Skip to content

refactor(ci): merge release workflows into single file#1137

Merged
abueide merged 3 commits intomasterfrom
refactor/unified-release-workflow
Mar 2, 2026
Merged

refactor(ci): merge release workflows into single file#1137
abueide merged 3 commits intomasterfrom
refactor/unified-release-workflow

Conversation

@abueide
Copy link
Copy Markdown
Contributor

@abueide abueide commented Mar 2, 2026

Summary

Merges the three separate release workflows into a single release.yml to support npm trusted publisher (which only allows one CI file).

Before: release-production.yml, release-beta.yml, release-dry-run.yml
After: release.yml with a dropdown input:

  • dry-run — validates everything, publishes nothing
  • beta — publishes pre-release versions to @beta npm dist-tag
  • production — publishes stable releases to @latest npm dist-tag

Behavior is identical to the separate workflows. The release type controls:

  • Which devbox script runs (release-dry-run vs release)
  • Whether the Publish environment (with approval gate) is required
  • Whether the beta branch pointer is created
  • Whether the Update Apps step runs (production only)
  • Token source (github.token for dry-run, PAT for beta/production)

Test plan

  • Trigger Release workflow with type=dry-run
  • Trigger Release workflow with type=beta
  • Trigger Release workflow with type=production

🤖 Generated with Claude Code

abueide and others added 3 commits March 2, 2026 17:05
@abueide @claude
refactor(ci): merge release workflows into single file
4c5320c 
npm trusted publisher only allows one CI file to be configured.
Merged release-production.yml, release-beta.yml, and release-dry-run.yml
into a single release.yml with a workflow_dispatch type input
(dry-run, beta, production).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@abueide @claude
feat(ci): enable npm trusted publishing with provenance
0d577c9 
- Add id-token: write permission for OIDC token exchange
- Enable provenance in @semantic-release/npm config
- Remove manual npm config set from devbox release script

Packages must be configured on npmjs.com to trust the
segmentio/analytics-react-native repo and release.yml workflow.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@abueide @claude
feat(ci): upgrade to @semantic-release/npm v13 for OIDC trusted publi…
232ecde 
…shing

Upgrade from v11 to v13 which natively supports OIDC trusted
publishing. This eliminates the need for NPM_TOKEN entirely - npm
auth is handled via short-lived OIDC tokens from the GitHub runner.

Removed all NPM_TOKEN and YARN_NPM_AUTH_TOKEN references from the
release workflow.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@abueide abueide merged commit a60e0b3 into master Mar 2, 2026
5 checks passed
@abueide abueide deleted the refactor/unified-release-workflow branch March 2, 2026 23:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@abueide