From 5f9f8698da03bff7437db9953817343a99315f79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iiro=20Ja=CC=88ppinen?= Date: Tue, 4 Nov 2025 13:52:11 +0200 Subject: [PATCH 1/3] docs: add CONTRIBUTING.md --- CONTRIBUTING.md | 15 +++++++++++++++ README.md | 4 ++++ 2 files changed, 19 insertions(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..cc62ff2 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,15 @@ +# Contributing + +Contributing changes to `@s-group/react-usercentrics` is almost fully automated through Git branches and GitHub Actions. + +1. Create a new Git branch for your change +1. Commit changes to the branch following the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) specification + - The commit messages you use will determine the type of new version bump that will be created. See the complete list of release types in the [`@semantic-release/commit-analyzer` default configuration](https://github.com/semantic-release/commit-analyzer/blob/master/lib/default-release-rules.js) + - `feat` commit types will create a _minor_ `0.1.0` bump + - `fix` and `Revert` commit types will create a _patch_ `0.0.1` bump + - Writing `BREAKING CHANGE:` as a prefix in the commit message body, or adding an exclamation mark after any commit type (for example `feat!`) will create a _major_ `1.0.0` bump +1. Push your branch to the GitHub origin, and open a new Pull Request +1. GitHub Actions will automatically run checks against your changes + - You can also see a preview of the upcoming version bump in the checks +1. After the checks have successfully passed, you can merge your Pull Request to the default branch +1. GitHub Actions will automatically create a new version commit, attach a Git tag to it (for example `v3.0.4`), create a GitHub release, and publish the new npm package to the [npmjs.com](https://www.npmjs.com/package/@s-group/react-usercentrics) official registry! diff --git a/README.md b/README.md index b8db61d..c4c94a1 100644 --- a/README.md +++ b/README.md @@ -392,3 +392,7 @@ Useful for rendering custom UI with like listing services' names and description const services = await getServiceInfo() const { name, description } = services['my-service-id'] ``` + +## Development + +See [CONTRIBUTING.md](./CONTRIBUTING.md). From 7d9e1fc36f98d6597c3735c7cc9cd455e09754d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iiro=20Ja=CC=88ppinen?= Date: Tue, 4 Nov 2025 14:06:04 +0200 Subject: [PATCH 2/3] ci: add semantic-release dry-run action --- .github/workflows/pull-requests.yml | 34 +++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/.github/workflows/pull-requests.yml b/.github/workflows/pull-requests.yml index b3d12e7..b1db13d 100644 --- a/.github/workflows/pull-requests.yml +++ b/.github/workflows/pull-requests.yml @@ -3,6 +3,9 @@ name: Pull Requests on: pull_request: +permissions: + contents: read + jobs: Install: runs-on: ubuntu-latest @@ -97,3 +100,34 @@ jobs: restore-keys: | ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} - run: npm run build + + Release-dry-run: + name: Release (dry-run) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5 + with: + token: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} + ref: ${{ github.head_ref }} + fetch-depth: 0 + - uses: actions/setup-node@v6 + with: + node-version-file: .node-version + package-manager-cache: false + - uses: actions/cache@v4 + id: cache-node_modules + with: + path: node_modules + key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} + - name: semantic-release --dry-run + run: | + unset GITHUB_ACTIONS + npx semantic-release --dry-run --no-ci --branches "${GITHUB_HEAD_REF}" + env: + GH_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }} + GIT_AUTHOR_NAME: ${{ github.event.head_commit.author.name }} + GIT_AUTHOR_EMAIL: ${{ github.event.head_commit.author.email }} + GIT_GIT_COMMITTER_NAME_NAME: ${{ github.event.head_commit.committer.name }} + GIT_GIT_COMMITTER_NAME_EMAIL: ${{ github.event.head_commit.committer.email }} From 15bd55bad3a924386d61d78be0a11a3ab53e2533 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iiro=20Ja=CC=88ppinen?= Date: Tue, 4 Nov 2025 14:12:51 +0200 Subject: [PATCH 3/3] ci: add default read-only permissions --- .github/workflows/main.yml | 7 +++++++ .github/workflows/release.yml | 3 +++ 2 files changed, 10 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index cccb67b..c96f356 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,6 +6,9 @@ on: - main - beta +permissions: + contents: read + jobs: Install: runs-on: ubuntu-latest @@ -104,6 +107,10 @@ jobs: Release: # Prevent infinite release loop if: ${{ !startsWith(github.event.head_commit.message, 'chore(release)') }} + permissions: + contents: write + issues: write + pull_requests: write needs: - Lint - Typecheck diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 31a60d8..28af0ae 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,9 @@ on: # Beta release tags, e.g. "v3.0.0-beta.1" - 'v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+' +permissions: + contents: read + jobs: Install: runs-on: ubuntu-latest