Merge pull request #69 from ember-cli/release-plan

start using release-plan

Author: mansona

.github/workflows/ci.yml

@@ -51,6 +51,8 @@ jobs:
       - uses: actions/checkout@v6
       # use the built-in npm for these super old tests
       - run: cat package.json | jq "del(.packageManager)" | tee package.json
+      # release-plan isn't needed for the test and has sub-deps that cause old npm to fail
+      - run: cat package.json | jq "del(.devDependencies[\"release-plan\"])" | tee package.json
       - uses: actions/setup-node@v6
         with:
           node-version: ${{ matrix.node-version }}

.github/workflows/plan-release.yml

@@ -0,0 +1,61 @@
+name: Plan Release
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - master
+  pull_request_target: # This workflow has permissions on the repo, do NOT run code from PRs in this workflow. See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+    types:
+      - labeled
+      - unlabeled
+
+concurrency:
+  group: plan-release # only the latest one of these should ever be running
+  cancel-in-progress: true
+
+jobs:
+  should-run-release-plan-prepare:
+    name: Should we run release-plan prepare?
+    runs-on: ubuntu-latest
+    outputs:
+      should-prepare: ${{ steps.should-prepare.outputs.should-prepare }}
+    steps:
+      - uses: release-plan/actions/should-prepare-release@v1
+        with:
+          ref: 'master'
+        id: should-prepare
+
+  create-prepare-release-pr:
+    name: Create Prepare Release PR
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    needs: should-run-release-plan-prepare
+    permissions:
+      contents: write
+      issues: read
+      pull-requests: write
+    if: needs.should-run-release-plan-prepare.outputs.should-prepare == 'true'
+    steps:
+      - uses: release-plan/actions/prepare@v1
+        name: Run release-plan prepare
+        with:
+          ref: 'master'
+        env:
+          GITHUB_AUTH: ${{ secrets.GITHUB_TOKEN }}
+        id: explanation
+
+      - uses: peter-evans/create-pull-request@v8
+        name: Create Prepare Release PR
+        with:
+          commit-message: "Prepare Release ${{ steps.explanation.outputs.new-version}} using 'release-plan'"
+          labels: "internal"
+          sign-commits: true
+          branch: release-preview
+          title: Prepare Release ${{ steps.explanation.outputs.new-version }}
+          body: |
+            This PR is a preview of the release that [release-plan](https://github.com/embroider-build/release-plan) has prepared. To release you should just merge this PR 👍
+
+            -----------------------------------------
+
+            ${{ steps.explanation.outputs.text }}

.github/workflows/publish.yml

@@ -0,0 +1,41 @@
+# For every push to the primary branch with .release-plan.json modified,
+# runs release-plan.
+
+name: Publish Stable
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - master
+    paths:
+      - '.release-plan.json'
+
+concurrency:
+  group: publish-${{ github.head_ref || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  publish:
+    name: "NPM Publish"
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+      attestations: write
+
+    steps:
+      - uses: actions/checkout@v6
+      - uses: pnpm/action-setup@v4
+      - uses: actions/setup-node@v6
+        with:
+          node-version: 22
+          registry-url: 'https://registry.npmjs.org'
+          cache: pnpm
+      - run: npm install -g npm@latest # ensure that the globally installed npm is new enough to support OIDC
+      - run: pnpm install --frozen-lockfile
+      - name: Publish to NPM
+        run: NPM_CONFIG_PROVENANCE=true pnpm release-plan publish
+        env:
+          GITHUB_AUTH: ${{ secrets.GITHUB_TOKEN }}

CHANGELOG.md

@@ -0,0 +1 @@
+# Changelog

RELEASE.md

@@ -0,0 +1,27 @@
+# Release Process
+
+Releases in this repo are mostly automated using [release-plan](https://github.com/embroider-build/release-plan/). Once you label all your PRs correctly (see below) you will have an automatically generated PR that updates your CHANGELOG.md file and a `.release-plan.json` that is used to prepare the release once the PR is merged.
+
+## Preparation
+
+Since the majority of the actual release process is automated, the remaining tasks before releasing are:
+
+- correctly labeling **all** pull requests that have been merged since the last release
+- updating pull request titles so they make sense to our users
+
+Some great information on why this is important can be found at [keepachangelog.com](https://keepachangelog.com/en/1.1.0/), but the overall
+guiding principle here is that changelogs are for humans, not machines.
+
+When reviewing merged PR's the labels to be used are:
+
+- breaking - Used when the PR is considered a breaking change.
+- enhancement - Used when the PR adds a new feature or enhancement.
+- bug - Used when the PR fixes a bug included in a previous release.
+- documentation - Used when the PR adds or updates documentation.
+- internal - Internal changes or things that don't fit in any other category.
+
+**Note:** `release-plan` requires that **all** PRs are labeled. If a PR doesn't fit in a category it's fine to label it as `internal`
+
+## Release
+
+Once the prep work is completed, the actual release is straight forward: you just need to merge the open [Plan Release](https://github.com/ember-cli/hash-for-dep/pulls?q=is%3Apr+is%3Aopen+%22Prepare+Release%22+in%3Atitle) PR

package.json

@@ -2,21 +2,21 @@
   "name": "hash-for-dep",
   "version": "1.5.1",
   "description": "generates a hash that represents a module and its depenencies uniqueness",
-  "main": "index.js",
-  "scripts": {
-    "test": "mocha tests/**/*-test.js",
-    "test:debug": "mocha debug tests/**/*-test.js"
+  "homepage": "https://github.com/ember-cli/hash-for-dep#readme",
+  "bugs": {
+    "url": "https://github.com/ember-cli/hash-for-dep/issues"
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/stefanpenner/hash-for-dep.git"
+    "url": "git+https://github.com/ember-cli/hash-for-dep.git"
   },
-  "author": "Stefan Penner <stefan.penner@gmail.com>",
   "license": "ISC",
-  "bugs": {
-    "url": "https://github.com/stefanpenner/hash-for-dep/issues"
+  "author": "Stefan Penner <stefan.penner@gmail.com>",
+  "main": "index.js",
+  "scripts": {
+    "test": "mocha tests/**/*-test.js",
+    "test:debug": "mocha debug tests/**/*-test.js"
   },
-  "homepage": "https://github.com/stefanpenner/hash-for-dep#readme",
   "dependencies": {
     "heimdalljs": "^0.2.3",
     "heimdalljs-logger": "^0.1.7",
@@ -25,7 +25,8 @@
   },
   "devDependencies": {
     "chai": "^3.5.0",
-    "mocha": "^2.2.4"
+    "mocha": "^2.2.4",
+    "release-plan": "^0.17.4"
   },
   "packageManager": "pnpm@10.28.2"
 }