chore(release): bump version to 0.3.0 #21
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "v*.*.*" | |
| concurrency: | |
| group: release-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: false | |
| env: | |
| NODE_VERSION: 24 | |
| PNPM_VERSION: 10.23.0 | |
| jobs: | |
| release: | |
| # DO NOT change this job back to a self-hosted runner. | |
| # npm trusted publishing + provenance for GitHub Actions releases | |
| # requires a GitHub-hosted runner, and publishing fails on self-hosted | |
| # environments with: | |
| # "Unsupported GitHub Actions runner environment: self-hosted". | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - uses: pnpm/action-setup@v4 | |
| with: | |
| version: ${{ env.PNPM_VERSION }} | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| check-latest: true | |
| cache: pnpm | |
| - run: pnpm install --frozen-lockfile | |
| - name: Validate package metadata for trusted publishing | |
| run: | | |
| node - <<'NODE' | |
| const { readFileSync } = require("node:fs"); | |
| const pkg = JSON.parse(readFileSync("package.json", "utf8")); | |
| const expectedAuthor = "OpenClaw Team <dev@openclaw.ai>"; | |
| const expectedRepoUrl = "https://github.com/openclaw/acpx"; | |
| const normalizeRepoUrl = (value) => | |
| String(value ?? "") | |
| .trim() | |
| .replace(/^git\+/, "") | |
| .replace(/\.git$/i, "") | |
| .replace(/\/+$/, ""); | |
| const actualRepoUrl = normalizeRepoUrl(pkg?.repository?.url); | |
| const expectedRepoUrlNormalized = normalizeRepoUrl(expectedRepoUrl); | |
| const errors = []; | |
| if (actualRepoUrl !== expectedRepoUrlNormalized) { | |
| errors.push( | |
| `package.json repository.url must resolve to ${expectedRepoUrlNormalized}; found ${actualRepoUrl || "<missing>"}` | |
| ); | |
| } | |
| if ((pkg?.author ?? "") !== expectedAuthor) { | |
| errors.push( | |
| `package.json author must be exactly "${expectedAuthor}"; found "${pkg?.author ?? ""}"` | |
| ); | |
| } | |
| if (errors.length > 0) { | |
| for (const err of errors) { | |
| console.error(err); | |
| } | |
| process.exit(1); | |
| } | |
| console.log("Package metadata validated."); | |
| NODE | |
| - name: Validate release tag | |
| env: | |
| RELEASE_SHA: ${{ github.sha }} | |
| RELEASE_TAG: ${{ github.ref_name }} | |
| run: | | |
| set -euo pipefail | |
| git fetch --no-tags origin main --depth=1 | |
| node - <<'NODE' | |
| const { execFileSync } = require("node:child_process"); | |
| const { readFileSync } = require("node:fs"); | |
| const releaseTag = process.env.RELEASE_TAG ?? ""; | |
| const releaseSha = process.env.RELEASE_SHA ?? ""; | |
| const semverTag = /^v\d+\.\d+\.\d+$/; | |
| if (!semverTag.test(releaseTag)) { | |
| console.error( | |
| `Release tags must match vX.Y.Z; received ${releaseTag || "<missing>"}.` | |
| ); | |
| process.exit(1); | |
| } | |
| const pkg = JSON.parse(readFileSync("package.json", "utf8")); | |
| const expectedTag = `v${pkg.version}`; | |
| if (releaseTag !== expectedTag) { | |
| console.error( | |
| `Release tag ${releaseTag} does not match package.json version ${pkg.version}; expected ${expectedTag}.` | |
| ); | |
| process.exit(1); | |
| } | |
| try { | |
| execFileSync( | |
| "git", | |
| ["merge-base", "--is-ancestor", releaseSha, "origin/main"], | |
| { stdio: "ignore" } | |
| ); | |
| } catch { | |
| console.error( | |
| `Tagged commit ${releaseSha} is not contained in origin/main.` | |
| ); | |
| process.exit(1); | |
| } | |
| console.log( | |
| `Release tag ${releaseTag} matches package.json and points to a commit on origin/main.` | |
| ); | |
| NODE | |
| - name: Ensure version is not already published | |
| run: | | |
| set -euo pipefail | |
| PACKAGE_VERSION=$(node -p "require('./package.json').version") | |
| PUBLISHED_VERSION=$(npm view acpx version 2>/dev/null || true) | |
| if [ "$PUBLISHED_VERSION" = "$PACKAGE_VERSION" ]; then | |
| echo "acpx@$PACKAGE_VERSION is already published on npm." | |
| exit 1 | |
| fi | |
| echo "Publishing acpx@$PACKAGE_VERSION" | |
| - run: pnpm run lint | |
| - run: pnpm run typecheck | |
| - run: pnpm run build | |
| - name: Publish | |
| run: npm publish --access public --provenance |