD\` of this branch so it \ - may contain commits that have landed in \`dev\` but have not been released yet \ - depending on when this branch was created. You can run the following command \ - to see the commits that may not have been released yet:\n\n \ - \`\`\`bash\n \ - ${COMMAND}\n \ - \`\`\`" \ - | gh pr comment ${{ github.event.pull_request.number }} --body-file - - gh pr edit ${{ github.event.pull_request.number }} --remove-label ${{ github.event.label.name }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b88bb74292..73ae95860a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,22 +1,46 @@ -name: ๐Ÿฆ‹ Changesets Release +# We use this singular file for all of our releases because we can only specify +# a singular GitHub workflow file in npm's Trusted Publishing configuration. +# See https://docs.npmjs.com/trusted-publishers for more info. +# +# Specific jobs only run on the proper trigger: +# +# - Changesets-driven pre-releases/stable releases +# - Trigger: push to release-next/release-v6 branch +# - jobs: release -> find_package_version -> comment +# - Nightly releases +# - Trigger: schedule/cron +# - jobs: release-nightly +# - Experimental releases (from a workflow_dispatch trigger) +# - Trigger: workflow_dispatch +# - jobs: release-experimental + +name: Release on: + # Changesets-driven prereleases and stable releases push: branches: - - release - - "release-*" - - "!release-experimental" - - "!release-experimental-*" - - "!release-manual" - - "!release-manual-*" + - "release-next" + - "release-v6" + # Nightly releases + schedule: + - cron: "0 7 * * *" # every day at 12AM PST + # Experimental Releases + workflow_dispatch: + inputs: + branch: + required: true concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +env: + CI: true + jobs: release: name: ๐Ÿฆ‹ Changesets Release - if: github.repository == 'remix-run/react-router' + if: github.repository == 'remix-run/react-router' && github.event_name == 'push' runs-on: ubuntu-latest outputs: published_packages: ${{ steps.changesets.outputs.publishedPackages }} @@ -73,7 +97,7 @@ jobs: name: ๐Ÿฆ‹ Find Package needs: [release] runs-on: ubuntu-latest - if: github.repository == 'remix-run/react-router' && github.ref_name != 'release-v6' && needs.release.outputs.published == 'true' + if: github.repository == 'remix-run/react-router' && github.event_name == 'push' && github.ref_name != 'release-v6' && needs.release.outputs.published == 'true' outputs: package_version: ${{ steps.find_package_version.outputs.package_version }} steps: @@ -99,9 +123,135 @@ jobs: comment: name: ๐Ÿ“ Comment on related issues and pull requests - if: github.repository == 'remix-run/react-router' && github.ref_name != 'release-v6' && needs.find_package_version.outputs.package_version != '' + if: github.repository == 'remix-run/react-router' && github.event_name == 'push' && github.ref_name != 'release-v6' && needs.find_package_version.outputs.package_version != '' needs: [release, find_package_version] permissions: issues: write # enable commenting on released issues pull-requests: write # enable commenting on released pull requests uses: ./.github/workflows/release-comments.yml + + # HEADS UP! this "nightly" job will only ever run on the `main` branch due to + # it being a cron job, and the last commit on main will be what github shows + # as the trigger however in the checkout below we specify the `dev` branch, + # so all the scripts in this job will be ran from that, confusing i know, so + # in some cases we'll need to create multiple PRs when modifying nightly + # release processes + release-nightly: + name: ๐ŸŒ’ Nightly Release + if: github.repository == 'remix-run/react-router' && github.event_name == 'schedule' + runs-on: ubuntu-latest + outputs: + # will be undefined if there's no release necessary + NEXT_VERSION: ${{ steps.version.outputs.NEXT_VERSION }} + steps: + - name: โฌ‡๏ธ Checkout repo + uses: actions/checkout@v5 + with: + ref: dev + # checkout using a custom token so that we can push later on + token: ${{ secrets.GITHUB_TOKEN }} + fetch-depth: 0 + + - name: ๐Ÿ“ฆ Setup pnpm + uses: pnpm/action-setup@v4 + + - name: โŽ” Setup node + uses: actions/setup-node@v6 + with: + node-version-file: ".nvmrc" + cache: "pnpm" + + - name: ๐Ÿ“ฅ Install deps + run: pnpm install --frozen-lockfile + + - name: ๐Ÿ•ต๏ธ Check for changes + id: version + run: | + SHORT_SHA=$(git rev-parse --short HEAD) + + # get latest nightly tag + LATEST_NIGHTLY_TAG=$(git tag -l v0.0.0-nightly-\* --sort=-creatordate | head -n 1) + + # check if last commit to dev starts with the nightly tag we're about + # to create (minus the date) + # if it is, we'll skip the nightly creation + # if not, we'll create a new nightly tag + if [[ ${LATEST_NIGHTLY_TAG} == v0.0.0-nightly-${SHORT_SHA}-* ]]; then + echo "๐Ÿ›‘ Latest nightly tag is the same as the latest commit sha, skipping nightly release" + else + # yyyyMMdd format (e.g. 20221207) + DATE=$(date '+%Y%m%d') + # v0.0.0-nightly-- + NEXT_VERSION=0.0.0-nightly-${SHORT_SHA}-${DATE} + # set output so it can be used in other jobs + echo "NEXT_VERSION=${NEXT_VERSION}" >> $GITHUB_OUTPUT + fi + + - name: โคด๏ธ Update version + if: steps.version.outputs.NEXT_VERSION + run: | + git config --local user.email "hello@remix.run" + git config --local user.name "Remix Run Bot" + git checkout -b nightly/${{ steps.version.outputs.NEXT_VERSION }} + pnpm run version ${{steps.version.outputs.NEXT_VERSION}} + git push origin --tags + + - name: ๐Ÿ— Build + if: steps.version.outputs.NEXT_VERSION + run: pnpm build + + - name: ๐Ÿ” Setup npm auth + if: steps.version.outputs.NEXT_VERSION + run: | + echo "registry=https://registry.npmjs.org" >> ~/.npmrc + echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> ~/.npmrc + + - name: ๐Ÿš€ Publish + if: steps.version.outputs.NEXT_VERSION + run: pnpm run publish + + release-experimental: + name: ๐Ÿงช Experimental Release + if: github.repository == 'remix-run/react-router' && github.event_name == 'workflow_dispatch' + runs-on: ubuntu-latest + steps: + - name: โฌ‡๏ธ Checkout repo + uses: actions/checkout@v5 + with: + ref: ${{ github.event.inputs.branch }} + # checkout using a custom token so that we can push later on + token: ${{ secrets.GITHUB_TOKEN }} + fetch-depth: 0 + + - name: ๐Ÿ“ฆ Setup pnpm + uses: pnpm/action-setup@v4 + + - name: โŽ” Setup node + uses: actions/setup-node@v6 + with: + node-version-file: ".nvmrc" + cache: "pnpm" + + - name: ๐Ÿ“ฅ Install deps + run: pnpm install --frozen-lockfile + + - name: โคด๏ธ Update version + run: | + git config --local user.email "hello@remix.run" + git config --local user.name "Remix Run Bot" + SHORT_SHA=$(git rev-parse --short HEAD) + NEXT_VERSION=0.0.0-experimental-${SHORT_SHA} + git checkout -b experimental/${NEXT_VERSION} + pnpm run version ${NEXT_VERSION} + git push origin --tags + + - name: ๐Ÿ— Build + run: pnpm build + + - name: ๐Ÿ” Setup npm auth + run: | + echo "registry=https://registry.npmjs.org" >> ~/.npmrc + echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> ~/.npmrc + + - name: ๐Ÿš€ Publish + run: pnpm run publish