feat: add GitHub workflow and scripts for publishing dev packages to npm #729
Conversation
|
At the last commit:
Version Format Examples
|
Muhammad-Altabba
requested review from
Copilot,
cygnusv,
derekpierre,
manumonti and
theref
- Support custom version suffixes for manual workflow triggers - Exclude 'pre' and 'test-utils' from dev publishing - Simplify auto-publish versions to use only git hash - Restrict auto-trigger to epic-v*.*.x branches and comment the logic for now
Muhammad-Altabba
force-pushed
the
ci/publish-dev-versions-manually-or-on-epic-merge
branch
from
bf6ce81 to
fe3f015
Compare
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| - ❌ Production environments | ||
| - ❌ Stable development work | ||
|
|
||
| **Note:** Dev versions are automatically published when code is merged to `epic-v*.*.x` branches and can be manually published with custom tags. These versions are unstable and may contain breaking changes or even sometimes broken code.. |
There was a problem hiding this comment.
Double period at the end of the sentence should be a single period.
| **Note:** Dev versions are automatically published when code is merged to `epic-v*.*.x` branches and can be manually published with custom tags. These versions are unstable and may contain breaking changes or even sometimes broken code.. | |
| **Note:** Dev versions are automatically published when code is merged to `epic-v*.*.x` branches and can be manually published with custom tags. These versions are unstable and may contain breaking changes or even sometimes broken code. |
| @@ -0,0 +1,98 @@ | |||
| name: Publish Dev Packages | |||
|
|
|||
| on: | |||
There was a problem hiding this comment.
The commented-out push trigger should either be removed or accompanied by a comment explaining why it's disabled, especially since the PR description mentions auto-publishing on push to epic-** branches.
| on: | |
| on: | |
| # The push trigger is currently disabled. | |
| # Reason: Auto-publishing on push to epic-v* branches is temporarily suspended pending workflow review and improvements. | |
| # See PR description for details. Uncomment to re-enable automatic publishing on push. |
| CURRENT_VERSION=$(node -p "require('./${package_json}').version") | ||
|
|
||
| # Check if this is the first dev publish (version doesn't have -dev suffix) | ||
| if [[ ! "$CURRENT_VERSION" =~ -dev\. ]]; then |
There was a problem hiding this comment.
The regex pattern -dev\. will not match versions like 1.2.3-dev without a dot after 'dev'. This could cause incorrect version bumping if a package has a -dev suffix without the dot separator. Consider using -dev instead of -dev\. to match both cases.
| if [[ ! "$CURRENT_VERSION" =~ -dev\. ]]; then | |
| if [[ ! "$CURRENT_VERSION" =~ -dev(\.|$) ]]; then |
| echo -e "${BLUE}dev publish - bumping patch version${NC}" | ||
| else | ||
| # Subsequent dev publish: strip existing -dev.* suffix to prevent duplication | ||
| BASE_VERSION="${CURRENT_VERSION%%-dev.*}" |
There was a problem hiding this comment.
This string manipulation is inconsistent with the regex check on line 46. If line 46 is changed to match -dev without requiring a dot, this line should use ${CURRENT_VERSION%%-dev*} to handle both -dev and -dev. prefixes consistently.
| BASE_VERSION="${CURRENT_VERSION%%-dev.*}" | |
| BASE_VERSION="${CURRENT_VERSION%%-dev*}" |
|
|
||
| ## Tutorial | ||
|
|
||
| To learn more, follow the tutorial at Threshold |
There was a problem hiding this comment.
Not related with this PR, but we could also change this line and substitute Threshold Network's docs by TACo's docs.
| name: Publish Dev Packages | ||
|
|
||
| on: | ||
| #push: |
There was a problem hiding this comment.
Just curious. Why are we preventing to have this run on push? Maybe I miss some chat about it.
| - name: Checkout repository | ||
| uses: actions/checkout@v5 | ||
| with: | ||
| fetch-depth: 0 |
There was a problem hiding this comment.
nitpick, but this should be enough, shouldn't it?
| fetch-depth: 0 | |
| fetch-depth: 1 |
| return 0 # true, is excluded | ||
| fi | ||
| done | ||
| return 1 # false, not excluded |
There was a problem hiding this comment.
in bash 1 is false and 0 is true 🤯
PR Description: Automated Dev Package Publishing
Type of PR:
Required reviews:
What this does:
This PR implements an automated CI/CD pipeline for publishing development
versions of npm packages. The workflow publishes packages automatically when
code is merged into
epic-**branches and can also be triggered manually viaGitHub Actions UI.
1. GitHub Actions Workflow (
.github/workflows/publish-dev.yml)✅ Triggers automatically on push to
epic-**branches✅ Supports manual dispatch with optional reason input
✅ Uses concurrency control to prevent overlapping publishes
✅ Generates detailed release summaries with installation instructions
✅ Builds all packages before publishing
✅ Uses frozen lockfile for reproducible installs
2. Publish Script (
scripts/publish-dev.sh)✅ Generates dev versions following format:
{next-version}-dev.{branch-name}.{date}.{commit-hash}.{build-number}Example:
1.2.3→1.2.4-dev.epic-new-feature.20250120.aeed464a.17Thecode was tested by publishing to an experimental versions at:
https://www.npmjs.com/package/@nucypher-experimental/taco?activeTab=versions
✅ Handles first-time dev publishes by bumping patch version
✅ Subsequent publishes from same branch reuse base version
✅ Publishes to npm with
devtag for easy installation✅ Restores original package.json versions after publish (no git changes by a chance if someone executed the publishing locally)
✅ Tracks and reports all published packages with a summary which will be
like:
https://github.com/Muhammad-Altabba/taco-web/actions/runs/18629604101/attempts/1#summary-53112397136
✅ Sanitizes branch names for npm version compatibility
For example change
epic-123/test/branch→epic-123-test-branch3. Package.json Update
publish:devscript:./scripts/publish-dev.sh4. README.md Documentation
Issues fixed/closed:
Why it's needed:
This feature addresses a critical development workflow gap. Currently,
developers testing new features from
epic-**branches must either:npm linkorpnpm link(complex setup, pathissues)
Benefits with automated dev package publishing:
✅ Immediate Testing: Install pre-release versions directly from npm using
@devtag that is usable in other projects without local linking.✅ CI/CD Integration: Automated publishing ensures consistency, speed and
reduces human error.
✅ Manual Control: Maintainers can trigger publishes on-demand when needed.
Notes:
To see the manual publishing option, the changes needs to be merged to the default branch. However, for testing the target branch could be set as default, merge to it, then set back the old default branch.
It is easy to change this PR so the publish happens only automatically or manually, if wanted.