chore: make package private to prevent npm publication #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Automated Release Pipeline | |
| # | |
| # Purpose: Automatically publishes new releases when changes are pushed to main. | |
| # Uses 'auto' tool for semantic versioning and changelog generation. | |
| # | |
| # Triggers: | |
| # - Push to main branch | |
| # | |
| # Features: | |
| # - Semantic versioning based on commit messages | |
| # - Automated changelog generation | |
| # - NPM package publishing | |
| # - GitHub release creation | |
| # - Skip mechanism to prevent infinite loops | |
| # | |
| # Dependencies: | |
| # - auto (https://intuit.github.io/auto/) | |
| # - NPM_TOKEN secret for package publishing | |
| # - GH_TOKEN for GitHub operations | |
| name: Release | |
| # Trigger on pushes to main branch | |
| on: | |
| push: | |
| branches: [main] | |
| # Prevent multiple releases from running simultaneously | |
| concurrency: | |
| group: release-${{ github.ref }} | |
| cancel-in-progress: false # Don't cancel releases | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| # CRITICAL: Prevent infinite loop - skip if commit message contains 'ci skip' or 'skip ci' | |
| # This is necessary because 'auto' creates commits, which would trigger this workflow again | |
| if: "!contains(github.event.head_commit.message, 'ci skip') && !contains(github.event.head_commit.message, 'skip ci')" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false # Security: Prevent credential leakage | |
| # Fetch complete git history and tags for accurate version calculation | |
| - name: Prepare repository | |
| run: git fetch --unshallow --tags | |
| # Install specific pnpm version for consistency | |
| # IMPORTANT: Must install pnpm before Node.js setup to enable caching | |
| - uses: pnpm/action-setup@v4 | |
| name: Install pnpm | |
| with: | |
| version: 10.11.0 | |
| run_install: false # We'll install manually later | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| cache: 'pnpm' # Cache pnpm dependencies (requires pnpm to be installed first) | |
| # Cache pnpm store for faster installs | |
| - name: Get pnpm store directory | |
| shell: bash | |
| run: | | |
| echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV | |
| - uses: actions/cache@v4 | |
| name: Setup pnpm cache | |
| with: | |
| path: ${{ env.STORE_PATH }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| # Install all monorepo dependencies | |
| - name: Install dependencies | |
| run: pnpm install | |
| # Build CLI package (required for release) | |
| - name: Build CLI | |
| run: npx tsup | |
| # Run auto to handle versioning, changelog, and publishing | |
| - name: Create Release | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # For GitHub releases and commits | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} # For NPM package publishing | |
| run: npx auto shipit | |
| # Continue on error to prevent workflow failures if release already exists | |
| continue-on-error: true |