name: Release on: release: types: [released, prereleased] permissions: id-token: write # This is required for requesting the JWT contents: write packages: write jobs: build-and-publish: runs-on: ubuntu-latest steps: # --- Checkout code --- - name: Checkout Code uses: actions/checkout@v4 with: fetch-depth: 0 # --- Setup Deno --- - name: Setup Deno uses: denoland/setup-deno@v2 with: deno-version: v2.x - name: Cache Deno Dependencies uses: actions/cache@v4 with: path: ~/.cache/deno key: ${{ runner.os }}-deno-${{ hashFiles('**/deno.lock') }} restore-keys: | ${{ runner.os }}-deno- # --- Determine Changed Packages --- - name: Get Changed Package Directories id: changed_packages uses: tj-actions/changed-files@v46 with: dir_names: true files: packages/** files_ignore: "packages/web/**,packages/transport-deno/npm/**" # --- Setup Node for NPM Publishing --- - name: Setup Node.js if: steps.changed_packages.outputs.all_changed_and_modified_files != '' uses: actions/setup-node@v4 with: node-version: 22 registry-url: "https://registry.npmjs.org" - name: Verify NPM Authentication if: steps.changed_packages.outputs.all_changed_and_modified_files != '' run: npm whoami env: NPM_TOKEN: ${{ secrets.NPM_TOKEN }} # --- Build and Publish Packages to NPM & JSR --- - name: Build and Publish Changed Packages if: steps.changed_packages.outputs.all_changed_and_modified_files != '' run: | set -euo pipefail excluded=("packages/web packages/transport-deno") for pkg_dir in ${{ steps.changed_packages.outputs.all_changed_and_modified_files }}; do echo "Building for NPM..." deno task build:npm "$pkg_dir" echo "Publishing to NPM..." npm publish "$pkg_dir/npm" --access public echo "Publishing to JSR..." # We run this in a subshell to change directory just for this command. # --allow-dirty is necessary because the 'npm' build directory is untracked. (cd "$pkg_dir" && deno publish --allow-dirty) done env: NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - name: No Packages Changed if: steps.changed_packages.outputs.all_changed_and_modified_files == '' run: echo "No changed packages detected. Skipping publish." # --- Web Package Specific Tasks --- - name: Check for Web Package Changes id: web_changes run: | if [[ "${{ steps.changed_packages.outputs.all_changed_and_modified_files }}" == *"packages/web"* ]]; then echo "web_changed=true" >> $GITHUB_OUTPUT else echo "web_changed=false" >> $GITHUB_OUTPUT fi - name: Run Web App Tests if: steps.web_changes.outputs.web_changed == 'true' working-directory: packages/web run: deno task test - name: Create Web App Release Archive if: steps.web_changes.outputs.web_changed == 'true' working-directory: packages/web run: deno task package # Generates dist/build.tar - name: Upload Web App Archive if: steps.web_changes.outputs.web_changed == 'true' uses: actions/upload-artifact@v4 with: name: web-build if-no-files-found: error path: packages/web/dist/build.tar - name: Attach Web Archive to GitHub Release if: steps.web_changes.outputs.web_changed == 'true' run: gh release upload ${{ github.event.release.tag_name }} packages/web/dist/build.tar env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # --- Build & Push Container Image --- - name: Set up QEMU if: steps.web_changes.outputs.web_changed == 'true' uses: docker/setup-qemu-action@v3 - name: Build Container Image if: steps.web_changes.outputs.web_changed == 'true' id: build-container uses: redhat-actions/buildah-build@v2 with: containerfiles: | ./infra/Containerfile image: ghcr.io/${{ github.repository }} tags: latest, ${{ github.event.release.tag_name }} oci: true platforms: linux/amd64, linux/arm64 - name: Push Container to GHCR id: push-to-registry if: steps.web_changes.outputs.web_changed == 'true' uses: redhat-actions/push-to-registry@v2 with: image: ${{ steps.build-container.outputs.image }} tags: ${{ steps.build-container.outputs.tags }} registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Output Image URL if: steps.web_changes.outputs.web_changed == 'true' run: echo "Image pushed to ${{ steps.push-to-registry.outputs.registry-paths }}"