Files
ccs/.github/workflows/release.yml
T
kaitranntt cff38ac53d fix(ci): use built-in GITHUB_TOKEN for release comments
Changes semantic-release to use the built-in GITHUB_TOKEN instead of
PAT_TOKEN so that release comments appear from github-actions[bot]
instead of the repository owner's personal account.

PAT_TOKEN is still used for checkout to ensure downstream workflows
can be triggered by the release commits.
2025-12-19 04:07:45 -05:00

76 lines
2.0 KiB
YAML

name: Release
on:
push:
branches: [main]
workflow_dispatch:
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
issues: write
pull-requests: write
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.PAT_TOKEN }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22'
registry-url: 'https://registry.npmjs.org'
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: latest
- name: Install dependencies
run: |
bun install --frozen-lockfile
cd ui && bun install --frozen-lockfile
- name: Build package
run: bun run build:all
- name: Validate (typecheck + lint + tests)
run: bun run validate
- name: Release
id: release
env:
HUSKY: 0
# Use built-in GITHUB_TOKEN for bot identity on comments/releases
# PAT_TOKEN is only used for checkout (to trigger downstream workflows)
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
OUTPUT=$(bunx semantic-release 2>&1) || true
echo "$OUTPUT"
if echo "$OUTPUT" | grep -q "Published release"; then
echo "released=true" >> $GITHUB_OUTPUT
else
echo "released=false" >> $GITHUB_OUTPUT
fi
- name: Notify Discord
if: success() && steps.release.outputs.released == 'true'
env:
DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}
run: |
if [ -z "$DISCORD_WEBHOOK_URL" ]; then
echo "DISCORD_WEBHOOK_URL not set, skipping"
exit 0
fi
node scripts/send-discord-release.cjs production "$DISCORD_WEBHOOK_URL"