-
Notifications
You must be signed in to change notification settings - Fork 12
Add release automation #266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
+3,003
−87
Merged
Changes from all commits
Commits
Show all changes
27 commits
Select commit
Hold shift + click to select a range
19737a9
Add release automation
wallstop e2298f0
Allow release workflows on moved repository
wallstop 2977500
Fix release preparation edge cases
wallstop 5728ac7
Harden release validation guards
wallstop db5ee2b
Set repository context for release gh commands
wallstop 94797e7
Address release workflow review findings
wallstop 1d47f66
Harden changelog fence parsing
wallstop 3d1cd9c
Include all Unity package roots in releases
wallstop 257526c
Harden release workflow branch checks
wallstop a9a6d44
Harden release package validation
wallstop 81e607d
Align release unitypackage timeout budget
wallstop 7f2d35d
Clarify release contract array parsing
wallstop bcd539e
Avoid tag checks for non-release pushes
wallstop 92b2266
Harden release lookup validation
wallstop 56a9395
Include scripts metadata in release package
wallstop 86438f3
Include postinstall hook metadata in releases
wallstop c75878b
Serialize Unity workflow tiers
wallstop 6b0f7d6
Avoid stale release tag warnings
wallstop 88129a6
Harden release tag filters
wallstop ad4bc31
Harden release review edge cases
wallstop b9a865c
Clarify release tag glob semantics
wallstop de8756a
Harden Unity package metadata export
wallstop a0fa415
Use unambiguous release tag trigger
wallstop a25d75b
Include hidden files in package validator scans
wallstop 8b2a360
Use structured PowerShell relative paths
wallstop 2688c95
Validate changelog content before tagging releases
wallstop 5a8e93e
Prevent release drafter publish races
wallstop File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,249 @@ | ||
| name: Release Prepare | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| bump: | ||
| description: "Semver bump kind" | ||
| type: choice | ||
| options: | ||
| - patch | ||
| - minor | ||
| - major | ||
| default: patch | ||
| version: | ||
| description: "Explicit version X.Y.Z. When set, this wins over bump." | ||
| type: string | ||
| required: false | ||
| dry_run: | ||
| description: "Validate and print the prepared diff without pushing a PR" | ||
| type: boolean | ||
| default: false | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| concurrency: | ||
| group: release-prepare | ||
| cancel-in-progress: false | ||
|
|
||
| jobs: | ||
| prepare: | ||
| name: Prepare release PR | ||
| if: github.repository == 'wallstop/unity-helpers' || github.repository == 'Ambiguous-Interactive/unity-helpers' | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 20 | ||
| steps: | ||
| - name: Require default branch dispatch | ||
| env: | ||
| DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | ||
| run: | | ||
| set -euo pipefail | ||
| if [ "${GITHUB_REF}" != "refs/heads/${DEFAULT_BRANCH}" ]; then | ||
| echo "::error::Release Prepare must run from ${DEFAULT_BRANCH}; got ${GITHUB_REF}." | ||
| exit 1 | ||
| fi | ||
| - name: Check auto-commit GitHub App credentials | ||
| env: | ||
| AUTO_COMMIT_APP_ID: ${{ secrets.AUTO_COMMIT_APP_ID }} | ||
| AUTO_COMMIT_APP_PRIVATE_KEY: ${{ secrets.AUTO_COMMIT_APP_PRIVATE_KEY }} | ||
| DRY_RUN: ${{ inputs.dry_run }} | ||
| run: | | ||
| set -euo pipefail | ||
| if [ -n "${AUTO_COMMIT_APP_ID:-}" ] && [ -n "${AUTO_COMMIT_APP_PRIVATE_KEY:-}" ]; then | ||
| exit 0 | ||
| fi | ||
| if [ "${DRY_RUN}" = "true" ]; then | ||
| echo "::warning::AUTO_COMMIT_APP_* secrets are missing; dry-run can continue, but a real release PR cannot be pushed." | ||
| exit 0 | ||
| fi | ||
| echo "::error::AUTO_COMMIT_APP_ID and AUTO_COMMIT_APP_PRIVATE_KEY are required to push the release PR with a token that triggers CI." | ||
| exit 1 | ||
| - name: Generate auto-commit GitHub App token | ||
| id: app-token | ||
| if: ${{ !inputs.dry_run }} | ||
| uses: actions/create-github-app-token@v3 | ||
| with: | ||
| app-id: ${{ secrets.AUTO_COMMIT_APP_ID }} | ||
| private-key: ${{ secrets.AUTO_COMMIT_APP_PRIVATE_KEY }} | ||
| permission-contents: write | ||
| permission-pull-requests: write | ||
|
|
||
| - name: Checkout | ||
| uses: actions/checkout@v6 | ||
| with: | ||
| fetch-depth: 0 | ||
| token: ${{ steps.app-token.outputs.token || github.token }} | ||
| persist-credentials: false | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v6 | ||
| with: | ||
| node-version: "22.18.0" | ||
|
|
||
| - name: Install Node dependencies | ||
| run: | | ||
| set -euo pipefail | ||
| if [ -f package-lock.json ]; then | ||
| npm ci | ||
| else | ||
| npm i --no-audit --no-fund --package-lock=false | ||
| fi | ||
| - name: Prepare release files | ||
| shell: pwsh | ||
| env: | ||
| BUMP: ${{ inputs.bump }} | ||
| EXPLICIT_VERSION: ${{ inputs.version }} | ||
| run: | | ||
| $arguments = @('-Bump', $env:BUMP) | ||
| if (-not [string]::IsNullOrWhiteSpace($env:EXPLICIT_VERSION)) { | ||
| $arguments += @('-Version', $env:EXPLICIT_VERSION) | ||
| } | ||
| ./scripts/release-tools/prepare-release.ps1 @arguments | ||
| - name: Sync generated version references | ||
| shell: pwsh | ||
| run: | | ||
| ./scripts/sync-banner-version.ps1 | ||
| ./scripts/sync-issue-template-versions.ps1 | ||
| - name: Validate prepared release tree | ||
| run: | | ||
| set -euo pipefail | ||
| npm run test:release-tools | ||
| npm run lint:changelog | ||
| npm run test:npm-package-changelog | ||
| npm run test:npm-package-signature | ||
| npm run validate:npm-package | ||
| npm run format:check | ||
| - name: Resolve prepared version | ||
| id: version | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: | | ||
| set -euo pipefail | ||
| version="$(jq -r '.version // empty' package.json)" | ||
| if ! printf '%s\n' "${version}" | grep -Eq '^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)$'; then | ||
| echo "::error::package.json version '${version}' is not strict X.Y.Z semver." | ||
| exit 1 | ||
| fi | ||
| branch="release/${version}" | ||
| set +e | ||
| tag_lookup_output="$(gh api -i "repos/${GITHUB_REPOSITORY}/git/ref/tags/${version}" 2>&1)" | ||
| tag_lookup_exit=$? | ||
| set -e | ||
| if [ "${tag_lookup_exit}" -eq 0 ]; then | ||
| echo "::error::Tag ${version} already exists." | ||
| exit 1 | ||
| fi | ||
| if ! printf '%s\n' "${tag_lookup_output}" | grep -E '(^HTTP/[0-9.]+ 404( |$)|"status":"404")' >/dev/null; then | ||
| echo "::error::Failed to check whether tag ${version} already exists." | ||
| printf '%s\n' "${tag_lookup_output}" | ||
| exit "${tag_lookup_exit}" | ||
| fi | ||
| set +e | ||
| branch_lookup_output="$(git ls-remote --exit-code --heads origin "${branch}" 2>&1)" | ||
| branch_lookup_exit=$? | ||
| set -e | ||
| if [ "${branch_lookup_exit}" -eq 0 ]; then | ||
| echo "::error::Branch ${branch} already exists." | ||
| exit 1 | ||
| fi | ||
| if [ "${branch_lookup_exit}" -ne 2 ]; then | ||
| echo "::error::Failed to check whether branch ${branch} already exists." | ||
| printf '%s\n' "${branch_lookup_output}" | ||
| exit "${branch_lookup_exit}" | ||
| fi | ||
| { | ||
| echo "version=${version}" | ||
| echo "branch=${branch}" | ||
| } >> "${GITHUB_OUTPUT}" | ||
| - name: Print dry-run diff | ||
| if: ${{ inputs.dry_run }} | ||
| env: | ||
| VERSION: ${{ steps.version.outputs.version }} | ||
| BRANCH: ${{ steps.version.outputs.branch }} | ||
| run: | | ||
| set -euo pipefail | ||
| echo "Dry run: would push ${BRANCH} and open a PR titled 'release: ${VERSION}'." | ||
| echo "::group::Prepared diff" | ||
| git --no-pager diff HEAD -- | ||
| echo "::endgroup::" | ||
| - name: Push release branch and open PR | ||
| if: ${{ !inputs.dry_run }} | ||
| env: | ||
| GH_PUSH_TOKEN: ${{ steps.app-token.outputs.token }} | ||
| VERSION: ${{ steps.version.outputs.version }} | ||
| BRANCH: ${{ steps.version.outputs.branch }} | ||
| DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | ||
| run: | | ||
| set -euo pipefail | ||
| git config user.name "github-actions[bot]" | ||
| git config user.email "github-actions[bot]@users.noreply.github.com" | ||
| git checkout -b "${BRANCH}" | ||
| git add package.json CHANGELOG.md docs/images/unity-helpers-banner.svg .llm/context.md \ | ||
| .github/ISSUE_TEMPLATE/bug_report.yml .github/ISSUE_TEMPLATE/feature_request.yml | ||
| if git ls-files --error-unmatch package-lock.json >/dev/null 2>&1; then | ||
| git add package-lock.json | ||
| fi | ||
| if git diff --cached --quiet; then | ||
| echo "::error::Release preparation staged no changes." | ||
| exit 1 | ||
| fi | ||
| git commit -m "release: ${VERSION}" | ||
| mkdir -p artifacts/release-prepare | ||
| git format-patch -1 --stdout > "artifacts/release-prepare/release-${VERSION}.patch" | ||
| git show --stat --oneline --decorate --no-renames HEAD > "artifacts/release-prepare/release-${VERSION}.stat.txt" | ||
| notes_file="${RUNNER_TEMP}/release-notes.md" | ||
| pwsh -NoProfile -File scripts/release-tools/write-release-notes.ps1 \ | ||
| -Version "${VERSION}" \ | ||
| -OutputPath "${notes_file}" | ||
|
cursor[bot] marked this conversation as resolved.
|
||
| auth_header="$(printf 'x-access-token:%s' "${GH_PUSH_TOKEN}" | base64 | tr -d '\n')" | ||
| git -c "http.https://github.com/.extraheader=AUTHORIZATION: basic ${auth_header}" \ | ||
| push origin "HEAD:refs/heads/${BRANCH}" | ||
| pr_body_file="${RUNNER_TEMP}/release-pr-body.md" | ||
| { | ||
| echo "Automated release preparation for ${VERSION}." | ||
| echo | ||
| echo "## Checklist" | ||
| echo | ||
| echo "- [ ] \`package.json\` version is \`${VERSION}\`." | ||
| echo "- [ ] \`CHANGELOG.md\` has a reviewed \`## [${VERSION}]\` section." | ||
| echo "- [ ] Squash-merge with the default \`release: ${VERSION}\` title." | ||
| echo | ||
| echo "## Release Notes" | ||
| echo | ||
| cat "${notes_file}" | ||
| echo | ||
| echo "## After Merge" | ||
| echo | ||
| echo "The Release Tag workflow pushes tag \`${VERSION}\`, then Release Publish validates, packs npm, exports the \`.unitypackage\`, publishes npm, and publishes the GitHub Release assets." | ||
| } > "${pr_body_file}" | ||
| GH_TOKEN="${GH_PUSH_TOKEN}" gh pr create \ | ||
| --repo "${GITHUB_REPOSITORY}" \ | ||
| --base "${DEFAULT_BRANCH}" \ | ||
| --head "${BRANCH}" \ | ||
| --title "release: ${VERSION}" \ | ||
| --body-file "${pr_body_file}" | ||
| - name: Upload release preparation recovery patch | ||
| if: ${{ failure() && !inputs.dry_run }} | ||
| uses: actions/upload-artifact@v7 | ||
| with: | ||
| name: release-prepare-recovery-${{ github.run_id }}-${{ github.run_attempt }} | ||
| path: artifacts/release-prepare/ | ||
| if-no-files-found: ignore | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.