ci: auto-publish create-stark-rn on version bump (reusable publish workflow)#54
Open
tu11aa wants to merge 2 commits into
Open
ci: auto-publish create-stark-rn on version bump (reusable publish workflow)#54tu11aa wants to merge 2 commits into
tu11aa wants to merge 2 commits into
Conversation
- Add workflow_call trigger mirroring workflow_dispatch inputs (version, dry_run) plus a new 'ref' input. - Checkout an explicit ref (inputs.ref || github.ref_name) so callers can publish from the post-bump tree instead of the caller's triggering SHA. - Use the unified 'inputs' context (works for both workflow_dispatch and workflow_call) instead of github.event.inputs. - Normalize dry_run through a shell step to avoid GitHub's string/boolean loose-equality pitfall across trigger types. Manual workflow_dispatch behavior is unchanged: empty ref falls back to the triggering branch, empty version falls back to root package.json.
Wire the publish pipeline into version-bump so a bump + npm publish happen in one flow (matching scaffold-stark-2's release behavior), while the standalone manual publish button still works. - Expose the computed version as a 'bump' job output. - Add a 'publish' job: needs: bump, uses the reusable npm-publish-cli workflow with secrets: inherit. - Pass ref: main so publish runs against the POST-bump tree: by the time 'publish' starts, 'needs: bump' guarantees the bump job has already pushed the chore(release): commit to origin/main. - Loop guard preserved: a chore(release): push skips 'bump', and 'needs: bump' then skips 'publish' too (no double publish).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Wires automatic npm publish into the version-bump pipeline so
scaffold-stark-rnbehaves likescaffold-stark-2: a version bump and thecreate-stark-rnnpm publish now happen in one flow. The standalone manual publish button is fully preserved as a fallback.Before:
version-bump.yml(push tomain) bumped versions, committedchore(release): X, tagged, pushed — and stopped.npm-publish-cli.ymlwasworkflow_dispatch-only; nothing triggered it automatically, socreate-stark-rnonly reached npm when a human clicked Run.After: the bump job's computed version feeds a new
publishjob that calls the (now reusable) publish workflow automatically.Approach
npm-publish-cli.yml→ reusable workflow. Added aworkflow_call:trigger mirroring the existingworkflow_dispatch:inputs (version,dry_run) plus a newrefinput. Switched fromgithub.event.inputs.*to the unifiedinputs.*context (valid for bothworkflow_dispatchandworkflow_call).dry_runis now normalized through a shell step to dodge GitHub's string-vs-boolean loose-equality pitfall ('true' == trueis false in Actions expressions).version-bump.yml→ wire publish. Thebumpjob now exposesnew_versionas an output. A newpublishjob (needs: bump) calls./.github/workflows/npm-publish-cli.ymlwithsecrets: inherit, passingversion: <new_version>,ref: main,dry_run: false.Timing-hazard trace (the important part)
The hazard: in a single workflow run,
actions/checkoutdefaults to the SHA that triggered the run — the commit before thechore(release):bump. A naive publish job would rsync the template from the pre-bumppackages/rn/and publish stale source under the new version number.How this PR avoids it — full trace (developer merges
feat: …tomain, SHAA):bumprunsifguard:A's msg isfeat: …→ notchore(release):→ runs. Computes e.g.1.0.5 → 1.1.0. Commitschore(release): 1.1.0= SHAB, tags,git push origin main→ origin/main tip = B. Job outputnew_version=1.1.0.publishrunsneeds: bump⇒ starts only after bump pushedB. Calls reusable workflow withref: main.ref: ${{ inputs.ref || github.ref_name }}→main→ checks out origin/main = B (post-bump tree).packages/rn/is the bumped source. ✅inputs.version = 1.1.0→npm version 1.1.0. Published version == bumped version. ✅dry_runnormalized tofalse→npm publish --access publicwithNPM_TOKEN(viasecrets: inherit).B's msg ischore(release):→bumpskipped →needs: bump⇒publishskipped. No double publish, no loop. ✅ref: main(not thevXtag) is a deliberate choice — see "Pre-existing issue noted" below.Preserved behavior
chore(release):push skips bothbumpandpublish).dry_runend-to-end (and now type-safe across both triggers).NPM_TOKENreaches the publish job viasecrets: inherit.workflow_dispatchstill works standalone: emptyref→ triggering branch; emptyversion→ rootpackage.json(identical to prior behavior).workflow_dispatchof version-bump now also bump+publishes (matches the requested scaffold-stark-2 behavior).Verification
actionlinton both workflows: clean, no findings (validatesinputscontext vs triggers, local reusableuses:,secrets: inherit).python3 -c "yaml.safe_load(...)"both files: parse OK.gh workflow run/disablereturn 404 until the workflow exists on the default branch — known repo constraint).version-bump.ymlonly fires on push tomain. Per repo convention this PR targetsdevelop, so it has no effect untildevelopis merged tomain. The auto-publish path goes live on the first non-chore(release):push tomainafter that merge.Pre-existing issue noted (not fixed here — out of scope)
version-bump.ymlcreates a lightweight tag (git tag "v$VERSION") but pushes withgit push origin main --follow-tags, which only pushes annotated tags — sovXtags likely never reach origin today. This PR intentionally publishes fromref: mainrather thanref: vXso it is not affected by this. Flagging for a separate fix if tag-on-origin is desired.Files changed
.github/workflows/npm-publish-cli.yml—+38 / -5(reusable viaworkflow_call, unifiedinputs, normalizeddry_run, explicit checkoutref)..github/workflows/version-bump.yml—+19 / -0(bump job output + newpublishjob).