From 7f9fe6ad4cbbf175eadf5ca9a8cde3d24c124a1f Mon Sep 17 00:00:00 2001 From: maelcaldas Date: Fri, 27 Mar 2026 10:36:10 -0300 Subject: [PATCH] chore(ci): simplify release and dependabot flow --- .github/workflows/bkper-cli-delivery.yml | 37 ++++++++------- .../dependabot-automerge-pi-patch.yml | 31 ++++++++----- .../workflows/dependabot-release-labels.yml | 46 ------------------- README.md | 13 ------ 4 files changed, 39 insertions(+), 88 deletions(-) delete mode 100644 .github/workflows/dependabot-release-labels.yml diff --git a/.github/workflows/bkper-cli-delivery.yml b/.github/workflows/bkper-cli-delivery.yml index 8a67ff0..39b2d9f 100644 --- a/.github/workflows/bkper-cli-delivery.yml +++ b/.github/workflows/bkper-cli-delivery.yml @@ -37,15 +37,18 @@ jobs: release: needs: build-and-unit-test - if: github.event_name == 'push' && github.ref == 'refs/heads/main' && github.actor != 'github-actions[bot]' + if: github.event_name == 'push' && github.ref == 'refs/heads/main' runs-on: ubuntu-latest + concurrency: + group: release-main + cancel-in-progress: false permissions: contents: write pull-requests: read id-token: write steps: - - name: Determine release level from merged PR labels + - name: Determine release level from PR labels associated with this commit id: release_level uses: actions/github-script@v7 with: @@ -53,20 +56,20 @@ jobs: const owner = context.repo.owner; const repo = context.repo.repo; const commitSha = context.sha; - - const { data: pulls } = await github.rest.pulls.list({ + const levelByLabel = { + 'release:patch': 'patch', + 'release:minor': 'minor', + 'release:major': 'major', + }; + const orderedLabels = ['release:major', 'release:minor', 'release:patch']; + + const { data: pulls } = await github.rest.repos.listPullRequestsAssociatedWithCommit({ owner, repo, - state: 'closed', - base: 'main', - sort: 'updated', - direction: 'desc', - per_page: 100, + commit_sha: commitSha, }); - const mergedPr = pulls.find( - pr => pr.merged_at && pr.merge_commit_sha === commitSha - ); + const mergedPr = pulls.find(pr => pr.merged_at && pr.base?.ref === 'main'); if (!mergedPr) { core.info('No merged PR associated with this commit. Skipping release.'); @@ -74,12 +77,12 @@ jobs: return; } - const labels = (mergedPr.labels ?? []).map(label => label.name); - let level = 'none'; + const labels = (mergedPr.labels ?? []) + .map(label => typeof label === 'string' ? label : label.name) + .filter(Boolean); - if (labels.includes('release:major')) level = 'major'; - else if (labels.includes('release:minor')) level = 'minor'; - else if (labels.includes('release:patch')) level = 'patch'; + const selectedLabel = orderedLabels.find(label => labels.includes(label)) ?? null; + const level = selectedLabel ? levelByLabel[selectedLabel] : 'none'; core.info(`Merged PR: #${mergedPr.number} (${mergedPr.html_url})`); core.info(`Labels: ${labels.join(', ') || '(none)'}`); diff --git a/.github/workflows/dependabot-automerge-pi-patch.yml b/.github/workflows/dependabot-automerge-pi-patch.yml index 692988f..0c561d9 100644 --- a/.github/workflows/dependabot-automerge-pi-patch.yml +++ b/.github/workflows/dependabot-automerge-pi-patch.yml @@ -1,28 +1,35 @@ -name: Dependabot automerge (Pi) +name: Dependabot Pi patch on: pull_request_target: - types: [opened, synchronize, reopened, labeled] + types: [opened, synchronize, reopened] permissions: contents: write pull-requests: write jobs: - automerge: + patch: if: github.actor == 'dependabot[bot]' runs-on: ubuntu-latest steps: - - name: Fetch Dependabot metadata - id: metadata - uses: dependabot/fetch-metadata@v2 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - - name: Enable auto-merge for Pi updates - if: contains(steps.metadata.outputs.dependency-names, '@mariozechner/pi-coding-agent') + - name: Apply patch release label env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} PR_URL: ${{ github.event.pull_request.html_url }} - run: gh pr merge --auto --squash "$PR_URL" + run: gh pr edit "$PR_URL" --add-label "release:patch" + + - name: Enable auto-merge + env: + GH_TOKEN: ${{ secrets.BKPER_AUTOMERGE_TOKEN }} + PR_URL: ${{ github.event.pull_request.html_url }} + run: | + set -euo pipefail + + if [[ -z "${GH_TOKEN:-}" ]]; then + echo "BKPER_AUTOMERGE_TOKEN secret is required to enable Dependabot auto-merge without suppressing the downstream main push release workflow." + exit 1 + fi + + gh pr merge --auto --squash "$PR_URL" diff --git a/.github/workflows/dependabot-release-labels.yml b/.github/workflows/dependabot-release-labels.yml deleted file mode 100644 index c79728f..0000000 --- a/.github/workflows/dependabot-release-labels.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: Dependabot release labels - -on: - pull_request_target: - types: [opened, synchronize, reopened] - -permissions: - pull-requests: write - contents: read - -jobs: - label: - if: github.actor == 'dependabot[bot]' - runs-on: ubuntu-latest - - steps: - - name: Fetch Dependabot metadata - id: metadata - uses: dependabot/fetch-metadata@v2 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - - name: Ensure release labels exist - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - gh label create "release:patch" --color 0e8a16 --description "Publish patch version" || true - gh label create "release:minor" --color 1d76db --description "Publish minor version" || true - gh label create "release:major" --color b60205 --description "Publish major version" || true - gh label create "deps:pi" --color 5319e7 --description "Pi dependency update" || true - - - name: Apply Pi dependency labels - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PR_URL: ${{ github.event.pull_request.html_url }} - DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }} - run: | - set -euo pipefail - - if [[ "$DEPENDENCY_NAMES" != *"@mariozechner/pi-coding-agent"* ]]; then - echo "Non-Pi dependency update. No release label applied." - exit 0 - fi - - gh pr edit "$PR_URL" --add-label "deps:pi" --add-label "release:patch" - echo "Applied labels: deps:pi, release:patch" diff --git a/README.md b/README.md index 2a8ddd9..11941f7 100644 --- a/README.md +++ b/README.md @@ -912,16 +912,3 @@ Bkper.setConfig({ oauthTokenProvider: async () => getOAuthToken(), }); ``` - -## Documentation - -- [Developer Docs] -- [App Template] - -## Release process (maintainers) - -Releases are published by GitHub Actions (Trusted Publisher with OIDC), not from local machines. - -- Merge a PR into `main` with one release label: `release:patch`, `release:minor`, or `release:major` -- On `main` push, CI determines the merged PR label, bumps `package.json` version, tags, and publishes to npm -- Without a release label, publish is skipped