mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2026-06-28 09:55:39 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
be60cd63eb264ec8445b45fc7a74cbc2f340614f
pnpm/.github/workflows/create-release-pr.yml
Zoltan Kochan fc2f33912e refactor: move the TypeScript pnpm CLI into a pnpm11/ directory (#12537) 
The TypeScript pnpm CLI freezes at v11; pnpm 12 will be the Rust pacquet
port. To make that split legible, all TypeScript source, test, and build
directories move under a new top-level pnpm11/ directory. The name states
the version boundary rather than implying a behavioral fork, since the two
stacks are meant to behave identically.

Scope is source-only: the shared workspace root stays at the repo root.
pnpm-workspace.yaml, package.json, pnpm-lock.yaml, .pnpmfile.cjs,
.meta-updater, __patches__, .changeset, .husky, and the lint/spell configs
remain in place, so one pnpm workspace and one Cargo workspace still span
all three products. pnpr/client and pacquet/tasks/registry-mock stay as
cross-product workspace members.

Rewiring the move required:
- pnpm-workspace.yaml globs prefixed with pnpm11/
- root package.json script paths, eslint.config.mjs, tsconfig.lint.json,
  .gitignore, and CODEOWNERS updated
- .meta-updater/src/index.ts literals repointed (pnpm11/pnpm/package.json,
  pnpm11/__utils__, pnpm11/__typings__, and the main package directory)
- regenerated every moved package's repository/homepage URL via meta-updater
- pnpm11/pnpm/bundle-deps.ts and __utils__/scripts/src/typecheck-only.ts
  climb one more level to reach the repo root

.meta-updater stays at the repo root because @pnpm/meta-updater resolves
its config at <cwd>/.meta-updater/main.mjs.

TS CI (.github/workflows/ci.yml) now only runs when pnpm11/-relevant paths
change, via a dorny/paths-filter changes job plus a TS CI / Success
aggregate gate; branch protection should require only that gate.
2026-06-20 14:36:25 +02:00

120 lines
4.8 KiB
YAML
Raw Blame History

name: Create Release PR
on:
workflow_dispatch:
inputs:
target:
description: Branch to release (the PR base; e.g. main or release/11.1).
default: main
required: true
permissions:
contents: write
pull-requests: write
# Serialize per target so two dispatches for the same branch can't race on the
# force-pushed release-pr/<target> branch.
concurrency:
group: create-release-pr-${{ github.event.inputs.target }}
cancel-in-progress: false
jobs:
create-release-pr:
if: github.repository == 'pnpm/pnpm' # Only run on the main repository, not forks
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
# Don't persist the write-scoped token in .git/config; the install below
# runs third-party lifecycle scripts. Pushing is done with an explicit,
# single-use remote URL in the "Commit and push" step.
persist-credentials: false
- name: Install pnpm and Node
uses: pnpm/setup@b1cac37306e39c21283b9dd6cb0ac288fb35ba6b
with:
runtime: node@26.3.0
# Base the release on the tip of the target branch, fetched explicitly so the
# run is correct even when dispatched from another ref. The release-pr/<target>
# name is the convention `pnpm bump` reads to key the .changeset-released ledger
# by the target branch instead of this ephemeral PR branch. A force-push reuses
# an already-open release PR for the same target rather than opening a second.
- name: Prepare release branch
env:
TARGET: ${{ github.event.inputs.target }}
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git fetch origin "$TARGET"
git checkout -B "release-pr/$TARGET" FETCH_HEAD
# Fail the release if the npm registry signing keys embedded in
# @pnpm/deps.security.signatures have drifted from what npm advertises. pnpm
# verifies package-manager binaries (pacquet, the version-switch pnpm) against
# these keys, so a stale set could break verification after a key rotation.
- name: Check embedded npm signing keys are up to date
run: node pnpm11/deps/security/signatures/scripts/update-npm-signing-keys.mjs
# Fail the release if the embedded Node.js release keys (used to verify the
# signature of a downloaded runtime's SHASUMS256.txt) have drifted from the
# canonical nodejs/release-keys list, so a new release signer cannot silently
# break Node.js runtime verification.
- name: Check embedded Node.js release keys are up to date
run: node pnpm11/crypto/shasums-file/scripts/update-node-release-keys.mjs
# Consumes the pending changesets: bumps versions, writes changelogs, updates
# the ledger, and syncs manifests. A no-op (no pending changesets) leaves the
# tree clean and the steps below skip.
- name: Bump versions
run: pnpm bump
- name: Check for changes
id: changes
run: |
if [ -z "$(git status --porcelain)" ]; then
echo "changed=false" >> "$GITHUB_OUTPUT"
else
echo "changed=true" >> "$GITHUB_OUTPUT"
fi
- name: Read new pnpm version
id: version
if: steps.changes.outputs.changed == 'true'
run: echo "version=$(node -p "require('./pnpm11/pnpm/package.json').version")" >> "$GITHUB_OUTPUT"
- name: Commit and push
if: steps.changes.outputs.changed == 'true'
env:
GH_TOKEN: ${{ secrets.UPDATE_LOCKFILE_TOKEN }}
TARGET: ${{ github.event.inputs.target }}
VERSION: ${{ steps.version.outputs.version }}
run: |
git add -A
git commit -m "chore(release): ${VERSION}"
git push -f "https://x-access-token:${GH_TOKEN}@github.com/${GITHUB_REPOSITORY}.git" "release-pr/$TARGET"
- name: Create PR if needed
if: steps.changes.outputs.changed == 'true'
env:
GH_TOKEN: ${{ secrets.UPDATE_LOCKFILE_TOKEN }}
TARGET: ${{ github.event.inputs.target }}
VERSION: ${{ steps.version.outputs.version }}
run: |
BRANCH="release-pr/$TARGET"
# An already-open PR now points at the freshly force-pushed branch, so
# there is nothing more to do.
if [ -n "$(gh pr list --head "$BRANCH" --state open --json number --jq '.[].number')" ]; then
echo "PR already exists; the new versions were force-pushed to it"
else
gh pr create \
--title "chore(release): ${VERSION}" \
--body "Automated release PR created by the create-release-pr workflow.
Releasing \`${TARGET}\` as pnpm v${VERSION}. Merging this PR consumes the pending changesets and records them in the \`.changeset-released\` ledger under \`${TARGET}\`." \
--base "$TARGET" \
--head "$BRANCH"
fi
Reference in New Issue View Git Blame Copy Permalink