eddeee888
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 131 additions & 9 deletions b/‎.github/workflows/release.yml‎
Lines changed: 131 additions & 9 deletions
diff --git a/‎.github/workflows/snapshot.yml‎
Lines changed: 0 additions & 131 deletions b/‎.github/workflows/snapshot.yml‎
Lines changed: 0 additions & 131 deletions
@@ -3,12 +3,16 @@ name: 'Release'
 on:
   push:
     branches:
-      - master
+      # - master
+      - set-up-oidc-publishing-2
+
+  issue_comment:
+    types: [created]
 
 env:
-  npm-token: ${{ secrets.NPM_TOKEN }}
   github-token: ${{ secrets.GITHUB_TOKEN }}
   node-version: '24.x'
+  snapshot-release-tag: pr${{ github.event.issue.number }}-run${{ github.run_number }}-${{ github.run_attempt }}
 
 jobs:
   release:
@@ -32,13 +36,131 @@ jobs:
       - name: Install packages
         run: yarn install --prefer-offline
 
-      - name: Create Release Pull Request or Publish to NPM
-        id: changesets
-        uses: changesets/[email protected]
+      # - name: Create Release Pull Request or Publish to NPM
+      #   id: changesets
+      #   uses: changesets/[email protected]
+      #   with:
+      #     publish: yarn release
+      #     commit: 'chore(release): update packages versions'
+      #     title: 'Upcoming Release Changes'
+      #   env:
+      #     GITHUB_TOKEN: ${{ env.github-token }}
+
+  release-snapshot-check:
+    if: github.event.comment != ''
+    runs-on: ubuntu-24.04
+    permissions:
+      pull-requests: write
+    outputs:
+      triggered: ${{ steps.check.outputs.triggered }}
+    steps:
+      - name: Acknowledge deployment request to commenter
+        id: check
+        uses: khan/[email protected]
+        with:
+          trigger: '/release-snapshot'
+          reaction: rocket
+        env:
+          GITHUB_TOKEN: ${{ env.github-token }}
+
+      - name: Validate user
+        if: ${{ steps.check.outputs.triggered == 'true' }}
+        run: |
+          if [[ "${AUTHOR_ASSOCIATION}" != 'OWNER' ]]
+          then
+            echo "User authorization failed"
+            exit 1
+          else
+            echo "User authorization successful"
+            exit 0
+          fi
+        env:
+          AUTHOR_ASSOCIATION: ${{ github.event.comment.author_association }}
+
+      - name: Report failure
+        if: failure()
+        uses: octokit/[email protected]
+        with:
+          route: POST /repos/{owner}/{repo}/issues/{issue_number}/comments
+          owner: ${{ github.repository_owner }}
+          repo: ${{ github.event.repository.name }}
+          issue_number: ${{ github.event.issue.number }}
+          body: '❌ No permission to release snapshot'
+        env:
+          GITHUB_TOKEN: ${{ env.github-token }}
+
+  release-snapshot:
+    runs-on: ubuntu-24.04
+    needs: release-snapshot-check
+    permissions:
+      id-token: write # allows ODIC publishing
+      contents: read
+      pull-requests: write # allows posting a message to the PR about success/error
+    if: needs.release-snapshot-check.outputs.triggered == 'true'
+    steps:
+      - name: Get Pull Request ref
+        id: get_pull_request_ref
+        uses: octokit/[email protected]
+        with:
+          route: GET /repos/{owner}/{repo}/pulls/{issue_number}
+          owner: ${{ github.repository_owner }}
+          repo: ${{ github.event.repository.name }}
+          issue_number: ${{ github.event.issue.number }}
+        env:
+          GITHUB_TOKEN: ${{ env.github-token }}
+
+      - name: Check out repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: true
+          repository: ${{ fromJson(steps.get_pull_request_ref.outputs.data).head.repo.full_name }}
+          ref: ${{ fromJson(steps.get_pull_request_ref.outputs.data).head.ref }}
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.node-version }}
+          registry-url: 'https://registry.npmjs.org'
+          cache: yarn
+          cache-dependency-path: '**/yarn.lock'
+
+      - uses: ./.github/workflows/_publish.yml
+        with:
+          github-token: ${{ env.github-token }}
+          snapshot-release-tag: ${{ env.release-tag }}
+
+      - name: Install deps
+        run: yarn install --prefer-offline
+
+      - name: Deploy snapshot
+        run: |
+          yarn changeset version --snapshot $RELEASE_TAG
+          yarn nx run-many --target=build
+          yarn changeset publish --tag $RELEASE_TAG --no-git-tag
+        env:
+          GITHUB_TOKEN: ${{ env.github-token }}
+          RELEASE_TAG: ${{ env.release-tag }}
+
+      - name: Report success
+        if: success()
+        uses: octokit/[email protected]
+        with:
+          route: POST /repos/{owner}/{repo}/issues/{issue_number}/comments
+          owner: ${{ github.repository_owner }}
+          repo: ${{ github.event.repository.name }}
+          issue_number: ${{ github.event.issue.number }}
+          body: '✅ Successfully published package/s with tag `${{ env.release-tag }}`!'
+        env:
+          GITHUB_TOKEN: ${{ env.github-token }}
+
+      - name: Report failure
+        if: failure()
+        uses: octokit/[email protected]
         with:
-          publish: yarn release
-          commit: 'chore(release): update packages versions'
-          title: 'Upcoming Release Changes'
+          route: POST /repos/{owner}/{repo}/issues/{issue_number}/comments
+          owner: ${{ github.repository_owner }}
+          repo: ${{ github.event.repository.name }}
+          issue_number: ${{ github.event.issue.number }}
+          body: '❌ Failed to publish package/s with tag `${{ env.release-tag }}`'
         env:
           GITHUB_TOKEN: ${{ env.github-token }}
-          NPM_TOKEN: ${{ env.npm-token }}