release.yaml

#
# this is the release workflow that is triggered by a push to the main branch
#
# it will
# - update the versions of all packages
# - build the project
# - @TODO test the project
# - create a releases for all packages that have changed and add its artifacts to the release
# - gather the workflow artifacts
#
name: 'release'

on:
  push:
    branches:
      - main

permissions:
  # write-all is too much, but we need to write to packages
  # see https://github.com/orgs/community/discussions/57724 for more info
  contents: read
  packages: write
  attestations: write
  id-token: write

jobs:
  build_devcontainer_image:
    uses: ./.github/workflows/build-devcontainer-image.yaml
    secrets: inherit

  release:
    runs-on: ubuntu-latest
    needs:
      - build_devcontainer_image
    concurrency:
      group: ${{ github.workflow }}-${{ github.ref }}
    if: "!contains(github.event.head_commit.message, 'skip release')"
    steps:
      - name: checkout branch from git
        uses: actions/checkout@v4

      - uses: './.github/shared/actions/devcontainer-shell-run'
        name: build_project
        with:
          runCmd: |
            pnpm install --frozen-lockfile

            export GITHUB_TOKEN="${{ secrets.GITHUB_TOKEN }}"
            export GITHUB_REPOSITORY="${{ github.repository }}"

            git remote -v
            git checkout "${GITHUB_REF:11}"
            git remote -v

            pnpm release

      - uses: './.github/shared/actions/devcontainer-shell-run'
        id: gather_workflow_artifacts
        name: gather_workflow_artifacts
        with:
          runCmd: |
            pnpm exec ./scripts/_get-workflow-artefacts.sh

      - name: attach workflow artifacts
        uses: actions/upload-artifact@v4
        with:
          # see https://github.com/actions/upload-artifact/issues/424
          path: |-
            ${{ steps.gather_workflow_artifacts.outputs.runCmdOutput }}