[infra] Patch release scripting (#3072)

This PR adds tooling to enable a PR-based workflow for publishing
'patch' releases.

### How releases currently work

Quick recap of how the 'major' and 'minor' releases work:

- You trigger them manually in the github actions UI
- It only works on the `main` branch.
- You select a mode: `'major'`, `'minor'`, or `'override'` with a
specific version. The override option is mainly for transitioning in and
out of prerelease mode, but potentially also skipping unlucky numbers
like 13 if you're feeling superstitious 🧙🏼
- It bumps the version numbers in the `package.json` and `version.ts`
files.
- It compiles a changelog based on descriptions/titles from all the PRs
that have gone in to `main`.
- It tags the commit with the version number e.g. `v2.0.0` and pushes
all the changes made to `main` (i.e. changelogs, version bumps and the
tag)
- It creates a github release, e.g.
https://github.com/tldraw/tldraw/releases/tag/v2.0.0
- It deploys the packages to npm
- It tells huppy bot about the release (for now-defunct purposes, we can
remove that code later)
- It triggers the template repo update workflow

### Introducing: Release Branches

This PR adds one step into the above process: creating a 'release'
branch. e.g. if it publishes a new version tagged `v2.1.0` it will also
create a branch named `v2.1.x`.

These branches are protected in the following ways:
- Only huppy bot can create or delete them (ad-hoc admin overrides are,
of course, still doable should the need arise)
- Like `main` they can only be updated via pull request.

The process to create a patch release becomes simple:

1. Checkout the `v<major>.<minor>.x` branch you want to create a patch
release for. e.g.

       git fetch && git checkout v2.1.x

4. Branch off, e.g.

       git checkout -b david/my-patch-release

6. Cherry-pick any commits you need from `main` into your branch,
resolving any conflicts if they arise. **important**: don't do new work
here because it won't be merged back into `main` automatically. Fix the
thing in `main` first and then cherry-pick, unless you're in a big rush
or whatever. e.g.

       git cherry-pick abdeaf234 cde234d09 ab23af287
       
7. Push your new branch to github as normal and make a PR targeting the
`v<major>.<minor>.x` branch.

8. Merge it.

Congratulations, you just triggered a patch release build.

### What happens (differently) during a patch release build.

 A key thing to understand here is that **this script allows us to
deploy patch versions of _older_ major/minor releases**. This will
happen when we have customers pinned to older versions and they need a
quick bugfix but don't have time to upgrade to the latest due to some
breaking change. This will also happen if we ever adopt a kind of 'LTS'
release model.

With that said, here's how things go down differently:

- Firstly, the build happens automatically after the PR is merged, and
you don't select 'major' or 'minor' or anything, it just does its thing.
- It bumps the version numbers in the `package.json` files and the
`version.ts` files but these changes stay within the release branch,
they don't get propagated to `main` (nor should they).
- It compiles a changelog entry featuring just your one PR's
description/title, and also pushes this to the release branch (but not
`main`).
- It still tags the commit and creates a github release as normal.
- It still deploys the packages to npm (obvs). HOWEVER it only uses the
`latest` tag if this will indeed be the latest version of the public
packages. Otherwise, if we're patching an older release, it uses the
`revision` tag. Unfortunately it doesn't seem to be an option to deploy
with _no_ tag, but using `revision` still allows version strings like
`~2.0.0` to capture subsequent patch releases like `2.0.3`.
- Similarly it _only_ notifies huppy bot and _only_ triggers the
template repo update if the version being deployed is actually the
latest version.

I'm going to merge this now to test it out but I'd still appreciate
reviews.
This commit is contained in:
David Sheldrick 2024-03-05 16:05:22 +00:00 committed by GitHub
parent a07561e662
commit 9058a483be
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 213 additions and 6 deletions

View file

@ -2,6 +2,10 @@ name: (Re)Publish public packages manually
# This only attempts to publish the public packages to npm. # This only attempts to publish the public packages to npm.
# It does not bump the version, it does not update the changelogs, it does not create a github release. # It does not bump the version, it does not update the changelogs, it does not create a github release.
# Prevent more than one non-canary npm publishing job from running at the same time
concurrency:
group: npm-publish
# Package publishing is manually triggered on github actions dashboard # Package publishing is manually triggered on github actions dashboard
on: workflow_dispatch on: workflow_dispatch
@ -12,6 +16,9 @@ jobs:
timeout-minutes: 15 timeout-minutes: 15
runs-on: ubuntu-latest-16-cores-open runs-on: ubuntu-latest-16-cores-open
outputs:
is_latest_version: ${{ steps.publish_step.outputs.is_latest_version }}
steps: steps:
- name: Check out code - name: Check out code
uses: actions/checkout@v3 uses: actions/checkout@v3
@ -20,6 +27,7 @@ jobs:
uses: ./.github/actions/setup uses: ./.github/actions/setup
- name: Publish - name: Publish
id: publish_step
run: yarn tsx ./scripts/publish-manual.ts run: yarn tsx ./scripts/publish-manual.ts
env: env:
GH_TOKEN: ${{ github.token }} GH_TOKEN: ${{ github.token }}
@ -28,9 +36,8 @@ jobs:
publish_templates: publish_templates:
name: Publishes code templates to separate repositories name: Publishes code templates to separate repositories
uses: tldraw/tldraw/.github/workflows/publish-templates.yml@main uses: tldraw/tldraw/.github/workflows/publish-templates.yml@main
if: ${{ needs.deploy.outputs.is_latest_version == 'true' }}
secrets: secrets:
VITE_TEMPLATE_REPO_SSH_DEPLOY_KEY: ${{ secrets.VITE_TEMPLATE_REPO_SSH_DEPLOY_KEY }} VITE_TEMPLATE_REPO_SSH_DEPLOY_KEY: ${{ secrets.VITE_TEMPLATE_REPO_SSH_DEPLOY_KEY }}
NEXTJS_TEMPLATE_REPO_SSH_DEPLOY_KEY: ${{ secrets.NEXTJS_TEMPLATE_REPO_SSH_DEPLOY_KEY }} NEXTJS_TEMPLATE_REPO_SSH_DEPLOY_KEY: ${{ secrets.NEXTJS_TEMPLATE_REPO_SSH_DEPLOY_KEY }}
needs: [ needs: deploy
deploy
]

View file

@ -1,6 +1,10 @@
name: Publish new packages from main name: Publish new packages from main
# This bumps the version, updates the changelogs, publishes a GitHub release, and publishes the packages to npm. # This bumps the version, updates the changelogs, publishes a GitHub release, and publishes the packages to npm.
# Prevent more than one non-canary npm publishing job from running at the same time
concurrency:
group: npm-publish
# Package publishing is manually triggered on github actions dashboard # Package publishing is manually triggered on github actions dashboard
on: on:
workflow_dispatch: workflow_dispatch:

61
.github/workflows/publish-patch.yml vendored Normal file
View file

@ -0,0 +1,61 @@
name: Publish patch release
# This bumps the patch version, updates the changelogs in the release branch only, publishes a GitHub release, and publishes the packages to npm.
# Prevent more than one non-canary npm publishing job from running at the same time
concurrency:
group: npm-publish
# Package publishing is manually triggered on github actions dashboard
on:
push:
branches:
- 'v[0-9]*.[0.9]*.x'
jobs:
deploy:
name: Publish patch release
environment: npm deploy
timeout-minutes: 15
runs-on: ubuntu-latest-16-cores-open
outputs:
is_latest_version: ${{ steps.publish_step.outputs.is_latest_version }}
steps:
- name: Generate GH token
id: generate_token
uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
with:
app_id: ${{ secrets.HUPPY_APP_ID }}
private_key: ${{ secrets.HUPPY_APP_PRIVATE_KEY }}
- name: Check out code
uses: actions/checkout@v3
with:
token: ${{ steps.generate_token.outputs.token }}
- name: Prepare repository
# Fetch full git history and tags for auto
run: git fetch --unshallow --tags
- name: Run our setup
uses: ./.github/actions/setup
- name: Publish
id: publish_step
run: |
git config --global user.name 'huppy-bot[bot]'
git config --global user.email '128400622+huppy-bot[bot]@users.noreply.github.com'
yarn tsx ./scripts/publish-patch.ts
env:
GH_TOKEN: ${{ steps.generate_token.outputs.token }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
HUPPY_TOKEN: ${{ secrets.HUPPY_TOKEN }}
publish_templates:
name: Publishes code templates to separate repositories
uses: tldraw/tldraw/.github/workflows/publish-templates.yml@main
if: ${{ needs.deploy.outputs.is_latest_version == 'true' }}
secrets:
VITE_TEMPLATE_REPO_SSH_DEPLOY_KEY: ${{ secrets.VITE_TEMPLATE_REPO_SSH_DEPLOY_KEY }}
NEXTJS_TEMPLATE_REPO_SSH_DEPLOY_KEY: ${{ secrets.NEXTJS_TEMPLATE_REPO_SSH_DEPLOY_KEY }}
needs: deploy

View file

@ -1,8 +1,22 @@
import { publish } from './lib/publishing' import { appendFileSync } from 'fs'
import { exec } from './lib/exec'
import { getLatestVersion, publish } from './lib/publishing'
// This expects the package.json files to be in the correct state. // This expects the package.json files to be in the correct state.
// You might want to run this locally after a failed publish attempt on CI. // You might want to run this locally after a failed publish attempt on CI.
// Or if you need to hotfix a package it might be desirable to run this. // Or if you need to hotfix a package it might be desirable to run this.
// Generate a npm automation token and run this with the NPM_TOKEN env var set. // Generate a npm automation token and run this with the NPM_TOKEN env var set.
async function main() {
const latestVersionInBranch = await getLatestVersion()
const latestVersionOnNpm = (await exec('npm', ['show', 'tldraw', 'version'])).trim()
const isLatestVersion = latestVersionInBranch.format() === latestVersionOnNpm
if (process.env.GITHUB_OUTPUT) {
appendFileSync(process.env.GITHUB_OUTPUT, `is_latest_version=${isLatestVersion}\n`)
}
publish() publish()
}
main()

View file

@ -70,6 +70,8 @@ async function main() {
const releaseType = getReleaseType() const releaseType = getReleaseType()
const nextVersion = await getNextVersion(releaseType) const nextVersion = await getNextVersion(releaseType)
const isPrerelease = parse(nextVersion)!.prerelease.length > 0
console.log('Releasing version', nextVersion) console.log('Releasing version', nextVersion)
await setAllVersions(nextVersion) await setAllVersions(nextVersion)
@ -111,10 +113,18 @@ async function main() {
title: `v${nextVersion}`, title: `v${nextVersion}`,
}) })
const gitTag = `v${nextVersion}`
// create and push a new tag // create and push a new tag
await exec('git', ['tag', '-f', `v${nextVersion}`]) await exec('git', ['tag', '-f', gitTag])
await exec('git', ['push', '--follow-tags']) await exec('git', ['push', '--follow-tags'])
// create new 'release' branch called e.g. v2.0.x or v4.3.x, for making patch releases
if (!isPrerelease) {
const { major, minor } = parse(nextVersion)!
await exec('git', ['push', 'origin', `${gitTag}:refs/heads/v${major}.${minor}.x`])
}
// create a release on github // create a release on github
await auto.runRelease({ useVersion: nextVersion }) await auto.runRelease({ useVersion: nextVersion })

111
scripts/publish-patch.ts Normal file
View file

@ -0,0 +1,111 @@
import { Auto } from '@auto-it/core'
import fetch from 'cross-fetch'
import glob from 'glob'
import { assert } from 'node:console'
import { appendFileSync } from 'node:fs'
import { exec } from './lib/exec'
import { nicelog } from './lib/nicelog'
import { getLatestVersion, publish, setAllVersions } from './lib/publishing'
import { getAllWorkspacePackages } from './lib/workspace'
async function main() {
const huppyToken = process.env.HUPPY_TOKEN
assert(huppyToken && typeof huppyToken === 'string', 'HUPPY_ACCESS_KEY env var must be set')
const latestVersionInBranch = await getLatestVersion()
const latestVersionOnNpm = (await exec('npm', ['show', 'tldraw', 'version'])).trim()
const isLatestVersion = latestVersionInBranch.format() === latestVersionOnNpm
if (process.env.GITHUB_OUTPUT) {
appendFileSync(process.env.GITHUB_OUTPUT, `is_latest_version=${isLatestVersion}\n`)
}
const nextVersion = latestVersionInBranch.inc('patch').format()
// check we're on the main branch on HEAD
const currentBranch = (await exec('git', ['rev-parse', '--abbrev-ref', 'HEAD'])).toString().trim()
if (currentBranch !== `v${latestVersionInBranch.major}.${latestVersionInBranch.minor}.x`) {
throw new Error('Branch name does not match expected format: v{major}.{minor}.x')
}
// we could probably do this a lot earlier in the yml file but 🤷‍♂️
const numberOfCommitsSinceBranch = Number(
(await exec('git', ['rev-list', '--count', `HEAD`, '^main'])).toString().trim()
)
if (numberOfCommitsSinceBranch === 0) {
// Skip release if there are no commits since this branch was created during the initial release
// for this <major>.<minor> version.
nicelog('Initial push, skipping release')
return
}
nicelog('Releasing version', nextVersion)
await setAllVersions(nextVersion)
// stage the changes
const packageJsonFilesToAdd = []
for (const workspace of await getAllWorkspacePackages()) {
if (workspace.relativePath.startsWith('packages/')) {
packageJsonFilesToAdd.push(`${workspace.relativePath}/package.json`)
}
}
const versionFilesToAdd = glob.sync('**/*/version.ts', {
ignore: ['node_modules/**'],
follow: false,
})
console.log('versionFilesToAdd', versionFilesToAdd)
await exec('git', [
'add',
'--update',
'lerna.json',
...packageJsonFilesToAdd,
...versionFilesToAdd,
])
const auto = new Auto({
plugins: ['npm'],
baseBranch: currentBranch,
owner: 'tldraw',
repo: 'tldraw',
verbose: true,
disableTsNode: true,
})
await auto.loadConfig()
// this creates a new commit
await auto.changelog({
useVersion: nextVersion,
title: `v${nextVersion}`,
})
// create and push a new tag
await exec('git', ['tag', '-f', `v${nextVersion}`])
await exec('git', ['push', '--follow-tags'])
// create a release on github
await auto.runRelease({ useVersion: nextVersion })
// if we're on the latest version, publish to npm under 'latest' tag.
// otherwise we don't want to overwrite the latest tag, so we publish under 'revision'.
// semver rules will still be respected because there's no prerelease tag in the version,
// so clients will get the updated version if they have a range like ^1.0.0
await publish(isLatestVersion ? 'latest' : 'revision')
if (isLatestVersion) {
nicelog('Notifying huppy of release...')
const huppyResponse = await fetch('https://tldraw-repo-sync.fly.dev/api/on-release', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({ apiKey: huppyToken, tagToRelease: `v${nextVersion}`, canary: false }),
})
nicelog(
`huppy: [${huppyResponse.status} ${huppyResponse.statusText}] ${await huppyResponse.text()}`
)
}
}
main()