Release #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| increment: | |
| description: "Version bump (patch, minor, major)" | |
| required: true | |
| default: "patch" | |
| type: choice | |
| options: | |
| - patch | |
| - minor | |
| - major | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24 | |
| check-latest: true | |
| cache: npm | |
| - run: git config user.name "github-actions[bot]" | |
| - run: git config user.email "github-actions[bot]@users.noreply.github.com" | |
| - run: npm ci | |
| - name: Validate package metadata for trusted publishing | |
| run: | | |
| node - <<'NODE' | |
| const { readFileSync } = require("node:fs"); | |
| const pkg = JSON.parse(readFileSync("package.json", "utf8")); | |
| const expectedAuthor = "OpenClaw Team <dev@openclaw.ai>"; | |
| const expectedRepoUrl = "https://github.com/openclaw/acpx"; | |
| const normalizeRepoUrl = (value) => | |
| String(value ?? "") | |
| .trim() | |
| .replace(/^git\+/, "") | |
| .replace(/\.git$/i, "") | |
| .replace(/\/+$/, ""); | |
| const actualRepoUrl = normalizeRepoUrl(pkg?.repository?.url); | |
| const expectedRepoUrlNormalized = normalizeRepoUrl(expectedRepoUrl); | |
| const errors = []; | |
| if (actualRepoUrl !== expectedRepoUrlNormalized) { | |
| errors.push( | |
| `package.json repository.url must resolve to ${expectedRepoUrlNormalized}; found ${actualRepoUrl || "<missing>"}` | |
| ); | |
| } | |
| if ((pkg?.author ?? "") !== expectedAuthor) { | |
| errors.push( | |
| `package.json author must be exactly "${expectedAuthor}"; found "${pkg?.author ?? ""}"` | |
| ); | |
| } | |
| if (errors.length > 0) { | |
| for (const err of errors) { | |
| console.error(err); | |
| } | |
| process.exit(1); | |
| } | |
| console.log("Package metadata validated."); | |
| NODE | |
| - run: npm run lint | |
| - run: npm run typecheck | |
| - run: npm run build | |
| # Fetch latest version from npm, bump it, write to package.json. | |
| # Nothing is committed — the bumped version lives only in the CI | |
| # runner's working directory. release-it tags + publishes from it. | |
| - name: Bump version from npm registry | |
| run: | | |
| LATEST=$(npm view acpx version 2>/dev/null || echo "0.0.0") | |
| echo "Latest on npm: $LATEST" | |
| npm version --no-git-tag-version "$LATEST" --allow-same-version | |
| npm version --no-git-tag-version ${{ inputs.increment }} | |
| VERSION=$(node -p 'require("./package.json").version') | |
| echo "Releasing: $VERSION" | |
| - name: Release | |
| run: | | |
| VERSION=$(node -p 'require("./package.json").version') | |
| npm run release:ci -- --increment "$VERSION" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NPM_CONFIG_PROVENANCE: "true" |