mirror of https://github.com/openclaw/openclaw.git
196 lines
6.5 KiB
YAML
196 lines
6.5 KiB
YAML
name: OpenClaw NPM Release
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- "v*"
|
|
workflow_dispatch:
|
|
inputs:
|
|
tag:
|
|
description: Release tag to publish (for example v2026.3.14, v2026.3.14-beta.1, or fallback v2026.3.14-1)
|
|
required: true
|
|
type: string
|
|
|
|
concurrency:
|
|
group: openclaw-npm-release-${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref }}
|
|
cancel-in-progress: false
|
|
|
|
env:
|
|
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
|
|
NODE_VERSION: "24.x"
|
|
PNPM_VERSION: "10.23.0"
|
|
|
|
jobs:
|
|
preview_openclaw_npm:
|
|
if: github.event_name == 'push'
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup Node environment
|
|
uses: ./.github/actions/setup-node-env
|
|
with:
|
|
node-version: ${{ env.NODE_VERSION }}
|
|
pnpm-version: ${{ env.PNPM_VERSION }}
|
|
install-bun: "false"
|
|
use-sticky-disk: "false"
|
|
|
|
- name: Print release plan
|
|
env:
|
|
RELEASE_TAG: ${{ github.ref_name }}
|
|
run: |
|
|
set -euo pipefail
|
|
RELEASE_SHA=$(git rev-parse HEAD)
|
|
PACKAGE_VERSION=$(node -p "require('./package.json').version")
|
|
if [[ "${RELEASE_TAG}" =~ ^v[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*-[1-9][0-9]*$ ]]; then
|
|
TAG_KIND="fallback correction"
|
|
else
|
|
TAG_KIND="standard"
|
|
fi
|
|
echo "Release plan for ${RELEASE_TAG}:"
|
|
echo "Resolved release SHA: ${RELEASE_SHA}"
|
|
echo "Resolved package version: ${PACKAGE_VERSION}"
|
|
echo "Resolved tag kind: ${TAG_KIND}"
|
|
if [[ "${TAG_KIND}" == "fallback correction" ]]; then
|
|
echo "Correction tag note: npm version remains ${PACKAGE_VERSION}"
|
|
fi
|
|
echo "Would run: git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main"
|
|
echo "Would run with env: RELEASE_SHA=${RELEASE_SHA} RELEASE_TAG=${RELEASE_TAG} RELEASE_MAIN_REF=origin/main pnpm release:openclaw:npm:check"
|
|
echo "Would run: npm view openclaw@${PACKAGE_VERSION} version"
|
|
echo "Would run: pnpm check"
|
|
echo "Would run: pnpm build"
|
|
echo "Would run: pnpm release:check"
|
|
|
|
- name: Validate release tag and package metadata
|
|
env:
|
|
RELEASE_TAG: ${{ github.ref_name }}
|
|
RELEASE_MAIN_REF: origin/main
|
|
run: |
|
|
set -euxo pipefail
|
|
RELEASE_SHA=$(git rev-parse HEAD)
|
|
export RELEASE_SHA RELEASE_TAG RELEASE_MAIN_REF
|
|
# Fetch the full main ref so merge-base ancestry checks keep working
|
|
# for older tagged commits that are still contained in main.
|
|
git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main
|
|
pnpm release:openclaw:npm:check
|
|
|
|
- name: Ensure version is not already published
|
|
env:
|
|
RELEASE_TAG: ${{ github.ref_name }}
|
|
run: |
|
|
set -euxo pipefail
|
|
PACKAGE_VERSION=$(node -p "require('./package.json').version")
|
|
IS_CORRECTION_TAG=0
|
|
if [[ "${RELEASE_TAG}" =~ ^v[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*-[1-9][0-9]*$ ]]; then
|
|
IS_CORRECTION_TAG=1
|
|
fi
|
|
|
|
if npm view "openclaw@${PACKAGE_VERSION}" version >/dev/null 2>&1; then
|
|
if [[ "${IS_CORRECTION_TAG}" == "1" ]]; then
|
|
echo "openclaw@${PACKAGE_VERSION} is already published on npm."
|
|
echo "Correction tag ${RELEASE_TAG} is allowed as a fallback release tag, so preview will continue without treating this as an error."
|
|
exit 0
|
|
fi
|
|
echo "openclaw@${PACKAGE_VERSION} is already published on npm."
|
|
exit 1
|
|
fi
|
|
|
|
if [[ "${IS_CORRECTION_TAG}" == "1" ]]; then
|
|
echo "Previewing fallback correction tag ${RELEASE_TAG} for npm version openclaw@${PACKAGE_VERSION}"
|
|
else
|
|
echo "Previewing openclaw@${PACKAGE_VERSION}"
|
|
fi
|
|
|
|
- name: Check
|
|
run: |
|
|
set -euxo pipefail
|
|
pnpm check
|
|
|
|
- name: Build
|
|
run: |
|
|
set -euxo pipefail
|
|
pnpm build
|
|
|
|
- name: Verify release contents
|
|
run: |
|
|
set -euxo pipefail
|
|
pnpm release:check
|
|
|
|
- name: Preview publish command
|
|
run: bash scripts/openclaw-npm-publish.sh --dry-run
|
|
|
|
publish_openclaw_npm:
|
|
if: github.event_name == 'workflow_dispatch'
|
|
# npm trusted publishing + provenance requires a GitHub-hosted runner.
|
|
runs-on: ubuntu-latest
|
|
environment: npm-release
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
steps:
|
|
- name: Validate tag input format
|
|
env:
|
|
RELEASE_TAG: ${{ inputs.tag }}
|
|
run: |
|
|
set -euo pipefail
|
|
if [[ ! "${RELEASE_TAG}" =~ ^v[0-9]{4}\.[1-9][0-9]*\.[1-9][0-9]*((-beta\.[1-9][0-9]*)|(-[1-9][0-9]*))?$ ]]; then
|
|
echo "Invalid release tag format: ${RELEASE_TAG}"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v6
|
|
with:
|
|
ref: refs/tags/${{ inputs.tag }}
|
|
fetch-depth: 0
|
|
|
|
- name: Setup Node environment
|
|
uses: ./.github/actions/setup-node-env
|
|
with:
|
|
node-version: ${{ env.NODE_VERSION }}
|
|
pnpm-version: ${{ env.PNPM_VERSION }}
|
|
install-bun: "false"
|
|
use-sticky-disk: "false"
|
|
|
|
- name: Validate release tag and package metadata
|
|
env:
|
|
RELEASE_TAG: ${{ inputs.tag }}
|
|
RELEASE_MAIN_REF: origin/main
|
|
run: |
|
|
set -euo pipefail
|
|
RELEASE_SHA=$(git rev-parse HEAD)
|
|
export RELEASE_SHA RELEASE_TAG RELEASE_MAIN_REF
|
|
# Fetch the full main ref so merge-base ancestry checks keep working
|
|
# for older tagged commits that are still contained in main.
|
|
git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main
|
|
pnpm release:openclaw:npm:check
|
|
|
|
- name: Ensure version is not already published
|
|
run: |
|
|
set -euo pipefail
|
|
PACKAGE_VERSION=$(node -p "require('./package.json').version")
|
|
|
|
if npm view "openclaw@${PACKAGE_VERSION}" version >/dev/null 2>&1; then
|
|
echo "openclaw@${PACKAGE_VERSION} is already published on npm."
|
|
exit 1
|
|
fi
|
|
|
|
echo "Publishing openclaw@${PACKAGE_VERSION}"
|
|
|
|
- name: Check
|
|
run: pnpm check
|
|
|
|
- name: Build
|
|
run: pnpm build
|
|
|
|
- name: Verify release contents
|
|
run: pnpm release:check
|
|
|
|
- name: Publish
|
|
run: bash scripts/openclaw-npm-publish.sh --publish
|