name: Dev Release on: push: branches: [dev] workflow_dispatch: concurrency: group: dev-release-${{ github.ref }} cancel-in-progress: false jobs: guard: if: ${{ github.ref == 'refs/heads/dev' }} runs-on: [self-hosted, linux, x64] outputs: should_release: ${{ steps.release-guard.outputs.should_release }} steps: - name: Check release recursion guard id: release-guard shell: bash run: | SHOULD_RELEASE=true if [[ "$GITHUB_EVENT_NAME" == "push" ]]; then HEAD_SUBJECT=$(jq -r '.head_commit.message // "" | split("\n")[0]' "$GITHUB_EVENT_PATH") case "$HEAD_SUBJECT" in "chore(release): "*) SHOULD_RELEASE=false echo "Skipping generated dev release commit: $HEAD_SUBJECT" ;; esac fi echo "should_release=$SHOULD_RELEASE" >> "$GITHUB_OUTPUT" release: needs: guard if: ${{ needs.guard.outputs.should_release == 'true' }} runs-on: [self-hosted, linux, x64] permissions: contents: write issues: write pull-requests: write id-token: write steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 ref: dev persist-credentials: false - name: Setup Bun uses: oven-sh/setup-bun@v2 with: bun-version: '1.3.9' - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '22' registry-url: 'https://registry.npmjs.org' - name: Install dependencies run: bash scripts/ensure-deps.sh - name: Build run: bun run build:all - name: Validate fast gate run: bun run validate - name: Test slow bucket run: bun run test:slow - name: Test CLI e2e env: CCS_E2E_SKIP_BUILD: '1' run: bun run test:e2e - name: Release id: release env: HUSKY: 0 # PAT_TOKEN bypasses branch protection so the workflow can push # the dev release commit and tag back to the protected dev branch. GITHUB_TOKEN: ${{ secrets.PAT_TOKEN }} GH_TOKEN: ${{ secrets.PAT_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} run: | auth_header=$(printf 'x-access-token:%s' "$GITHUB_TOKEN" | base64 | tr -d '\n') echo "::add-mask::${auth_header}" export GIT_CONFIG_COUNT=2 export GIT_CONFIG_KEY_0=http.https://github.com/kaitranntt/ccs.extraheader export GIT_CONFIG_VALUE_0="AUTHORIZATION: basic ${auth_header}" export GIT_CONFIG_KEY_1=http.https://github.com/kaitranntt/ccs.git.extraheader export GIT_CONFIG_VALUE_1="AUTHORIZATION: basic ${auth_header}" # Use custom dev release script instead of semantic-release. # This ensures dev versions follow {stable}-dev.{N} pattern. chmod +x scripts/dev-release.sh ./scripts/dev-release.sh - name: Notify Discord if: success() && steps.release.outputs.released == 'true' env: DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} run: | if [ -z "$DISCORD_WEBHOOK_URL" ]; then echo "DISCORD_WEBHOOK_URL not set, skipping" exit 0 fi node scripts/send-discord-release.cjs dev "$DISCORD_WEBHOOK_URL" - name: Tag resolved issues if: success() && steps.release.outputs.released == 'true' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} PREVIOUS_DEV_TAG: ${{ steps.release.outputs.previous_dev_tag }} STABLE_TAG: ${{ steps.release.outputs.stable_tag }} run: | # Get version from package.json VERSION=$(jq -r '.version' package.json) # Get commits ONLY since last dev tag (not all release commits) # This prevents re-tagging issues from older releases if [[ -n "$PREVIOUS_DEV_TAG" ]]; then # Commits between last dev tag and current (excluding release commit) RANGE="${PREVIOUS_DEV_TAG}..HEAD~1" else # First dev release - check commits since last stable tag RANGE="${STABLE_TAG:-HEAD~10}..HEAD~1" fi echo "Checking commits in range: $RANGE" COMMIT_TEXT=$(git log $RANGE --pretty=format:"%s%n%b" 2>/dev/null || true) ISSUES_FROM_COMMITS=$(printf '%s\n' "$COMMIT_TEXT" | \ perl -ne 'while (/\b(?:fixes|closes|resolves|refs?)\s+((?:#[0-9]+\b(?:\s*(?:,|and)?\s*#[0-9]+\b)*))/ig) { print "$1\n"; }' | \ grep -oE '#[0-9]+' || true) PR_CANDIDATES=$(printf '%s\n' "$COMMIT_TEXT" | \ grep -oE "Merge pull request #[0-9]+|\\(#[0-9]+\\)" | \ grep -oE "[0-9]+" | sort -u || true) PR_TEXT="" for PR_NUM in $PR_CANDIDATES; do DETAILS=$(gh pr view "$PR_NUM" --repo "${{ github.repository }}" --json title,body --jq '.title + "\n" + (.body // "")' 2>/dev/null || true) if [[ -n "$DETAILS" ]]; then PR_TEXT="${PR_TEXT}"$'\n'"${DETAILS}" fi done ISSUES_FROM_PRS=$(printf '%s\n' "$PR_TEXT" | \ perl -ne 'while (/\b(?:fixes|closes|resolves|refs?)\s+((?:#[0-9]+\b(?:\s*(?:,|and)?\s*#[0-9]+\b)*))/ig) { print "$1\n"; }' | \ grep -oE '#[0-9]+' || true) ISSUES=$(printf '%s\n%s\n' "$ISSUES_FROM_COMMITS" "$ISSUES_FROM_PRS" | \ grep -oE "#[0-9]+" | sort -u || true) if [[ -z "$ISSUES" ]]; then echo "No linked issues found in range" exit 0 fi # Create label if needed gh label create "released-dev" \ --color "1d76db" \ --description "Fix available in @dev npm channel" \ --repo ${{ github.repository }} 2>/dev/null || true for ISSUE in $ISSUES; do NUM=${ISSUE#\#} # Skip if already has ANY release label (prevents duplicate comments) RELEASE_LABELS=$(gh issue view "$NUM" --repo "${{ github.repository }}" --json labels --jq '[.labels[].name | select(startswith("released"))] | length' 2>/dev/null || echo "0") if [[ "$RELEASE_LABELS" -gt 0 ]]; then echo "Issue #$NUM already released, skipping" continue fi echo "Tagging issue #$NUM" # Remove pending-release (transition), add released-dev gh issue edit "$NUM" --remove-label "pending-release" --add-label "released-dev" --repo "${{ github.repository }}" 2>/dev/null || \ gh issue edit "$NUM" --add-label "released-dev" --repo "${{ github.repository }}" || true gh issue comment "$NUM" --repo "${{ github.repository }}" --body "[bot] Available in \`$VERSION\`. Install: \`ccs update --dev\`" || true done