From 6a28926368bb679890a79f5a14b976fd4861aca0 Mon Sep 17 00:00:00 2001 From: Nick Nisi Date: Fri, 15 May 2026 13:25:16 -0500 Subject: [PATCH 1/3] chore: add release-please for automated releases Replaces the manual release flow with release-please, matching the authkit-tanstack-start configuration. Modifies release.yml to be callable via workflow_call from the new release-please workflow. --- .github/workflows/release-please.yml | 34 ++++++++++++++++++++++++++++ .github/workflows/release.yml | 18 ++++----------- .release-please-manifest.json | 3 +++ release-please-config.json | 12 ++++++++++ 4 files changed, 53 insertions(+), 14 deletions(-) create mode 100644 .github/workflows/release-please.yml create mode 100644 .release-please-manifest.json create mode 100644 release-please-config.json diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml new file mode 100644 index 0000000..7124c94 --- /dev/null +++ b/.github/workflows/release-please.yml @@ -0,0 +1,34 @@ +name: Release Please + +on: + push: + branches: + - main + +permissions: + contents: write + pull-requests: write + id-token: write + +jobs: + release-please: + runs-on: ubuntu-latest + outputs: + release_created: ${{ steps.release.outputs.release_created }} + steps: + - name: Generate token + id: generate-token + uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2 + with: + app-id: ${{ vars.SDK_BOT_APP_ID }} + private-key: ${{ secrets.SDK_BOT_PRIVATE_KEY }} + + - uses: googleapis/release-please-action@5c625bfb5d1ff62eadeeb3772007f7f66fdcf071 # v4 + id: release + with: + token: ${{ steps.generate-token.outputs.token }} + + publish: + needs: release-please + if: ${{ needs.release-please.outputs.release_created == 'true' }} + uses: ./.github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3cf287d..3e47e34 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,11 +1,8 @@ name: Release on: - # Support manually pushing a new release - workflow_dispatch: {} - # Trigger when a release is published - release: - types: [published] + workflow_dispatch: + workflow_call: defaults: run: @@ -37,12 +34,5 @@ jobs: run: | pnpm run build - - name: Push Release - if: ${{ !github.event.release.prerelease }} - run: | - pnpm publish --tag latest --access=public --no-git-checks --provenance - - - name: Push Pre-Release - if: ${{ github.event.release.prerelease }} - run: | - pnpm publish --tag next --access=public --no-git-checks --provenance + - name: Publish + run: pnpm publish --tag latest --access=public --provenance --no-git-checks diff --git a/.release-please-manifest.json b/.release-please-manifest.json new file mode 100644 index 0000000..210d290 --- /dev/null +++ b/.release-please-manifest.json @@ -0,0 +1,3 @@ +{ + ".": "0.5.1" +} diff --git a/release-please-config.json b/release-please-config.json new file mode 100644 index 0000000..ea29abf --- /dev/null +++ b/release-please-config.json @@ -0,0 +1,12 @@ +{ + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json", + "include-component-in-tag": false, + "packages": { + ".": { + "release-type": "node", + "changelog-path": "CHANGELOG.md", + "versioning": "default", + "bump-minor-pre-major": true + } + } +} From f67ce8c32859117be3bea321371a94297f8010bd Mon Sep 17 00:00:00 2001 From: Nick Nisi Date: Fri, 15 May 2026 13:35:31 -0500 Subject: [PATCH 2/3] chore: bump action SHAs to latest and add PR title linting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - release-please-action v4 → v5 (node24 upgrade) - create-github-app-token v2 → v3 - action-semantic-pull-request v6 (new workflow, matches authkit-nextjs) --- .github/workflows/lint-pr-title.yml | 16 ++++++++++++++++ .github/workflows/release-please.yml | 4 ++-- 2 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/lint-pr-title.yml diff --git a/.github/workflows/lint-pr-title.yml b/.github/workflows/lint-pr-title.yml new file mode 100644 index 0000000..02339a7 --- /dev/null +++ b/.github/workflows/lint-pr-title.yml @@ -0,0 +1,16 @@ +name: Lint PR Title + +on: + pull_request_target: + types: [opened, edited, synchronize] + +permissions: + pull-requests: read + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 7124c94..c04cf0d 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -18,12 +18,12 @@ jobs: steps: - name: Generate token id: generate-token - uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3 with: app-id: ${{ vars.SDK_BOT_APP_ID }} private-key: ${{ secrets.SDK_BOT_PRIVATE_KEY }} - - uses: googleapis/release-please-action@5c625bfb5d1ff62eadeeb3772007f7f66fdcf071 # v4 + - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5 id: release with: token: ${{ steps.generate-token.outputs.token }} From dd6bffdf751b17576d792d7227b0619439e7595e Mon Sep 17 00:00:00 2001 From: Nick Nisi Date: Mon, 18 May 2026 09:22:13 -0500 Subject: [PATCH 3/3] chore: combine release workflows and add pre-release detection Inlines the publish job into release-please.yml, eliminating the separate release.yml and the secrets: inherit concern. Adds version check to tag pre-releases as `next` instead of `latest`. --- .github/workflows/release-please.yml | 35 +++++++++++++++++++++++-- .github/workflows/release.yml | 38 ---------------------------- 2 files changed, 33 insertions(+), 40 deletions(-) delete mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index c04cf0d..9dbbf76 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -8,7 +8,10 @@ on: permissions: contents: write pull-requests: write - id-token: write + +defaults: + run: + shell: bash jobs: release-please: @@ -31,4 +34,32 @@ jobs: publish: needs: release-please if: ${{ needs.release-please.outputs.release_created == 'true' }} - uses: ./.github/workflows/release.yml + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 + with: + version: 10 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + with: + node-version: 24 + registry-url: 'https://registry.npmjs.org' + cache: 'pnpm' + + - name: Install Dependencies + run: pnpm install + + - name: Build project + run: pnpm run build + + - name: Publish + run: | + VERSION=$(node -p "require('./package.json').version") + if [[ "$VERSION" == *"-"* ]]; then + pnpm publish --tag next --access=public --provenance --no-git-checks + else + pnpm publish --tag latest --access=public --provenance --no-git-checks + fi diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 3e47e34..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Release - -on: - workflow_dispatch: - workflow_call: - -defaults: - run: - shell: bash - -jobs: - test: - name: Publish to NPM - runs-on: ubuntu-latest - permissions: - contents: read - id-token: write - steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 - with: - version: 10 - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 - with: - node-version: 24 - registry-url: 'https://registry.npmjs.org' - cache: 'pnpm' - - - name: Install Dependencies - run: | - pnpm install - - - name: Build project - run: | - pnpm run build - - - name: Publish - run: pnpm publish --tag latest --access=public --provenance --no-git-checks