From ad31f5c6d9768c5acf7c828d96c785cdd09fa615 Mon Sep 17 00:00:00 2001 From: Michael Malave Date: Tue, 10 Feb 2026 07:20:08 -0800 Subject: [PATCH 1/6] adding workflows for onboarding to the npm-release-workflows shared release --- .github/PULL_REQUEST_TEMPLATE.md | 44 ++++++++ .../release-please-config.beta.json | 59 +++++++++++ .../release-please-config.json | 57 ++++++++++ .../release-please-manifest.beta.json | 3 + .../release-please-manifest.json | 3 + .github/workflows/release-on-push.yml | 34 ++++++ .github/workflows/release.yml | 100 ++++++++++++++++++ .github/workflows/update-release-configs.yml | 26 +++++ release-channels.yml | 19 ++++ 9 files changed, 345 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .github/release-configs/release-please-config.beta.json create mode 100644 .github/release-configs/release-please-config.json create mode 100644 .github/release-configs/release-please-manifest.beta.json create mode 100644 .github/release-configs/release-please-manifest.json create mode 100644 .github/workflows/release-on-push.yml create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/update-release-configs.yml create mode 100644 release-channels.yml diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..45a4a26 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,44 @@ + + +## Summary + + +## Type of Change +### Breaking Changes (major semver update) +- [ ] Add a `!` after your change type to denote a change that breaks current behavior + +### Feature Additions (minor semver update) +- [ ] **feat**: Introduces a new feature to the codebase + +### Patch Updates (patch semver update) +- [ ] **fix**: Bug fix +- [ ] **deps**: Dependency upgrade +- [ ] **revert**: Revert a previous commit +- [ ] **chore**: Change that does not affect production code +- [ ] **refactor**: Refactoring existing code without changing behavior +- [ ] **test**: Add/update/remove tests + +## Testing +**Notes**: + + +**Steps**: +1. Replace this text with a list of steps used to validate changes or type 'Passing CI suffices'. +2. ... + +## Screenshots (if applicable) + +## Related Issues +GitHub issue: #[GitHub issue number] +GUS work item: [WI number](WI link) diff --git a/.github/release-configs/release-please-config.beta.json b/.github/release-configs/release-please-config.beta.json new file mode 100644 index 0000000..14c12c9 --- /dev/null +++ b/.github/release-configs/release-please-config.beta.json @@ -0,0 +1,59 @@ +{ + "packages": { + ".": { + "release-type": "node", + "version-file": "package.json", + "changelog-path": "CHANGELOG.md", + "extra-files": ["README.md"], + "bump-minor-pre-major": true, + "bump-patch-for-minor-pre-major": true, + "changelog-sections": [ + { + "type": "feat", + "section": "Features" + }, + { + "type": "fix", + "section": "Bug Fixes" + }, + { + "type": "perf", + "section": "Performance Improvements" + }, + { + "type": "refactor", + "section": "Code Refactoring" + }, + { + "type": "docs", + "section": "Documentation", + "hidden": false + }, + { + "type": "test", + "section": "Tests", + "hidden": false + }, + { + "type": "build", + "section": "Build System", + "hidden": false + }, + { + "type": "ci", + "section": "Continuous Integration", + "hidden": false + }, + { + "type": "chore", + "section": "Miscellaneous Chores", + "hidden": false + } + ], + "prerelease": true, + "prerelease-type": "beta" + } + }, + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json", + "bootstrap-sha": "ac230bea5ae1aab5677303f99996d04d5c4c1b1c" +} diff --git a/.github/release-configs/release-please-config.json b/.github/release-configs/release-please-config.json new file mode 100644 index 0000000..2091b0e --- /dev/null +++ b/.github/release-configs/release-please-config.json @@ -0,0 +1,57 @@ +{ + "packages": { + ".": { + "release-type": "node", + "version-file": "package.json", + "changelog-path": "CHANGELOG.md", + "extra-files": ["README.md"], + "bump-minor-pre-major": true, + "bump-patch-for-minor-pre-major": true, + "changelog-sections": [ + { + "type": "feat", + "section": "Features" + }, + { + "type": "fix", + "section": "Bug Fixes" + }, + { + "type": "perf", + "section": "Performance Improvements" + }, + { + "type": "refactor", + "section": "Code Refactoring" + }, + { + "type": "docs", + "section": "Documentation", + "hidden": false + }, + { + "type": "test", + "section": "Tests", + "hidden": false + }, + { + "type": "build", + "section": "Build System", + "hidden": false + }, + { + "type": "ci", + "section": "Continuous Integration", + "hidden": false + }, + { + "type": "chore", + "section": "Miscellaneous Chores", + "hidden": false + } + ] + } + }, + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json", + "bootstrap-sha": "ac230bea5ae1aab5677303f99996d04d5c4c1b1c" +} diff --git a/.github/release-configs/release-please-manifest.beta.json b/.github/release-configs/release-please-manifest.beta.json new file mode 100644 index 0000000..d438033 --- /dev/null +++ b/.github/release-configs/release-please-manifest.beta.json @@ -0,0 +1,3 @@ +{ + ".": "3.1.1-beta.0" +} diff --git a/.github/release-configs/release-please-manifest.json b/.github/release-configs/release-please-manifest.json new file mode 100644 index 0000000..b4b8d0f --- /dev/null +++ b/.github/release-configs/release-please-manifest.json @@ -0,0 +1,3 @@ +{ + ".": "3.1.1" +} diff --git a/.github/workflows/release-on-push.yml b/.github/workflows/release-on-push.yml new file mode 100644 index 0000000..df65e14 --- /dev/null +++ b/.github/workflows/release-on-push.yml @@ -0,0 +1,34 @@ +name: Release on Push + +# Automatically creates GitHub releases after release PRs are merged + +on: + push: + branches: + - main + - beta + # - alpha # Uncomment if you have an alpha channel + +jobs: + create-release: + runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip + permissions: + contents: write + pull-requests: write + steps: + - uses: actions/checkout@v6 + + - name: Checkout workflows repository + uses: actions/checkout@v6 + with: + repository: heroku/npm-release-workflows + token: ${{ secrets.WORKFLOWS_ACCESS_GITHUB_TOKEN }} + path: workflows-repo + ref: main + + - name: Create GitHub Release + uses: ./workflows-repo/.github/actions/release-on-push-create-release-public + with: + package-manager: yarn # npm | yarn | pnpm + branch_name: ${{ github.ref_name }} + token: ${{ secrets.WORKFLOWS_ACCESS_GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..a9710c3 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,100 @@ +name: Release + +# Public repo workflow using token-based checkout to access private npm-release-workflows + +on: + workflow_dispatch: + inputs: + dry_run: + description: 'Test release without publishing (creates PR but skips npm publish)' + type: boolean + default: false + required: false + +jobs: + validate: + runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip + steps: + - uses: actions/checkout@v6 + + - name: Checkout workflows repository + uses: actions/checkout@v6 + with: + repository: heroku/npm-release-workflows + token: ${{ secrets.WORKFLOWS_ACCESS_GITHUB_TOKEN }} + path: workflows-repo + ref: main + + - name: Validate and test + uses: ./workflows-repo/.github/actions/release-validate-public + with: + package-manager: yarn # npm | yarn | pnpm + lint_command: '' # No lint script found + test_command: 'run test' + + release-please-pr: + needs: validate + runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip + permissions: + contents: write + pull-requests: write + outputs: + release_created: ${{ steps.release-workflow.outputs.release_created }} + tag_name: ${{ steps.release-workflow.outputs.tag_name }} + pr_number: ${{ steps.release-workflow.outputs.pr_number }} + config_file: ${{ steps.release-workflow.outputs.config_file }} + manifest_file: ${{ steps.release-workflow.outputs.manifest_file }} + npm_tag: ${{ steps.release-workflow.outputs.npm_tag }} + package_name: ${{ steps.release-workflow.outputs.package_name }} + no_release_needed: ${{ steps.release-workflow.outputs.no_release_needed }} + pr_already_exists: ${{ steps.release-workflow.outputs.pr_already_exists }} + steps: + - uses: actions/checkout@v6 + + - name: Checkout workflows repository + uses: actions/checkout@v6 + with: + repository: heroku/npm-release-workflows + token: ${{ secrets.WORKFLOWS_ACCESS_GITHUB_TOKEN }} + path: workflows-repo + ref: main + + - name: Create release PR + id: release-workflow + uses: ./workflows-repo/.github/actions/release-please-pr-public + with: + package-manager: yarn # npm | yarn | pnpm + branch_name: ${{ github.ref_name }} + dry_run: ${{ inputs.dry_run }} + token: ${{ secrets.WORKFLOWS_ACCESS_GITHUB_TOKEN }} + + publish: + needs: release-please-pr + if: needs.release-please-pr.result == 'success' && (needs.release-please-pr.outputs.pr_number != '' || needs.release-please-pr.outputs.pr_already_exists == 'true') + runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip + permissions: + contents: write + pull-requests: write + id-token: write + steps: + - uses: actions/checkout@v6 + + - name: Checkout workflows repository + uses: actions/checkout@v6 + with: + repository: heroku/npm-release-workflows + token: ${{ secrets.WORKFLOWS_ACCESS_GITHUB_TOKEN }} + path: workflows-repo + ref: main + + - name: Publish to npm + uses: ./workflows-repo/.github/actions/release-publish-public + with: + package-manager: yarn # npm | yarn | pnpm + workflows_token: ${{ secrets.WORKFLOWS_ACCESS_GITHUB_TOKEN }} + build_command: '' # No build script found + dry_run: ${{ inputs.dry_run }} + npm_tag: ${{ needs.release-please-pr.outputs.npm_tag }} + package_name: ${{ needs.release-please-pr.outputs.package_name }} + pr_number: ${{ needs.release-please-pr.outputs.pr_number }} + branch_name: ${{ github.ref_name }} diff --git a/.github/workflows/update-release-configs.yml b/.github/workflows/update-release-configs.yml new file mode 100644 index 0000000..f36ab82 --- /dev/null +++ b/.github/workflows/update-release-configs.yml @@ -0,0 +1,26 @@ +name: Update Release Configs + +# Generates release-please config files from release-channels.yml + +on: + workflow_dispatch: + +jobs: + update-configs: + runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip + permissions: + contents: write + pull-requests: write + steps: + - uses: actions/checkout@v6 + + - name: Checkout workflows repository + uses: actions/checkout@v6 + with: + repository: heroku/npm-release-workflows + token: ${{ secrets.WORKFLOWS_ACCESS_GITHUB_TOKEN }} + path: workflows-repo + ref: main + + - name: Update release configs + uses: ./workflows-repo/.github/actions/update-release-configs-job-public diff --git a/release-channels.yml b/release-channels.yml new file mode 100644 index 0000000..92df8f0 --- /dev/null +++ b/release-channels.yml @@ -0,0 +1,19 @@ +# Release channels configuration - generates release-please config files + +channels: + main: + branch: main + prerelease: false + npm-tag: latest + + beta: + branch: beta + prerelease: true + prerelease-type: beta + npm-tag: beta + + # alpha: + # branch: alpha + # prerelease: true + # prerelease-type: alpha + # npm-tag: alpha From 9f613efc7332fbd1918faaf332d0bcc4df253ecb Mon Sep 17 00:00:00 2001 From: Michael Malave Date: Tue, 10 Feb 2026 09:04:57 -0800 Subject: [PATCH 2/6] adding workflows for onboarding to the npm-release-workflows shared release --- .../release-please-config.beta.json | 43 ------------------ .../release-please-config.json | 45 +------------------ 2 files changed, 1 insertion(+), 87 deletions(-) diff --git a/.github/release-configs/release-please-config.beta.json b/.github/release-configs/release-please-config.beta.json index 14c12c9..0d34ec1 100644 --- a/.github/release-configs/release-please-config.beta.json +++ b/.github/release-configs/release-please-config.beta.json @@ -7,49 +7,6 @@ "extra-files": ["README.md"], "bump-minor-pre-major": true, "bump-patch-for-minor-pre-major": true, - "changelog-sections": [ - { - "type": "feat", - "section": "Features" - }, - { - "type": "fix", - "section": "Bug Fixes" - }, - { - "type": "perf", - "section": "Performance Improvements" - }, - { - "type": "refactor", - "section": "Code Refactoring" - }, - { - "type": "docs", - "section": "Documentation", - "hidden": false - }, - { - "type": "test", - "section": "Tests", - "hidden": false - }, - { - "type": "build", - "section": "Build System", - "hidden": false - }, - { - "type": "ci", - "section": "Continuous Integration", - "hidden": false - }, - { - "type": "chore", - "section": "Miscellaneous Chores", - "hidden": false - } - ], "prerelease": true, "prerelease-type": "beta" } diff --git a/.github/release-configs/release-please-config.json b/.github/release-configs/release-please-config.json index 2091b0e..862c456 100644 --- a/.github/release-configs/release-please-config.json +++ b/.github/release-configs/release-please-config.json @@ -6,50 +6,7 @@ "changelog-path": "CHANGELOG.md", "extra-files": ["README.md"], "bump-minor-pre-major": true, - "bump-patch-for-minor-pre-major": true, - "changelog-sections": [ - { - "type": "feat", - "section": "Features" - }, - { - "type": "fix", - "section": "Bug Fixes" - }, - { - "type": "perf", - "section": "Performance Improvements" - }, - { - "type": "refactor", - "section": "Code Refactoring" - }, - { - "type": "docs", - "section": "Documentation", - "hidden": false - }, - { - "type": "test", - "section": "Tests", - "hidden": false - }, - { - "type": "build", - "section": "Build System", - "hidden": false - }, - { - "type": "ci", - "section": "Continuous Integration", - "hidden": false - }, - { - "type": "chore", - "section": "Miscellaneous Chores", - "hidden": false - } - ] + "bump-patch-for-minor-pre-major": true } }, "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json", From b9b49f068f7fb7a40d68f1dc5048676944e5629e Mon Sep 17 00:00:00 2001 From: Michael Malave Date: Wed, 11 Feb 2026 22:10:36 -0800 Subject: [PATCH 3/6] adding workflows for onboarding to the npm-release-workflows shared release --- .github/workflows/release-on-push.yml | 12 +++++-- .github/workflows/release.yml | 34 ++++++++++++++++---- .github/workflows/update-release-configs.yml | 10 +++++- 3 files changed, 47 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release-on-push.yml b/.github/workflows/release-on-push.yml index df65e14..560f585 100644 --- a/.github/workflows/release-on-push.yml +++ b/.github/workflows/release-on-push.yml @@ -1,6 +1,7 @@ name: Release on Push # Automatically creates GitHub releases after release PRs are merged +# Uses vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID and secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY on: push: @@ -16,13 +17,20 @@ jobs: contents: write pull-requests: write steps: + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} + private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} + - uses: actions/checkout@v6 - name: Checkout workflows repository uses: actions/checkout@v6 with: repository: heroku/npm-release-workflows - token: ${{ secrets.WORKFLOWS_ACCESS_GITHUB_TOKEN }} + token: ${{ steps.app-token.outputs.token }} path: workflows-repo ref: main @@ -31,4 +39,4 @@ jobs: with: package-manager: yarn # npm | yarn | pnpm branch_name: ${{ github.ref_name }} - token: ${{ secrets.WORKFLOWS_ACCESS_GITHUB_TOKEN }} \ No newline at end of file + token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a9710c3..1e84b8c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,6 +1,7 @@ name: Release -# Public repo workflow using token-based checkout to access private npm-release-workflows +# Public repo workflow using GitHub App token to access private npm-release-workflows +# Uses vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID and secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY on: workflow_dispatch: @@ -15,13 +16,20 @@ jobs: validate: runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip steps: + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} + private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} + - uses: actions/checkout@v6 - name: Checkout workflows repository uses: actions/checkout@v6 with: repository: heroku/npm-release-workflows - token: ${{ secrets.WORKFLOWS_ACCESS_GITHUB_TOKEN }} + token: ${{ steps.app-token.outputs.token }} path: workflows-repo ref: main @@ -49,13 +57,20 @@ jobs: no_release_needed: ${{ steps.release-workflow.outputs.no_release_needed }} pr_already_exists: ${{ steps.release-workflow.outputs.pr_already_exists }} steps: + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} + private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} + - uses: actions/checkout@v6 - name: Checkout workflows repository uses: actions/checkout@v6 with: repository: heroku/npm-release-workflows - token: ${{ secrets.WORKFLOWS_ACCESS_GITHUB_TOKEN }} + token: ${{ steps.app-token.outputs.token }} path: workflows-repo ref: main @@ -66,7 +81,7 @@ jobs: package-manager: yarn # npm | yarn | pnpm branch_name: ${{ github.ref_name }} dry_run: ${{ inputs.dry_run }} - token: ${{ secrets.WORKFLOWS_ACCESS_GITHUB_TOKEN }} + token: ${{ steps.app-token.outputs.token }} publish: needs: release-please-pr @@ -77,13 +92,20 @@ jobs: pull-requests: write id-token: write steps: + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} + private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} + - uses: actions/checkout@v6 - name: Checkout workflows repository uses: actions/checkout@v6 with: repository: heroku/npm-release-workflows - token: ${{ secrets.WORKFLOWS_ACCESS_GITHUB_TOKEN }} + token: ${{ steps.app-token.outputs.token }} path: workflows-repo ref: main @@ -91,7 +113,7 @@ jobs: uses: ./workflows-repo/.github/actions/release-publish-public with: package-manager: yarn # npm | yarn | pnpm - workflows_token: ${{ secrets.WORKFLOWS_ACCESS_GITHUB_TOKEN }} + workflows_token: ${{ steps.app-token.outputs.token }} build_command: '' # No build script found dry_run: ${{ inputs.dry_run }} npm_tag: ${{ needs.release-please-pr.outputs.npm_tag }} diff --git a/.github/workflows/update-release-configs.yml b/.github/workflows/update-release-configs.yml index f36ab82..bda18d7 100644 --- a/.github/workflows/update-release-configs.yml +++ b/.github/workflows/update-release-configs.yml @@ -1,6 +1,7 @@ name: Update Release Configs # Generates release-please config files from release-channels.yml +# Uses vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID and secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY on: workflow_dispatch: @@ -12,13 +13,20 @@ jobs: contents: write pull-requests: write steps: + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} + private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} + - uses: actions/checkout@v6 - name: Checkout workflows repository uses: actions/checkout@v6 with: repository: heroku/npm-release-workflows - token: ${{ secrets.WORKFLOWS_ACCESS_GITHUB_TOKEN }} + token: ${{ steps.app-token.outputs.token }} path: workflows-repo ref: main From 1b6412854ccccaac35c4cdf150033ced2a12cf05 Mon Sep 17 00:00:00 2001 From: Michael Malave Date: Thu, 12 Feb 2026 08:25:37 -0800 Subject: [PATCH 4/6] adding workflows for onboarding to the npm-release-workflows shared release --- .github/workflows/release-on-push.yml | 18 +++++++++----- .github/workflows/release.yml | 36 +++++++++++---------------- 2 files changed, 26 insertions(+), 28 deletions(-) diff --git a/.github/workflows/release-on-push.yml b/.github/workflows/release-on-push.yml index 560f585..a5aa551 100644 --- a/.github/workflows/release-on-push.yml +++ b/.github/workflows/release-on-push.yml @@ -11,11 +11,10 @@ on: # - alpha # Uncomment if you have an alpha channel jobs: - create-release: + generate-token: runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip - permissions: - contents: write - pull-requests: write + outputs: + token: ${{ steps.app-token.outputs.token }} steps: - name: Generate GitHub App token id: app-token @@ -24,13 +23,20 @@ jobs: app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} + create-release: + needs: generate-token + runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip + permissions: + contents: write + pull-requests: write + steps: - uses: actions/checkout@v6 - name: Checkout workflows repository uses: actions/checkout@v6 with: repository: heroku/npm-release-workflows - token: ${{ steps.app-token.outputs.token }} + token: ${{ needs.generate-token.outputs.token }} path: workflows-repo ref: main @@ -39,4 +45,4 @@ jobs: with: package-manager: yarn # npm | yarn | pnpm branch_name: ${{ github.ref_name }} - token: ${{ steps.app-token.outputs.token }} + token: ${{ needs.generate-token.outputs.token }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1e84b8c..57267bd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,8 +13,10 @@ on: required: false jobs: - validate: + generate-token: runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip + outputs: + token: ${{ steps.app-token.outputs.token }} steps: - name: Generate GitHub App token id: app-token @@ -23,13 +25,17 @@ jobs: app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} + validate: + needs: generate-token + runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip + steps: - uses: actions/checkout@v6 - name: Checkout workflows repository uses: actions/checkout@v6 with: repository: heroku/npm-release-workflows - token: ${{ steps.app-token.outputs.token }} + token: ${{ needs.generate-token.outputs.token }} path: workflows-repo ref: main @@ -41,7 +47,7 @@ jobs: test_command: 'run test' release-please-pr: - needs: validate + needs: [generate-token, validate] runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip permissions: contents: write @@ -57,20 +63,13 @@ jobs: no_release_needed: ${{ steps.release-workflow.outputs.no_release_needed }} pr_already_exists: ${{ steps.release-workflow.outputs.pr_already_exists }} steps: - - name: Generate GitHub App token - id: app-token - uses: actions/create-github-app-token@v2 - with: - app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} - private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} - - uses: actions/checkout@v6 - name: Checkout workflows repository uses: actions/checkout@v6 with: repository: heroku/npm-release-workflows - token: ${{ steps.app-token.outputs.token }} + token: ${{ needs.generate-token.outputs.token }} path: workflows-repo ref: main @@ -81,10 +80,10 @@ jobs: package-manager: yarn # npm | yarn | pnpm branch_name: ${{ github.ref_name }} dry_run: ${{ inputs.dry_run }} - token: ${{ steps.app-token.outputs.token }} + token: ${{ needs.generate-token.outputs.token }} publish: - needs: release-please-pr + needs: [generate-token, release-please-pr] if: needs.release-please-pr.result == 'success' && (needs.release-please-pr.outputs.pr_number != '' || needs.release-please-pr.outputs.pr_already_exists == 'true') runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip permissions: @@ -92,20 +91,13 @@ jobs: pull-requests: write id-token: write steps: - - name: Generate GitHub App token - id: app-token - uses: actions/create-github-app-token@v2 - with: - app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} - private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} - - uses: actions/checkout@v6 - name: Checkout workflows repository uses: actions/checkout@v6 with: repository: heroku/npm-release-workflows - token: ${{ steps.app-token.outputs.token }} + token: ${{ needs.generate-token.outputs.token }} path: workflows-repo ref: main @@ -113,7 +105,7 @@ jobs: uses: ./workflows-repo/.github/actions/release-publish-public with: package-manager: yarn # npm | yarn | pnpm - workflows_token: ${{ steps.app-token.outputs.token }} + workflows_token: ${{ needs.generate-token.outputs.token }} build_command: '' # No build script found dry_run: ${{ inputs.dry_run }} npm_tag: ${{ needs.release-please-pr.outputs.npm_tag }} From c5f16f846a4feab606fd1c001347ec79324b4797 Mon Sep 17 00:00:00 2001 From: Michael Malave Date: Thu, 12 Feb 2026 10:21:22 -0800 Subject: [PATCH 5/6] adding workflows for onboarding to the npm-release-workflows shared release --- .github/workflows/release-on-push.yml | 18 +++++--------- .github/workflows/release.yml | 36 ++++++++++++++++----------- 2 files changed, 28 insertions(+), 26 deletions(-) diff --git a/.github/workflows/release-on-push.yml b/.github/workflows/release-on-push.yml index a5aa551..560f585 100644 --- a/.github/workflows/release-on-push.yml +++ b/.github/workflows/release-on-push.yml @@ -11,10 +11,11 @@ on: # - alpha # Uncomment if you have an alpha channel jobs: - generate-token: + create-release: runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip - outputs: - token: ${{ steps.app-token.outputs.token }} + permissions: + contents: write + pull-requests: write steps: - name: Generate GitHub App token id: app-token @@ -23,20 +24,13 @@ jobs: app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} - create-release: - needs: generate-token - runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip - permissions: - contents: write - pull-requests: write - steps: - uses: actions/checkout@v6 - name: Checkout workflows repository uses: actions/checkout@v6 with: repository: heroku/npm-release-workflows - token: ${{ needs.generate-token.outputs.token }} + token: ${{ steps.app-token.outputs.token }} path: workflows-repo ref: main @@ -45,4 +39,4 @@ jobs: with: package-manager: yarn # npm | yarn | pnpm branch_name: ${{ github.ref_name }} - token: ${{ needs.generate-token.outputs.token }} + token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 57267bd..1e84b8c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,10 +13,8 @@ on: required: false jobs: - generate-token: + validate: runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip - outputs: - token: ${{ steps.app-token.outputs.token }} steps: - name: Generate GitHub App token id: app-token @@ -25,17 +23,13 @@ jobs: app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} - validate: - needs: generate-token - runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip - steps: - uses: actions/checkout@v6 - name: Checkout workflows repository uses: actions/checkout@v6 with: repository: heroku/npm-release-workflows - token: ${{ needs.generate-token.outputs.token }} + token: ${{ steps.app-token.outputs.token }} path: workflows-repo ref: main @@ -47,7 +41,7 @@ jobs: test_command: 'run test' release-please-pr: - needs: [generate-token, validate] + needs: validate runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip permissions: contents: write @@ -63,13 +57,20 @@ jobs: no_release_needed: ${{ steps.release-workflow.outputs.no_release_needed }} pr_already_exists: ${{ steps.release-workflow.outputs.pr_already_exists }} steps: + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} + private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} + - uses: actions/checkout@v6 - name: Checkout workflows repository uses: actions/checkout@v6 with: repository: heroku/npm-release-workflows - token: ${{ needs.generate-token.outputs.token }} + token: ${{ steps.app-token.outputs.token }} path: workflows-repo ref: main @@ -80,10 +81,10 @@ jobs: package-manager: yarn # npm | yarn | pnpm branch_name: ${{ github.ref_name }} dry_run: ${{ inputs.dry_run }} - token: ${{ needs.generate-token.outputs.token }} + token: ${{ steps.app-token.outputs.token }} publish: - needs: [generate-token, release-please-pr] + needs: release-please-pr if: needs.release-please-pr.result == 'success' && (needs.release-please-pr.outputs.pr_number != '' || needs.release-please-pr.outputs.pr_already_exists == 'true') runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip permissions: @@ -91,13 +92,20 @@ jobs: pull-requests: write id-token: write steps: + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} + private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} + - uses: actions/checkout@v6 - name: Checkout workflows repository uses: actions/checkout@v6 with: repository: heroku/npm-release-workflows - token: ${{ needs.generate-token.outputs.token }} + token: ${{ steps.app-token.outputs.token }} path: workflows-repo ref: main @@ -105,7 +113,7 @@ jobs: uses: ./workflows-repo/.github/actions/release-publish-public with: package-manager: yarn # npm | yarn | pnpm - workflows_token: ${{ needs.generate-token.outputs.token }} + workflows_token: ${{ steps.app-token.outputs.token }} build_command: '' # No build script found dry_run: ${{ inputs.dry_run }} npm_tag: ${{ needs.release-please-pr.outputs.npm_tag }} From f64dd901c25a782866f960ed9920c496f6611340 Mon Sep 17 00:00:00 2001 From: Michael Malave Date: Thu, 12 Feb 2026 12:41:20 -0800 Subject: [PATCH 6/6] adding workflows for onboarding to the npm-release-workflows shared release --- .github/workflows/release-on-push.yml | 2 ++ .github/workflows/release.yml | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/release-on-push.yml b/.github/workflows/release-on-push.yml index 560f585..b602eda 100644 --- a/.github/workflows/release-on-push.yml +++ b/.github/workflows/release-on-push.yml @@ -17,12 +17,14 @@ jobs: contents: write pull-requests: write steps: + # owner scopes the token to the org installation so it can access other repos (e.g. private npm-release-workflows) - name: Generate GitHub App token id: app-token uses: actions/create-github-app-token@v2 with: app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} - uses: actions/checkout@v6 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1e84b8c..b69692d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,12 +16,14 @@ jobs: validate: runs-on: pub-hk-ubuntu-24.04-ip # Options: ubuntu-latest | sfdc-hk-ubuntu-latest | pub-hk-ubuntu-24.04-ip steps: + # owner scopes the token to the org installation so it can access other repos (e.g. private npm-release-workflows) - name: Generate GitHub App token id: app-token uses: actions/create-github-app-token@v2 with: app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} - uses: actions/checkout@v6 @@ -57,12 +59,14 @@ jobs: no_release_needed: ${{ steps.release-workflow.outputs.no_release_needed }} pr_already_exists: ${{ steps.release-workflow.outputs.pr_already_exists }} steps: + # owner scopes the token to the org installation so it can access other repos (e.g. private npm-release-workflows) - name: Generate GitHub App token id: app-token uses: actions/create-github-app-token@v2 with: app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} - uses: actions/checkout@v6 @@ -92,12 +96,14 @@ jobs: pull-requests: write id-token: write steps: + # owner scopes the token to the org installation so it can access other repos (e.g. private npm-release-workflows) - name: Generate GitHub App token id: app-token uses: actions/create-github-app-token@v2 with: app-id: ${{ vars.DEV_TOOLS_RELEASE_WORKFLOW_APP_ID }} private-key: ${{ secrets.DEV_TOOLS_RELEASE_WORKFLOW_APP_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} - uses: actions/checkout@v6