Files
ccs/.github/workflows/release.yml
T
Tam Nhu Tran e6ae052527 fix(ci): remove maintainability baseline gate blocking releases
The maintainability gate (process.exit count + sync FS API count) was
a raw grep counter that provided no actionable signal for a CLI tool.
It blocked the v7.53.0 stable release because new features naturally
increased the counts beyond the baseline.

Removed:
- scripts/maintainability-baseline.js
- scripts/maintainability-check.js
- docs/metrics/maintainability-baseline.json
- All maintainability:* npm scripts
- Gate references from release, dev-release, and CI workflows

Quality gates retained: typecheck, eslint, prettier, full test suite.
2026-03-11 10:52:30 +07:00

114 lines
4.1 KiB
YAML

name: Release
on:
push:
branches: [main]
workflow_dispatch:
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
issues: write
pull-requests: write
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
# PAT_TOKEN required: semantic-release pushes version bump commits to main,
# which needs branch protection bypass. github.token cannot push to protected branches.
token: ${{ secrets.PAT_TOKEN }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22'
registry-url: 'https://registry.npmjs.org'
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: '1.3.9'
- name: Install dependencies
run: |
bun install --frozen-lockfile
cd ui && bun install --frozen-lockfile
- name: Build package
run: bun run build:all
- name: Validate (typecheck + lint + format + tests)
run: bun run validate
- name: Release
id: release
env:
HUSKY: 0
# PAT_TOKEN bypasses branch protection so semantic-release can push
# version bump + CHANGELOG commits directly to main
GITHUB_TOKEN: ${{ secrets.PAT_TOKEN }}
GH_TOKEN: ${{ secrets.PAT_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
OUTPUT=$(bunx semantic-release 2>&1) || true
echo "$OUTPUT"
# Strip ANSI color codes before matching (semantic-release outputs colored text)
CLEAN=$(echo "$OUTPUT" | sed 's/\x1b\[[0-9;]*m//g')
if echo "$CLEAN" | grep -q "Published GitHub release"; then
echo "released=true" >> $GITHUB_OUTPUT
else
echo "released=false" >> $GITHUB_OUTPUT
fi
- name: Notify Discord
if: success() && steps.release.outputs.released == 'true'
env:
DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }}
run: |
if [ -z "$DISCORD_WEBHOOK_URL" ]; then
echo "DISCORD_WEBHOOK_URL not set, skipping"
exit 0
fi
node scripts/send-discord-release.cjs production "$DISCORD_WEBHOOK_URL"
- name: Cleanup labels and close released issues
if: success() && steps.release.outputs.released == 'true'
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# semantic-release already adds "released" label via .releaserc.cjs
# This step removes transitional labels and closes issues now in stable.
# Find issues with both "released" and "released-dev" labels
ISSUES=$(gh issue list --label "released" --label "released-dev" --state all --json number --jq '.[].number' 2>/dev/null || echo "")
for NUM in $ISSUES; do
echo "Cleaning up labels on issue #$NUM"
gh issue edit "$NUM" --remove-label "released-dev" --remove-label "pending-release" --repo "${{ github.repository }}" 2>/dev/null || true
done
# Also clean pending-release from any issues with released label
PENDING=$(gh issue list --label "released" --label "pending-release" --state all --json number --jq '.[].number' 2>/dev/null || echo "")
for NUM in $PENDING; do
echo "Removing pending-release from issue #$NUM"
gh issue edit "$NUM" --remove-label "pending-release" --repo "${{ github.repository }}" 2>/dev/null || true
done
# Close open issues that are marked as released
OPEN_RELEASED=$(gh issue list --label "released" --state open --json number --jq '.[].number' 2>/dev/null || echo "")
for NUM in $OPEN_RELEASED; do
echo "Closing released issue #$NUM"
gh issue close "$NUM" \
--comment "[bot] Closing issue because this fix/feature is now in stable release (@latest)." \
--repo "${{ github.repository }}" || true
done