docker-build-and-push and create-release-pr

.github/workflows/ci.yaml

@@ -220,7 +220,7 @@ jobs:
 
       - name: Check if we need to install browsers
         id: browsers
-        uses: actions/github-script@v7
+        uses: actions/github-script@v8
         with:
           script: |
             const { existsSync } = require('fs');

.github/workflows/create-release.yaml

@@ -0,0 +1,161 @@
+# Create Release
+#
+# Template to use with this workflow:
+# https://github.com/verkstedt/.github/tree/main/workflow-templates/create-release.yaml
+#
+# Pushes a commit that updates version data directly to the main branch.
+#
+# Requires GitHub token with persmissions to do that.
+
+name: Create Release
+
+on:
+  workflow_call:
+    inputs:
+      release-type:
+        description: 'Type of release (major, minor, patch, or prerelease)'
+        type: string
+        default: 'patch'
+      working-directory:
+        description: 'Working directory (where package.json is located)'
+        type: string
+        default: '.'
+
+jobs:
+  release:
+    name: 'Create Release'
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      pull-requests: write
+      issues: write
+
+    steps:
+      - name: Verify inputs
+        run: |
+          if ! echo "${{ inputs.release-type }}" | grep -qE '^(major|minor|patch|prerelease)$'
+          then
+            echo "Invalid release-type: ${{ inputs.release-type }}. Must be one of: major, minor, patch, prerelease."
+            exit 64 # EX_USAGE
+          fi
+
+          if [ "${{ inputs.release-type }}" = "prerelease" ]
+          then
+            echo "ERROR: Prerelease not supported yet." # TODO Support prerelease
+            exit 64 # EX_USAGE
+          fi
+
+      - name: Set environment variables
+        env:
+          ENV_VARS: ${{ secrets.env_vars }}
+        run: |
+          echo "$ENV_VARS" >> "$GITHUB_ENV"
+
+      - name: Setup
+        id: setup
+        uses: verkstedt/actions/setup@new-actions-for-building-pushing-and-releasing
+        with:
+          working-directory: ${{ inputs.working-directory }}
+          github-npm-registry-personal-access-token: ${{ secrets.GH_NPM_REGISTRY_PERSONAL_ACCESS_TOKEN }}
+
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # Note: This script doesn’t access steps.*.outputs and
+          # inputs.* directly to make it easier to copy it to separate
+          # file for testing
+          PACKAGE_MANAGER: ${{ steps.setup.outputs.package-manager }}
+          RELEASE_TYPE: ${{ inputs.release-type }}
+        run: |
+          echo "::group::Prepare semantic-release configuration"
+          # TODO Move this to separate package, that can be installed, together with dependencies
+          release_config_mjs="$( mktemp --suffix=.mjs )"
+          cat > "$release_config_mjs" << 'RELEASE_CONFIG_MJS_EOF'
+          /**
+          * @type {import('semantic-release').GlobalConfig}
+          */
+          export default {
+            plugins: [
+              ["@semantic-release/exec", {
+                // Do not analyse commits to determine release type
+                analyzeCommitsCmd: `echo ${process.env.RELEASE_TYPE}`,
+                // Update version.txt, if exists
+                prepareCmd: 'if [ -f version.txt ]; then echo "${nextRelease.version}" > version.txt; fi',
+                // Use GitHub API to generate release notes
+                generateNotesCmd: `
+                  gh api \
+                    -X POST \
+                    repos/:owner/:repo/releases/generate-notes \
+                    -f tag_name='\${nextRelease.gitTag}' \
+                    -f previous_tag_name='\${lastRelease.gitTag}' \
+                    --jq '"# " + .name + "\n\n" + .body'
+                `,
+                // Write release notes to GitHub Actions summary
+                successCmd: `echo '\${nextRelease.notes}' >> \$GITHUB_STEP_SUMMARY`,
+              }],
+              // Update version package.json, do not publish to npm registry
+              ['@semantic-release/npm', {
+                npmPublish: false
+              }],
+              // Write changelog
+              ['@semantic-release/changelog'],
+              // Commit and push changed files
+              ['@semantic-release/git', {
+                assets: ['CHANGELOG.md', 'package.json', 'package-lock.json', 'version.txt'],
+                message: 'chore(release): ${nextRelease.version}\n\n\${nextRelease.notes}'
+              }],
+              // Register a GitHub release
+              ['@semantic-release/github'],
+            ]
+          }
+          RELEASE_CONFIG_MJS_EOF
+          echo "::endgroup::"
+
+          # Clean up
+          trap 'rm -fv "$release_config_mjs"' EXIT INT TERM
+
+          # FIXME This feels wrong, but couldn’t find a way of running semantic-release without having plugins installed
+          echo "::group::Install semantic-release plugins"
+          npm_pkg_args=$(
+            node --input-type=module --eval "
+              const { default: config } = await import(process.argv[1], { assert: { type: 'module' } });
+              process.stdout.write(
+                config.plugins
+                  .map(p => Array.isArray(p) ? p[0] : p)
+                  .filter(p => ! /^(\\.\\/|\\.\\.\\/|\/)/.test(p))
+                  .join('\\n')
+              );
+            " "$release_config_mjs" |
+              # Skip plugins bundled with semantic-release
+              # https://semantic-release.gitbook.io/semantic-release/usage/plugins#default-plugins
+              # Docs also list @semantic-release/npm, but it doesn’t seem true
+              grep -vE '@semantic-release/commit-analyzer|@semantic-release/release-notes-generator|@semantic-release/github'
+          )
+
+          if [ -n "$npm_pkg_args" ]
+          then
+            case "$PACKAGE_MANAGER" in
+              yarn)
+                # shellcheck disable=SC2086
+                yarn add -D $npm_pkg_args
+                ;;
+              npm)
+                # shellcheck disable=SC2086
+                npm install -D $npm_pkg_args
+                ;;
+              *)
+                echo "Unsupported package manager: $PACKAGE_MANAGER"
+                exit 69 # EX_UNAVAILABLE
+                ;;
+            esac
+
+            git restore package.json || :
+            git restore package-lock.json || :
+            git restore yarn.lock || :
+          fi
+          echo "::endgroup::"
+
+          echo "::group::Run semantic-release"
+          npx --yes semantic-release --extends "$release_config_mjs" "$@"
+          echo "::endgroup::"