@@ -4,7 +4,7 @@ name: Publish releases
44
55on :
66 push :
7- branches : [master ]
7+ branches : [ci/fix-canary ]
88 paths-ignore :
99 - ' *.md'
1010 - ' docs/**'
@@ -20,244 +20,18 @@ env:
2020 NODE_VERSION : ' 20'
2121
2222jobs :
23- release-stable : # stable releases can only be manually triggered
24- if : ${{ github.event_name == 'workflow_dispatch' }}
25- runs-on : ubuntu-latest
26- outputs :
27- released_version : ${{ steps.extract-version.outputs.version }}
28- permissions :
29- contents : read
30- id-token : write
31-
32- steps :
33- - name : Generate token
34- id : app-token
35- uses : actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf
36- with :
37- app-id : ${{ secrets.APP_ID }}
38- private-key : ${{ secrets.PRIVATE_KEY }}
39- - name : Check if actor is member of admin or sdk team
40- id : team-check
41- uses : actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
42- with :
43- github-token : ${{ steps.app-token.outputs.token }}
44- script : |
45- const org = 'supabase'
46- const { actor } = context
47-
48- async function isTeamMember(team_slug) {
49- try {
50- const res = await github.rest.teams.getMembershipForUserInOrg({
51- org,
52- team_slug,
53- username: actor,
54- })
55- return res && res.status === 200
56- } catch (_) {
57- return false
58- }
59- }
60- const isAdmin = await isTeamMember('admin')
61- const isSdk = await isTeamMember('sdk')
62- const isMember = isAdmin || isSdk
63- core.setOutput('is_team_member', isMember ? 'true' : 'false')
64-
65- name : Fail if not authorized
66- if : ${{ steps.team-check.outputs.is_team_member != 'true' }}
67- run : |
68- echo "You must be a member of @supabase/admin or @supabase/sdk."
69- exit 1
70-
71- name : Checkout code
72- uses : actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
73- with :
74- fetch-depth : 0
75- persist-credentials : false
76-
77- - uses : actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
78- with :
79- node-version : ${{ env.NODE_VERSION }}
80- cache : ' npm'
81- registry-url : ' https://registry.npmjs.org'
82-
83- # Ensure npm 11.5.1 or later is installed for trusted publishing support
84- - name : Update npm
85- run : npm install -g npm@latest
86-
87- - name : Install dependencies
88- run : npm ci
89-
90- - name : Configure git
91- run : |
92- git config --global user.name "supabase-releaser[bot]"
93- git config --global user.email "supabase-releaser[bot]@users.noreply.github.com"
94-
95- name : Validate input
96- run : |
97- VS="${{ github.event.inputs.version_specifier }}"
98- echo "Validating: $VS"
99-
100- if [[ "$VS" =~ ^(patch|minor|major|prepatch|preminor|premajor|prerelease)$ ]]; then
101- echo "✔ bump keyword"
102- elif [[ "$VS" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+([.-][0-9A-Za-z.-]+)?$ ]]; then
103- echo "✔ explicit version"
104- else
105- echo "❌ Invalid version_specifier: '$VS'"
106- echo " Use: patch|minor|major|pre*, or v1.2.3"
107- exit 1
108- fi
109-
110- name : Release stable version
111- env :
112- NPM_CONFIG_PROVENANCE : true
113- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
114- RELEASE_GITHUB_TOKEN : ${{ steps.app-token.outputs.token }}
115- GH_TOKEN : ${{ steps.app-token.outputs.token }}
116- shell : bash
117- run : npm run release-stable -- --versionSpecifier "${{ github.event.inputs.version_specifier }}"
118-
119- - name : Extract released version
120- id : extract-version
121- shell : bash
122- run : |
123- set -euo pipefail
124- VERSION=$(cat .release-version)
125- if [[ -z "$VERSION" ]]; then
126- exit 1
127- fi
128- echo "version=$VERSION" >> $GITHUB_OUTPUT
129-
130- name : Summary
131- if : ${{ success() }}
132- run : |
133- echo "## ✅ Stable Release" >> $GITHUB_STEP_SUMMARY
134- echo "- **Version specifier:** \`${{ github.event.inputs.version_specifier }}\`" >> $GITHUB_STEP_SUMMARY
135- echo "- **Source commit:** HEAD of the checked-out branch" >> $GITHUB_STEP_SUMMARY
136- echo "- **Dist-tag:** \`latest\`" >> $GITHUB_STEP_SUMMARY
137-
138- docs-after-stable-release :
139- name : Generate Documentation
140- needs : release-stable
141- if : ${{ github.event_name == 'workflow_dispatch' && needs.release-stable.result == 'success' }}
142- uses : ./.github/workflows/docs.yml
143- permissions :
144- actions : read
145- contents : write
146-
147- trigger-update-js-libs :
148- name : Trigger Update JS Libs
149- runs-on : ubuntu-latest
150- needs : release-stable
151- if : ${{ github.event_name == 'workflow_dispatch' && needs.release-stable.result == 'success' }}
152- steps :
153- - name : Generate token
154- id : app-token
155- uses : actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf
156- with :
157- app-id : ${{ secrets.APP_ID }}
158- private-key : ${{ secrets.PRIVATE_KEY }}
159- owner : supabase
160- repositories : supabase, supabase-js
161- - name : Trigger supabase/supabase update-js-libs workflow
162- uses : actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
163- with :
164- github-token : ${{ steps.app-token.outputs.token }}
165- script : |
166- await github.rest.actions.createWorkflowDispatch({
167- owner: 'supabase',
168- repo: 'supabase',
169- workflow_id: 'update-js-libs.yml',
170- ref: 'master',
171- inputs: {
172- version: '${{ needs.release-stable.outputs.released_version }}',
173- source: 'supabase-js-stable-release'
174- }
175- });
176-
177- trigger-supabase-docs-update :
178- name : Trigger Supabase Docs Update
179- runs-on : ubuntu-latest
180- needs : [release-stable, docs-after-stable-release]
181- if : ${{ github.event_name == 'workflow_dispatch' && needs.release-stable.result == 'success' && needs.docs-after-stable-release.result == 'success' }}
182- steps :
183- - name : Generate token
184- id : app-token
185- uses : actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf
186- with :
187- app-id : ${{ secrets.APP_ID }}
188- private-key : ${{ secrets.PRIVATE_KEY }}
189- owner : supabase
190- repositories : supabase, supabase-js
191-
192- - name : Trigger supabase/supabase docs workflow
193- uses : actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
194- with :
195- github-token : ${{ steps.app-token.outputs.token }}
196- script : |
197- await github.rest.actions.createWorkflowDispatch({
198- owner: 'supabase',
199- repo: 'supabase',
200- workflow_id: 'docs-js-libs-update.yml',
201- ref: 'master',
202- inputs: {
203- version: '${{ needs.release-stable.outputs.released_version }}',
204- source: 'supabase-js-stable-release'
205- }
206- });
207-
208- # preview jobs
209- ci-core :
210- if : ${{ github.event_name == 'push' }}
211- name : Core Packages CI
212- uses : ./.github/workflows/ci-core.yml
213- permissions :
214- actions : read
215- contents : read
216-
217- ci-supabase-js :
218- if : ${{ github.event_name == 'push' }}
219- name : Supabase-JS Integration CI
220- uses : ./.github/workflows/ci-supabase-js.yml
221- permissions :
222- actions : read
223- contents : read
224-
225- # ==========================================
226- # COVERALLS FINISH (aggregates coverage from all packages)
227- # ==========================================
228-
229- coveralls-finish :
230- name : Coveralls Finished
231- runs-on : ubuntu-latest
232- needs : [ci-core, ci-supabase-js]
233- if : github.event_name == 'push'
234- steps :
235- - name : Coveralls Finished
236- uses : coverallsapp/github-action@5cbfd81b66ca5d10c19b062c04de0199c215fb6e # v2.3.7
237- with :
238- github-token : ${{ secrets.GITHUB_TOKEN }}
239- parallel-finished : true
240- carryforward : ' auth-js,functions-js,postgrest-js,realtime-js,storage-js,supabase-js'
241- fail-on-error : false
242- continue-on-error : true
243-
24423 # ==========================================
24524 # CANARY RELEASE (only on master, after all CI passes)
24625 # ==========================================
24726
24827 release-canary :
24928 name : Release Canary
25029 runs-on : ubuntu-latest
251- needs : [ci-core, ci-supabase-js]
25230 permissions :
25331 contents : read
25432 id-token : write
25533 # Only run on master branch pushes, and only if all CI jobs succeeded
256- if : |
257- github.ref == 'refs/heads/master' &&
258- github.event_name == 'push' &&
259- needs.ci-core.result == 'success' &&
260- needs.ci-supabase-js.result == 'success'
34+
26135 steps :
26236 - name : Generate token
26337 id : app-token
@@ -298,34 +72,3 @@ jobs:
29872 NPM_CONFIG_PROVENANCE : true
29973 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
30074 RELEASE_GITHUB_TOKEN : ${{ steps.app-token.outputs.token }}
301-
302- notify-stable-failure :
303- name : Notify Slack for Stable failure
304- needs : release-stable
305- if : ${{ always() && github.event_name == 'workflow_dispatch' && needs.release-stable.result == 'failure' }}
306- uses : ./.github/workflows/slack-notify.yml
307- secrets : inherit
308- with :
309- title : ' Stable Release'
310- status : ' failure'
311-
312- notify-stable-success :
313- name : Notify Slack for Stable success
314- needs : release-stable
315- if : ${{ github.event_name == 'workflow_dispatch' && needs.release-stable.result == 'success' }}
316- uses : ./.github/workflows/slack-notify.yml
317- secrets : inherit
318- with :
319- title : ' Stable Release'
320- status : ' success'
321- version : ${{ needs.release-stable.outputs.released_version }}
322-
323- notify-canary-failure :
324- name : Notify Slack for Canary failure
325- needs : release-canary
326- if : ${{ always() && github.event_name == 'push' && needs.release-canary.result == 'failure' }}
327- uses : ./.github/workflows/slack-notify.yml
328- secrets : inherit
329- with :
330- title : ' Canary Release'
331- status : ' failure'
0 commit comments