Skip to content

ci(release)!: unify release+publish with the rest of the ecosystem#25

Merged
rlueder merged 1 commit intomainfrom
ci/unify-release-with-ecosystem
Apr 23, 2026
Merged

ci(release)!: unify release+publish with the rest of the ecosystem#25
rlueder merged 1 commit intomainfrom
ci/unify-release-with-ecosystem

Conversation

@rlueder
Copy link
Copy Markdown
Member

@rlueder rlueder commented Apr 23, 2026

Summary

  • ci.yml passa a orquestrar checksreleasepublish (mesma forma de datasus-brasil / fhir-brasil / medbench-brasil / platform). Resolve o CI rodando checks e semantic-release em paralelo no push para main.
  • Adicionado _release.yml reusável (cópia canônica: guard de packages_changed, GitHub App token para tag/commit, outputs released/version/release_sha) e _publish.yml reusável (pinado ao release_sha, checagem idempotente via npm view, --provenance).
  • .releaserc.cjs deixa de publicar inline — o pnpm publish agora roda em _publish.yml contra o SHA do commit de release.
  • release.yml standalone removido (o cron semanal era no-op porque docs/ci/chore não promovem release) junto com a entrada no templates.manifest.yml.

Operational note

_release.yml usa secrets.RELEASE_APP_ID / RELEASE_APP_PRIVATE_KEY (mesma GitHub App já usada pelos outros quatro repos). Confirmar que os secrets estão herdados no nível de org antes do merge.

Breaking change

Marcado como ! porque muda o caminho de publicação (quem publica passa de semantic-release em release.yml para _publish.yml chamado por ci.yml). Nenhuma mudança de API nos pacotes publicados.

Test plan

  • Merge para mainCI/CD dispara, checks roda primeiro, release só começa após checks passar
  • release detecta mudança em packages/** e roda semantic-release, criando o chore(release) commit + tag
  • publish roda depois, com if: needs.release.outputs.released == 'true', e publica os 9 pacotes com provenance
  • Um push só com mudanças em docs (sem packages/**) faz o release pular (guard packages_changed)

@rlueder
ci(release)!: unify release+publish with the rest of the ecosystem
0220dfb 
- Move semantic-release para _release.yml reusável (guard de
  packages_changed + GitHub App token), chamado por ci.yml após o
  job `checks`
- Adicionar _publish.yml pinado ao release_sha, com checagem
  idempotente por pacote e provenance
- Remover publishCmd inline do .releaserc.cjs (agora .github/
  workflows/_publish.yml é o responsável por publicar)
- Remover release.yml standalone (cron semanal era no-op) e a
  entrada correspondente em templates.manifest.yml

Resolve o CI rodando checks e release em paralelo no push para main.
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 23, 2026

Automated Review — Round 1

Summary

The PR introduces new workflow files for publishing packages and managing releases using semantic-release. However, there are potential issues with error handling and npm authentication that need to be addressed to ensure robustness and security.

Changes

  • Added new workflows for publishing and releasing packages.
  • Removed the standalone release workflow in favor of a reusable approach.

🔍 Found 3 suggestions (see inline comments)

Reviewed by OpenAI gpt-4o-mini (fallback) | 5,437 in / 213 out | $0.0009 — Round 1 of 2

github-actions[bot]
github-actions Bot reviewed Apr 23, 2026
View reviewed changes
Comment thread .github/workflows/_publish.yml
github-actions[bot]
github-actions Bot reviewed Apr 23, 2026
View reviewed changes
Comment thread .github/workflows/_release.yml
github-actions[bot]
github-actions Bot reviewed Apr 23, 2026
View reviewed changes
Comment thread .github/workflows/ci.yml
@rlueder rlueder merged commit b1321b6 into main Apr 23, 2026
10 checks passed
@rlueder rlueder deleted the ci/unify-release-with-ecosystem branch April 23, 2026 15:19
rlueder added a commit that referenced this pull request Apr 24, 2026
@rlueder
ci(release)!: unify release+publish with the rest of the ecosystem (#25)
55942e3 
- Move semantic-release para _release.yml reusável (guard de
  packages_changed + GitHub App token), chamado por ci.yml após o
  job `checks`
- Adicionar _publish.yml pinado ao release_sha, com checagem
  idempotente por pacote e provenance
- Remover publishCmd inline do .releaserc.cjs (agora .github/
  workflows/_publish.yml é o responsável por publicar)
- Remover release.yml standalone (cron semanal era no-op) e a
  entrada correspondente em templates.manifest.yml

Resolve o CI rodando checks e release em paralelo no push para main.
precisa-saude-release-bot Bot pushed a commit that referenced this pull request Apr 24, 2026
@semantic-release-bot
chore(release): 1.6.1 [skip ci]
0d151a8 
## [1.6.1](v1.6.0...v1.6.1) (2026-04-24)

### ⚠ BREAKING CHANGES

* **release:** unify release+publish with the rest of the ecosystem (#25)

### Bug Fixes

* **cli:** nota sobre higiene de templates no copy-templates ([131eb43](131eb43))
* **templates:** usar contexto do repo atual no pr-review-responder ([c1dde13](c1dde13))

### CI/CD

* **release:** unify release+publish with the rest of the ecosystem ([#25](#25)) ([55942e3](55942e3))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rlueder