diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index db140f7b..ba39ad4c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,7 +8,7 @@ on: jobs: release: if: ${{ github.ref == 'refs/heads/main' }} - runs-on: ubuntu-latest + runs-on: [self-hosted, linux, x64] permissions: contents: write diff --git a/tests/unit/scripts/github/release-workflow.test.ts b/tests/unit/scripts/github/release-workflow.test.ts new file mode 100644 index 00000000..fb3f592a --- /dev/null +++ b/tests/unit/scripts/github/release-workflow.test.ts @@ -0,0 +1,34 @@ +import { describe, expect, test } from 'bun:test'; +import * as fs from 'node:fs'; +import * as path from 'node:path'; + +function resolvePath(relativePath: string) { + return path.resolve(import.meta.dir, relativePath); +} + +describe('stable release workflow', () => { + test('uses the protected-branch runner and release token path', () => { + const workflowPath = resolvePath('../../../../.github/workflows/release.yml'); + + expect(fs.existsSync(workflowPath)).toBe(true); + + const workflow = fs.readFileSync(workflowPath, 'utf8'); + const checkoutSection = workflow.slice( + workflow.indexOf('- name: Checkout code'), + workflow.indexOf('- name: Setup Node.js') + ); + const releaseSection = workflow.slice( + workflow.indexOf('- name: Release'), + workflow.indexOf('- name: Notify Discord') + ); + + expect(workflow).toContain('name: Release'); + expect(workflow).toContain('branches: [main]'); + expect(workflow).toContain('runs-on: [self-hosted, linux, x64]'); + expect(workflow).not.toContain('runs-on: ubuntu-latest'); + expect(checkoutSection).toContain('token: ${{ secrets.PAT_TOKEN }}'); + expect(releaseSection).toContain('GITHUB_TOKEN: ${{ secrets.PAT_TOKEN }}'); + expect(releaseSection).toContain('GH_TOKEN: ${{ secrets.PAT_TOKEN }}'); + expect(releaseSection).toContain('NPM_TOKEN: ${{ secrets.NPM_TOKEN }}'); + }); +});