From 27f6dd852f01dd29567a5f4bfe273c1baee32c45 Mon Sep 17 00:00:00 2001 From: Nicolas Dupont Date: Thu, 8 Jan 2026 11:15:44 +0100 Subject: [PATCH 1/6] Reorganize step order to ensure consistency Do not rely anymore en CasperWA/push-protected Rely now to GitHub rulesets with bypass for OTA-Release-Bot instead of classic branch protection --- .github/workflows/release.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c9b15a5e8..a57a48353 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -50,24 +50,20 @@ jobs: git commit -m "Release v${{ steps.release-changelog.outputs.version }}" git tag v${{ steps.release-changelog.outputs.version }} - - name: Run status checks for release commit on temporary branch # Use temporary branch to enable pushing commits to this branch protected by required status checks - uses: CasperWA/push-protected@v2 - with: - token: ${{ secrets.RELEASE_BOT_GITHUB_TOKEN }} - branch: main - unprotect_reviews: true - - name: Update npm run: npm install -g npm@latest + # Publish to NPM first, before pushing to repository + # If this fails, no changes are pushed to the repository, ensuring consistency - name: Publish to NPM public repository run: npm publish --provenance + # Only push to repository after successful NPM publish - name: Push changes to repository run: git push origin && git push --tags - name: Create GitHub release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v2 with: tag_name: v${{ steps.release-changelog.outputs.version }} body: ${{ steps.release-changelog.outputs.content }} From eb4fca262d86f058c3588d6aee4fe96d5d97693f Mon Sep 17 00:00:00 2001 From: Nicolas Dupont Date: Thu, 8 Jan 2026 11:15:59 +0100 Subject: [PATCH 2/6] Update dependency --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a57a48353..bf3e3dd8a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: token: ${{ secrets.RELEASE_BOT_GITHUB_TOKEN }} From f2adc253644081ddf6d1dfc42fda912993efec82 Mon Sep 17 00:00:00 2001 From: Nicolas Dupont Date: Thu, 8 Jan 2026 11:16:09 +0100 Subject: [PATCH 3/6] Remove obsolete step --- .github/workflows/release.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bf3e3dd8a..738d40c88 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -50,9 +50,6 @@ jobs: git commit -m "Release v${{ steps.release-changelog.outputs.version }}" git tag v${{ steps.release-changelog.outputs.version }} - - name: Update npm - run: npm install -g npm@latest - # Publish to NPM first, before pushing to repository # If this fails, no changes are pushed to the repository, ensuring consistency - name: Publish to NPM public repository From 16e27dd361506181a11b50719ccedb83e6780e42 Mon Sep 17 00:00:00 2001 From: Nicolas Dupont Date: Thu, 8 Jan 2026 11:16:13 +0100 Subject: [PATCH 4/6] Lint --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 738d40c88..5edabe3aa 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,7 +2,7 @@ name: Release on: pull_request_target: - branches: + branches: - main types: [ closed ] From 4dac0a91e54f81a79efd091591715d1d1b09dd8c Mon Sep 17 00:00:00 2001 From: Nicolas Dupont Date: Thu, 8 Jan 2026 11:17:37 +0100 Subject: [PATCH 5/6] Explicitly set branch to enable workflow testing This allows the workflow to be tested against a non-main branch by replacing main with the name of the branch that contains the release code under test. --- .github/workflows/release.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5edabe3aa..dad5b3e82 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,6 +23,7 @@ jobs: - name: Checkout uses: actions/checkout@v4 with: + ref: main token: ${{ secrets.RELEASE_BOT_GITHUB_TOKEN }} - uses: actions/setup-node@v4 @@ -57,7 +58,7 @@ jobs: # Only push to repository after successful NPM publish - name: Push changes to repository - run: git push origin && git push --tags + run: git push origin main && git push --tags - name: Create GitHub release uses: softprops/action-gh-release@v2 @@ -81,6 +82,7 @@ jobs: steps: - uses: actions/checkout@v4 with: + ref: main token: ${{ secrets.RELEASE_BOT_GITHUB_TOKEN }} - name: Configure Git author @@ -94,4 +96,4 @@ jobs: - name: Save changelog run: | git commit -m "Clean changelog" CHANGELOG.md - git push origin + git push origin main From c731ab2552b56395679d75924e5b63f7c9cc50a3 Mon Sep 17 00:00:00 2001 From: Nicolas Dupont Date: Thu, 8 Jan 2026 11:17:37 +0100 Subject: [PATCH 6/6] Add changelog entry --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fdd86097e..9ed4690f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ All changes that impact users of this module are documented in this file, in the [Common Changelog](https://common-changelog.org) format with some additional specifications defined in the CONTRIBUTING file. This codebase adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## Unreleased [no-release] + +_Modifications made in this changeset do not add, remove or alter any behavior, dependency, API or functionality of the software. They only change non-functional parts of the repository, such as the README file or CI workflows._ + ## 10.2.0 - 2026-01-08 _Full changeset and discussions: [#1219](https://github.com/OpenTermsArchive/engine/pull/1219)._