tektoncd · AlanGreene · Dec 18, 2024
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -0,0 +1,123 @@
+name: Publish NPM packages
+
+permissions:
+  contents: read
+
+on:
+  pull_request:
+    branches: ["main"]
+    paths-ignore:
+      - "**"
+      - "!**/package.json"
+      - "!**/package-lock.json"
+    types:
+      - opened
+      - reopened
+      - synchronize
+  push:
+    branches: ["main"]
+    paths-ignore:
+      - "**"
+      - "!**/package.json"
+      - "!**/package-lock.json"
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  publish:
+    if: >-
+      ${{
+        (
+          github.event_name == 'pull_request' &&
+          startsWith(github.event.pull_request.title, 'Publish v') &&
+          endsWith(github.event.pull_request.title, 'of the @tektoncd/dashboard-* packages')
+        ) ||
+        (
+          github.event_name == 'push' &&
+          startsWith(github.event.head_commit.message, 'Publish v') &&
+          endsWith(github.event.head_commit.message, 'of the @tektoncd/dashboard-* packages')
+        )
+      }}
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      # required for npm package provenance
+      id-token: write
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+        with:
+          egress-policy: audit
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          # for PRs checkout the head rather than the merge commit so we can get the original commit message
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
+      - name: Validate PR title and commit message match
+        if: ${{ github.event_name == 'pull_request' }}
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+        run: |
+          COMMIT_MESSAGE="$(git log --pretty=%s -n 1)"
+          if [ "$PR_TITLE" != "$COMMIT_MESSAGE" ]; then
+            echo "::error::PR title and commit message mismatch"
+            echo "Expected format: Publish <version> of the @tektoncd/dashboard-* packages"
+            echo "PR_TITLE:        $PR_TITLE"
+            echo "COMMIT_MESSAGE:  $COMMIT_MESSAGE"
+            exit 1
+          else
+            echo "PR title and commit message match, continuing…"
+          fi
+      - name: Get version
+        id: get-version
+        env:
+          MESSAGE_WITH_VERSION: ${{ github.event.pull_request.title || github.event.head_commit.message }}
+        run: |
+          echo "Extracting version from commit message"
+          VERSION=$(echo "$MESSAGE_WITH_VERSION" | grep -Po '(v\d+\.\d+\.\d+(\S)*)')
+          echo "VERSION: $VERSION"
+          echo "newPackageVersion=${VERSION}" >> $GITHUB_OUTPUT
+      - name: Check version matches package.json
+        run: |
+          EXPECTED_VERSION="${{ steps.get-version.outputs.newPackageVersion }}"
+          mismatch=false
+          for packageJson in ./packages/*/package.json; do
+            VERSION="v$(jq -r .version $packageJson)"
+            PRIVATE="$(jq -r .private)"
+            if [ "$PRIVATE" == "false" ] && [ "$VERSION" != "$EXPECTED_VERSION" ]; then
+              echo "::error::Version mismatch found in $packageJson: ${VERSION}"
+              mismatch=true
+            fi
+          done
+          if [ "$mismatch" == "true" ]; then
+            exit 1
+          fi
+      - name: Check PR is up-to-date
+        if: ${{ github.event_name == 'pull_request' }}
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          BASE_REF="${{github.event.pull_request.base.repo.owner.login}}:${{github.event.pull_request.base.ref}}"
+          HEAD_REF="${{github.event.pull_request.head.repo.owner.login}}:${{github.event.pull_request.head.ref}}"
+          STATUS=$(gh api \
+              -H "Accept: application/vnd.github+json" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              /repos/${{ github.repository }}/compare/${BASE_REF}...${HEAD_REF} | jq -r .status)
+          if [ "$STATUS" != "ahead" ]; then
+            echo "::error::Pull request not up-to-date with base branch, please rebase"
+            exit 1
+          else
+            echo "Pull request is up-to-date with base branch, continuing…"
+          fi
+      - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          node-version-file: .nvmrc
+      - name: Publish dry run
+        if: ${{ github.event_name == 'pull_request' }}
+        run: npm publish --workspaces --provenance --access public --dry-run
+      - name: Publish
+        if: ${{ github.event_name == 'push' }}
+        run: npm publish --workspaces --provenance --access public
+        env:
+          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/components/package.json b/packages/components/package.json
@@ -15,7 +15,7 @@
   "main": "./src/components/index.js",
   "type": "module",
   "scripts": {
-    "version": "npm pkg set \"dependencies.@tektoncd/dashboard-utils=$npm_new_version\"",
+    "prepublishOnly": "npm pkg set \"dependencies.@tektoncd/dashboard-utils=$npm_package_version\"",
     "postpublish": "npm pkg set \"dependencies.@tektoncd/dashboard-utils=file:../utils\""
   },
   "dependencies": {

diff --git a/packages/e2e/package-lock.json b/packages/e2e/package-lock.json
diff --git a/packages/e2e/package.json b/packages/e2e/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@tektoncd/dashboard-e2e",
-  "version": "0.52.0-alpha.1",
+  "version": "0.0.0",
   "author": {
     "name": "The Tekton Authors"
   },

diff --git a/packages/graph/package.json b/packages/graph/package.json
@@ -17,7 +17,7 @@
   "main": "./src/index.js",
   "type": "module",
   "scripts": {
-    "version": "npm pkg set \"dependencies.@tektoncd/dashboard-utils=$npm_new_version\"",
+    "prepublishOnly": "npm pkg set \"dependencies.@tektoncd/dashboard-utils=$npm_package_version\"",
     "postpublish": "npm pkg set \"dependencies.@tektoncd/dashboard-utils=file:../utils\""
   },
   "dependencies": {

diff --git a/tekton/README.md b/tekton/README.md
@@ -162,13 +162,15 @@ To update the Dashboard release on the [`dogfooding` cluster](https://dashboard.
 
 To release a new version of the npm packages, e.g. `@tektoncd/dashboard-components`:
 
-1. ensure you have the relevant commit checked out and that you're at the root of the project
+1. ensure you have checked out the latest change and that you're at the root of the project
 1. `npm --workspaces version <version>` where version is a valid semver string, e.g. `0.24.1-alpha.0`
     - Note: On Windows set the npm script-shell to git-bash, e.g.: `npm config set script-shell "C:\\Program Files\\Git\\bin\\bash.exe"`
-1. `npm --workspaces publish --otp <one-time-passcode>`
-1. once the packages are published run `npm install`
-1. stage and commit the changes to the package.json and package-lock.json files and open a new PR to record the release
-1. build and publish the Storybook:
-   1. `npm run storybook:build`
+1. commit the change and open a PR
+   - Note: both the PR title and commit message should use the following format:
+     > `Publish v<version> of the @tektoncd/dashboard-* packages`
+
+     e.g. `Publish v0.24.1-alpha.0 of the @tektoncd/dashboard-* packages`
+1. once the packages are published, build and publish the Storybook:
+   1. `npm run storybook:build` - optional, deploys to your fork (origin)
    1. `npm run storybook:deploy -- --remote upstream`
    1. verify that the updated version is available at https://tektoncd.github.io/dashboard/