diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ca92150..a613539 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,6 +4,8 @@ on: push: branches: [main] pull_request: + pull_request_target: + types: [opened, edited, synchronize, reopened] concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -15,6 +17,7 @@ permissions: jobs: quality: name: Quality checks + if: github.event_name != 'pull_request_target' runs-on: ubuntu-latest steps: @@ -40,3 +43,58 @@ jobs: - name: Core contract tests run: bun run test -- packages/core/src/workflow-generator.test.ts packages/core/src/context.test.ts packages/core/src/config.test.ts packages/core/src/plugins/shared-workflow-helper.test.ts + + snapshot-publish: + name: Snapshot publish (PR marker) + if: github.event_name == 'pull_request_target' && contains(github.event.pull_request.body || '', '#snapshot') && github.event.pull_request.head.repo.full_name == github.repository + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout PR head + uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Setup Bun + uses: oven-sh/setup-bun@v2 + with: + bun-version: 1.2.22 + + - name: Install dependencies + run: bun install --frozen-lockfile + + - name: Build + run: bun run build + + - name: Detect pending changesets + id: changesets + run: | + COUNT=$(find .changeset -maxdepth 1 -name '*.md' ! -name 'README.md' | wc -l | tr -d ' ') + echo "count=$COUNT" >> "$GITHUB_OUTPUT" + if [ "$COUNT" -eq 0 ]; then + echo "No pending changesets found. Skipping snapshot publish." + fi + + - name: Version snapshot from changesets + if: steps.changesets.outputs.count != '0' + env: + GITHUB_TOKEN: ${{ secrets.GH_PACKAGES_TOKEN || secrets.GITHUB_TOKEN }} + run: bunx changeset version --snapshot pr-${{ github.event.pull_request.number }} + + - name: Configure npm auth for GitHub Packages + if: steps.changesets.outputs.count != '0' + env: + NODE_AUTH_TOKEN: ${{ secrets.GH_PACKAGES_TOKEN || secrets.GITHUB_TOKEN }} + run: | + echo "@dotgithub:registry=https://npm.pkg.github.com" >> ~/.npmrc + echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc + + - name: Publish snapshot tag + if: steps.changesets.outputs.count != '0' + env: + GITHUB_TOKEN: ${{ secrets.GH_PACKAGES_TOKEN || secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.GH_PACKAGES_TOKEN || secrets.GITHUB_TOKEN }} + run: bunx changeset publish --tag pr-${{ github.event.pull_request.number }} --registry https://npm.pkg.github.com diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 911a26e..c1e351b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -43,6 +43,8 @@ jobs: - name: Version packages from changesets if: steps.changesets.outputs.count != '0' + env: + GITHUB_TOKEN: ${{ secrets.GH_PACKAGES_TOKEN || secrets.GITHUB_TOKEN }} run: bun run changeset:version - name: Commit version updates to main @@ -54,9 +56,17 @@ jobs: git commit -m "chore(release): version packages [skip ci]" || exit 0 git push + - name: Configure npm auth for GitHub Packages + if: steps.changesets.outputs.count != '0' + env: + NODE_AUTH_TOKEN: ${{ secrets.GH_PACKAGES_TOKEN || secrets.GITHUB_TOKEN }} + run: | + echo "@dotgithub:registry=https://npm.pkg.github.com" >> ~/.npmrc + echo "//npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}" >> ~/.npmrc + - name: Publish packages if: steps.changesets.outputs.count != '0' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GH_PACKAGES_TOKEN || secrets.GITHUB_TOKEN }} + NODE_AUTH_TOKEN: ${{ secrets.GH_PACKAGES_TOKEN || secrets.GITHUB_TOKEN }} run: bun run changeset:publish