From a153c56eccfdc25784ba9d9a891e53b3da1613b2 Mon Sep 17 00:00:00 2001 From: Myles Scolnick Date: Tue, 12 May 2026 13:43:59 -0400 Subject: [PATCH 1/2] chore(ci): split release.yml into build/publish/release-notes/notify jobs --- .github/workflows/release.yml | 66 +++++++++++++++++++++++++++++------ 1 file changed, 56 insertions(+), 10 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e4136e0..b5b7fa1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,8 +1,7 @@ name: Release permissions: - id-token: write # Required for OIDC - contents: write + contents: read on: push: @@ -10,7 +9,7 @@ on: - "v*" jobs: - release: + build: runs-on: ubuntu-latest steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 @@ -24,10 +23,8 @@ jobs: uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: 22 - registry-url: "https://registry.npmjs.org" cache: pnpm - - name: 📥 Install dependencies run: pnpm install --frozen-lockfile @@ -61,20 +58,69 @@ jobs: echo "✅ Build artifacts validation passed" + - name: 📤 Upload package artifact + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + with: + name: package + path: | + dist/ + package.json + README.md + LICENSE + retention-days: 1 + if-no-files-found: error + + publish: + needs: build + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + steps: + - name: ⎔ Setup Node.js + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + with: + node-version: 24 + registry-url: "https://registry.npmjs.org" + + - name: 📥 Download package artifact + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 + with: + name: package + - name: 📦 Publish to NPM - run: npm publish + run: npm publish --ignore-scripts env: NODE_AUTH_TOKEN: "" # Clear placeholder set by setup-node to enable OIDC + release-notes: + needs: publish + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + with: + fetch-depth: 0 + + - name: ⎔ Setup Node.js + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + with: + node-version: 24 + - name: 📝 Update Changelog run: npx changelogithub env: - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + notify: + needs: [build, publish, release-notes] + if: always() + runs-on: ubuntu-latest + steps: - name: 📣 Notify release result - if: always() - uses: marimo-team/internal-gh-actions/release-notification@91f15bebd3f322db6717ba5a17983928a47ec991 # main + uses: marimo-team/internal-gh-actions/release-notification@ba06d4db1f3c5c9b86983ce409e57196f8376777 # main with: - status: ${{ job.status }} + status: ${{ (contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')) && 'failure' || 'success' }} slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL_RELEASES }} artifact-url: "https://npmjs.com/package/@marimo-team/codemirror-languageserver" From 344090c6ae7369aa806febcd69ce73eb4f05d42d Mon Sep 17 00:00:00 2001 From: Myles Scolnick Date: Tue, 12 May 2026 13:47:59 -0400 Subject: [PATCH 2/2] fix(ci): use pnpm publish --no-git-checks instead of npm publish --- .github/workflows/release.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b5b7fa1..c7f381b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -77,7 +77,10 @@ jobs: id-token: write contents: read steps: - - name: ⎔ Setup Node.js + - name: ⎔ Setup pnpm + uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 + + - name: ⎔ Setup Node.js uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: 24 @@ -89,7 +92,7 @@ jobs: name: package - name: 📦 Publish to NPM - run: npm publish --ignore-scripts + run: pnpm publish --no-git-checks --ignore-scripts env: NODE_AUTH_TOKEN: "" # Clear placeholder set by setup-node to enable OIDC