feat: add manual trigger support to release workflow (#20) #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| # Allow manual triggering from Actions tab | |
| workflow_dispatch: | |
| concurrency: ${{ github.workflow }}-${{ github.ref }} | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| id-token: write # Required for OIDC trusted publishing | |
| jobs: | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| with: | |
| # This makes sure we fetch all history so Changesets can compare versions | |
| fetch-depth: 0 | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 8.15.4 | |
| - name: Setup Node.js 22.x | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22.x | |
| cache: 'pnpm' | |
| registry-url: 'https://registry.npmjs.org' | |
| # Ensure npm 11.5.1+ for trusted publishing support | |
| - name: Update npm | |
| run: npm install -g npm@latest | |
| # Explicitly configure @lytics scope to use npm registry (not GitHub Packages) | |
| - name: Configure npm registry | |
| run: | | |
| # Remove any project-level .npmrc that might route @lytics to GitHub Packages | |
| rm -f .npmrc | |
| # Create .npmrc with explicit scoped registry for @lytics | |
| # This ensures @lytics packages publish to npm, not GitHub Packages | |
| echo "@lytics:registry=https://registry.npmjs.org/" > .npmrc | |
| # Also configure pnpm to use npm registry for @lytics scope | |
| pnpm config set @lytics:registry https://registry.npmjs.org/ | |
| - name: Install Dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Build Packages | |
| run: pnpm build | |
| - name: Create Release Pull Request or Publish to npm | |
| id: changesets | |
| uses: changesets/action@v1 | |
| with: | |
| # This creates a "Version Packages" PR when changesets are added | |
| version: pnpm changeset version | |
| # This publishes to npm using OIDC trusted publishing (no NPM_TOKEN needed) | |
| publish: pnpm changeset publish | |
| # Commit message for version bumps | |
| commit: 'chore: release packages' | |
| # PR title for version bumps | |
| title: 'chore: release packages' | |
| # Create GitHub Releases with provenance | |
| createGithubReleases: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # No NPM_TOKEN needed - OIDC handles npm authentication! |