refactor(create-expert): clarify context passing mechanism between de… #254
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: [main] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: false | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| id-token: write | |
| env: | |
| PNPM_VERSION: '10.10.0' | |
| NODE_VERSION: '22' | |
| # Allowlist of packages that can be published to npm | |
| ALLOWED_PACKAGES: | | |
| perstack | |
| create-expert | |
| @perstack/runtime | |
| @perstack/base | |
| @perstack/core | |
| @perstack/api-client | |
| jobs: | |
| release: | |
| name: Release | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: ${{ env.PNPM_VERSION }} | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'pnpm' | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Build | |
| run: pnpm run build | |
| - name: Validate publishable packages | |
| run: | | |
| echo "Checking for unauthorized packages in changesets..." | |
| # Get list of packages that would be published | |
| PACKAGES_TO_PUBLISH=$(find .changeset -name "*.md" ! -name "README.md" -exec cat {} \; | grep -E '^"[^"]+":' | sed 's/"//g' | cut -d: -f1 | sort -u) | |
| if [ -z "$PACKAGES_TO_PUBLISH" ]; then | |
| echo "No packages to publish found in changesets." | |
| exit 0 | |
| fi | |
| echo "Packages in changesets:" | |
| echo "$PACKAGES_TO_PUBLISH" | |
| echo "" | |
| # Check each package against allowlist | |
| UNAUTHORIZED="" | |
| while IFS= read -r pkg; do | |
| if ! echo "$ALLOWED_PACKAGES" | grep -qx "$pkg"; then | |
| UNAUTHORIZED="$UNAUTHORIZED$pkg\n" | |
| fi | |
| done <<< "$PACKAGES_TO_PUBLISH" | |
| if [ -n "$UNAUTHORIZED" ]; then | |
| echo "::error::UNAUTHORIZED PACKAGES DETECTED!" | |
| echo "The following packages are NOT in the allowlist and cannot be published:" | |
| echo -e "$UNAUTHORIZED" | |
| echo "" | |
| echo "Allowed packages are:" | |
| echo "$ALLOWED_PACKAGES" | |
| echo "" | |
| echo "If you need to publish these packages, update ALLOWED_PACKAGES in .github/workflows/release.yml" | |
| exit 1 | |
| fi | |
| echo "✅ All packages are authorized for publishing." | |
| - name: Create Release PR or Publish | |
| id: changesets | |
| uses: changesets/action@v1 | |
| with: | |
| version: pnpm run version | |
| publish: pnpm run release | |
| title: 'chore: version packages' | |
| commit: 'chore: version packages' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |