From f43840cf5df32c0cd3c79a7a06053fd22c382354 Mon Sep 17 00:00:00 2001 From: Nicolas Dupont Date: Wed, 14 Jan 2026 14:31:13 +0100 Subject: [PATCH 1/7] Add job to determine if release should run --- .github/workflows/release.yml | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b4b8da451..5b2670c95 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,13 +10,39 @@ permissions: contents: read jobs: + release-decision: + runs-on: ubuntu-latest + outputs: + should-release: ${{ steps.decision.outputs.should-release }} + steps: + - name: Decide release + id: decision + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + COMMITTER_EMAIL: ${{ github.event.head_commit.committer.email }} + shell: bash + run: | + # Skip if commit is from release bot (avoid infinite loop) + if [[ "$COMMITTER_EMAIL" == 'release-bot@opentermsarchive.org' ]]; then + echo "should-release=false" >> "$GITHUB_OUTPUT" + exit 0 + fi + + # Check if commit comes from a PR merged to main + gh pr list \ + --repo "${{ github.repository }}" \ + --search "${{ github.sha }} is:merged base:main" \ + --state merged \ + --json number \ + --jq '"should-release=\(length > 0)"' >> "$GITHUB_OUTPUT" + changelog: uses: "./.github/workflows/changelog.yml" test: uses: "OpenTermsArchive/engine/.github/workflows/test.yml@main" release: - needs: [ changelog, test ] - if: needs.changelog.outputs.release-type != 'no-release' + needs: [ release-decision, changelog, test ] + if: ${{ needs.release-decision.outputs.should-release && needs.changelog.outputs.release-type != 'no-release' }} runs-on: ubuntu-latest steps: - name: Checkout @@ -75,8 +101,8 @@ jobs: client-payload: '{"version": "v${{ steps.release-changelog.outputs.version }}"}' clean_changelog: - if: needs.changelog.outputs.release-type == 'no-release' - needs: [ changelog ] + needs: [ release-decision, changelog ] + if: ${{ !needs.release-decision.outputs.should-release && needs.changelog.outputs.release-type == 'no-release' }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 From cb5a42fcbb22030c72f008aeeb36104d4c65446a Mon Sep 17 00:00:00 2001 From: Nicolas Dupont Date: Wed, 14 Jan 2026 14:47:52 +0100 Subject: [PATCH 2/7] Pin third-party actions to full commit SHA --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5b2670c95..028aacdbf 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -86,14 +86,14 @@ jobs: run: git push origin main && git push --tags - name: Create GitHub release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2 with: tag_name: v${{ steps.release-changelog.outputs.version }} body: ${{ steps.release-changelog.outputs.content }} token: ${{ secrets.RELEASE_BOT_GITHUB_TOKEN }} - name: Trigger documentation deploy - uses: peter-evans/repository-dispatch@v2 + uses: peter-evans/repository-dispatch@bf47d102fdb849e755b0b0023ea3e81a44b6f570 # v2 with: token: ${{ secrets.TRIGGER_DOCS_DEPLOY_TOKEN }} event-type: engine-release From ea7cedea94e56d438b06793faffc370fa3e09438 Mon Sep 17 00:00:00 2001 From: Nicolas Dupont Date: Wed, 14 Jan 2026 14:48:11 +0100 Subject: [PATCH 3/7] Prevent concurrent releases --- .github/workflows/release.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 028aacdbf..ce45d5292 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,10 @@ on: branches: - main +concurrency: + group: release + cancel-in-progress: false + permissions: id-token: write # Required for OIDC. See https://docs.npmjs.com/trusted-publishers#step-2-configure-your-cicd-workflow contents: read From c66d4ee8d6666ddb95b64a210b35bf0142fe6194 Mon Sep 17 00:00:00 2001 From: Nicolas Dupont Date: Wed, 14 Jan 2026 14:48:53 +0100 Subject: [PATCH 4/7] Add changelog entry --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c723c2e98..24532e6a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ All changes that impact users of this module are documented in this file, in the [Common Changelog](https://common-changelog.org) format with some additional specifications defined in the CONTRIBUTING file. This codebase adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## Unreleased [no-release] + +_Modifications made in this changeset do not add, remove or alter any behavior, dependency, API or functionality of the software. They only change non-functional parts of the repository, such as the README file or CI workflows._ + ## 10.3.1 - 2026-01-13 > Development of this release was supported by [Reset Tech](https://www.reset.tech). From 37664a62bbdcf10f64f149c1bfa4f748b2c5bc99 Mon Sep 17 00:00:00 2001 From: Nicolas Dupont Date: Wed, 14 Jan 2026 15:34:59 +0100 Subject: [PATCH 5/7] Add output to allow debugging --- .github/workflows/release.yml | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ce45d5292..9f4f2f745 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,21 +24,37 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} COMMITTER_EMAIL: ${{ github.event.head_commit.committer.email }} + COMMITTER_NAME: ${{ github.event.head_commit.committer.name }} + COMMIT_SHA: ${{ github.sha }} shell: bash run: | + echo "Commit: $COMMIT_SHA" + echo "Committer: $COMMITTER_NAME <$COMMITTER_EMAIL>" + # Skip if commit is from release bot (avoid infinite loop) if [[ "$COMMITTER_EMAIL" == 'release-bot@opentermsarchive.org' ]]; then + echo "→ Skipping: commit is from release bot" echo "should-release=false" >> "$GITHUB_OUTPUT" exit 0 fi # Check if commit comes from a PR merged to main - gh pr list \ + PR_JSON=$(gh pr list \ --repo "${{ github.repository }}" \ - --search "${{ github.sha }} is:merged base:main" \ + --search "$COMMIT_SHA is:merged base:main" \ --state merged \ - --json number \ - --jq '"should-release=\(length > 0)"' >> "$GITHUB_OUTPUT" + --json number,title,url) + + PR_COUNT=$(echo "$PR_JSON" | jq 'length') + + if [[ "$PR_COUNT" -gt 0 ]]; then + echo "$PR_JSON" | jq -r '.[] | "→ Found PR #\(.number): \(.title)"' + echo "→ Release will proceed" + echo "should-release=true" >> "$GITHUB_OUTPUT" + else + echo "→ No merged PR found for this commit" + echo "should-release=false" >> "$GITHUB_OUTPUT" + fi changelog: uses: "./.github/workflows/changelog.yml" From 3a47c80004f57dd9826c7fb9d7440fb420ca669d Mon Sep 17 00:00:00 2001 From: Nicolas Dupont Date: Wed, 14 Jan 2026 15:36:13 +0100 Subject: [PATCH 6/7] Simplify job dependencies to direct needs only --- .github/workflows/release.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9f4f2f745..0856b94ad 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -57,12 +57,15 @@ jobs: fi changelog: + needs: release-decision + if: ${{ needs.release-decision.outputs.should-release == 'true' }} uses: "./.github/workflows/changelog.yml" test: + needs: changelog + if: ${{ needs.changelog.outputs.release-type != 'no-release' }} uses: "OpenTermsArchive/engine/.github/workflows/test.yml@main" release: - needs: [ release-decision, changelog, test ] - if: ${{ needs.release-decision.outputs.should-release && needs.changelog.outputs.release-type != 'no-release' }} + needs: test runs-on: ubuntu-latest steps: - name: Checkout @@ -121,8 +124,8 @@ jobs: client-payload: '{"version": "v${{ steps.release-changelog.outputs.version }}"}' clean_changelog: - needs: [ release-decision, changelog ] - if: ${{ !needs.release-decision.outputs.should-release && needs.changelog.outputs.release-type == 'no-release' }} + needs: changelog + if: ${{ needs.changelog.outputs.release-type == 'no-release' }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 From 199f66502b98d55e98c3c6b933307cff3f60a7b1 Mon Sep 17 00:00:00 2001 From: Nicolas Dupont Date: Wed, 14 Jan 2026 15:36:29 +0100 Subject: [PATCH 7/7] Make comment in one line --- .github/workflows/release.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0856b94ad..7785b23aa 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -99,8 +99,7 @@ jobs: git commit -m "Release v${{ steps.release-changelog.outputs.version }}" git tag v${{ steps.release-changelog.outputs.version }} - # Publish to NPM first, before pushing to repository - # If this fails, no changes are pushed to the repository, ensuring consistency + # Publish to NPM first, before pushing to repository. If this fails, no changes are pushed to the repository, ensuring consistency - name: Publish to NPM public repository run: npm publish --provenance