codegraph/.github/workflows/release.yml at main · colbymchenry/codegraph · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: Release

# Manually triggered ("Run workflow"). On trigger it:
#   1. reads the version from package.json,
#   2. builds a self-contained bundle for every platform (one runner — there's no
#      native compilation, so cross-packaging is fine),
#   3. creates the GitHub Release (tag v<version>) with all archives, using the
#      release notes from CHANGELOG.md,
#   4. publishes the npm thin-installer (shim + per-platform packages).
#
# Before triggering: bump package.json and make sure CHANGELOG.md has the matching
# section (## [<version>], or ## [Unreleased]). Set the NPM_TOKEN repo secret.
on:
  workflow_dispatch: {}

permissions:
  contents: write   # create the GitHub Release + tag

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: actions/setup-node@v6
        with:
          node-version: 22
          registry-url: https://registry.npmjs.org
      - run: npm ci
      - name: Ensure zip/unzip
        run: sudo apt-get update -qq && sudo apt-get install -y -qq zip unzip

      - name: Build all platform bundles
        run: |
          for t in darwin-arm64 darwin-x64 linux-x64 linux-arm64 win32-x64 win32-arm64; do
            bash scripts/build-bundle.sh "$t"
          done
          ls -lh release

      - name: Generate SHA256SUMS
        # Published as a release asset; the npm launcher verifies downloaded
        # bundles against it (basenames only, so its path.basename match works).
        run: |
          ( cd release && sha256sum codegraph-* > SHA256SUMS )
          cat release/SHA256SUMS

      - name: Resolve version
        id: ver
        run: echo "version=$(node -p "require('./package.json').version")" >> "$GITHUB_OUTPUT"

      - name: Release notes from CHANGELOG.md
        run: |
          V="${{ steps.ver.outputs.version }}"
          node scripts/extract-release-notes.mjs "$V" > notes.md 2>/dev/null \
            || node scripts/extract-release-notes.mjs Unreleased > notes.md 2>/dev/null || true
          if [ ! -s notes.md ]; then
            echo "::error::No release notes in CHANGELOG.md for [$V] or [Unreleased]."
            exit 1
          fi
          echo "----- release notes -----"; cat notes.md

      - name: Create GitHub Release
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          TAG="v${{ steps.ver.outputs.version }}"
          # Idempotent: create the release once, otherwise (re-run) refresh assets.
          if gh release view "$TAG" >/dev/null 2>&1; then
            gh release upload "$TAG" release/codegraph-* release/SHA256SUMS --clobber
          else
            gh release create "$TAG" release/codegraph-* release/SHA256SUMS --title "$TAG" --notes-file notes.md
          fi

      - name: Publish to npm
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
        run: |
          V="${{ steps.ver.outputs.version }}"
          bash scripts/pack-npm.sh "$V"
          # Platform packages first, then the main shim (which depends on them).
          # Skip any already on the registry so a re-run only fills in gaps.
          for dir in release/npm/codegraph-* release/npm/main; do
            name=$(node -p "require('./$dir/package.json').name")
            if npm view "$name@$V" version >/dev/null 2>&1; then
              echo "skip $name@$V (already published)"
            else
              echo "publishing $name@$V"
              ( cd "$dir" && npm publish --access public )
            fi
          done

      - name: Verify every package is actually on the registry
        run: |
          V="${{ steps.ver.outputs.version }}"
          # npm publish can print success without persisting; confirm against the
          # registry (with retries for propagation) so green means really shipped.
          for dir in release/npm/codegraph-* release/npm/main; do
            name=$(node -p "require('./$dir/package.json').name")
            ok=
            for i in 1 2 3 4 5 6; do
              if npm view "$name@$V" version >/dev/null 2>&1; then ok=1; break; fi
              echo "waiting for $name@$V to appear ($i)…"; sleep 10
            done
            [ -n "$ok" ] || { echo "::error::$name@$V never appeared on the registry"; exit 1; }
            echo "verified $name@$V"
          done

      - name: Sync packages to npmmirror
        # npmmirror/cnpm mirror lazily and frequently never pull the per-platform
        # optionalDependencies on their own, so `npm i` there fails with
        # "no prebuilt bundle" (issue #303). Nudge a sync now so mirror users get
        # the bundle without waiting. Best-effort — the launcher also self-heals
        # from GitHub Releases — so a mirror hiccup never fails the release.
        continue-on-error: true
        run: |
          for dir in release/npm/codegraph-* release/npm/main; do
            name=$(node -p "require('./$dir/package.json').name")
            enc=$(node -p "encodeURIComponent(require('./$dir/package.json').name)")
            echo "sync $name"
            curl -s -X PUT "https://registry.npmmirror.com/-/package/$enc/syncs" || true
            echo
          done