From c62272d6b63f5ca48b16640b55893131afd585e1 Mon Sep 17 00:00:00 2001 From: DocEight Date: Sat, 15 Nov 2025 08:55:40 +0900 Subject: [PATCH 1/8] Trigger CD on tag --- .github/workflows/publish.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 53fb50c..7095546 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -2,8 +2,8 @@ name: Publish on: push: - branches: - - main + tags: + - "v*" permissions: id-token: write # Required for OIDC @@ -33,5 +33,5 @@ jobs: - name: Build module run: npm run build - - name: Build module + - name: Publish module run: npm publish --access public From 7e3110f48ab94f4a32c6986fb5ccb1854b14fead Mon Sep 17 00:00:00 2001 From: DocEight Date: Sat, 15 Nov 2025 09:14:05 +0900 Subject: [PATCH 2/8] Update husky pre-push check --- .husky/pre-push | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.husky/pre-push b/.husky/pre-push index 5de7ecd..b1b8757 100755 --- a/.husky/pre-push +++ b/.husky/pre-push @@ -1,9 +1,15 @@ #!/bin/sh . "$(dirname -- "$0")/_/husky.sh" +CODE_CHANGED=$(git diff origin/main --name-only | grep -E "\.(js|ts|json|py)$") +if [ -z "$VERSION_CHANGED" ]; then + echo "No code changes detected. Skipping tests." + exit 0 +fi + npm run test -CHANGED=$(git diff origin/main package.json | grep '"version":') -if [ -z "$CHANGED" ]; then +VERSION_CHANGED=$(git diff origin/main package.json | grep '"version":') +if [ -z "$VERSION_CHANGED" ]; then echo "ERROR: You must update package.json version before pushing to main!" exit 1 fi From 0a5e4e3206ea4e9e8252d8a47b2e0ec7c0dadb79 Mon Sep 17 00:00:00 2001 From: DocEight Date: Sat, 15 Nov 2025 09:55:13 +0900 Subject: [PATCH 3/8] Publish on release, not tag --- .github/workflows/publish.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7095546..5c4f26d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,9 +1,9 @@ name: Publish on: - push: - tags: - - "v*" + release: + types: + - "released" permissions: id-token: write # Required for OIDC From be51ebdfd30c41d47685c51296b4259e1ac111f7 Mon Sep 17 00:00:00 2001 From: DocEight Date: Sat, 15 Nov 2025 09:55:39 +0900 Subject: [PATCH 4/8] Add workflow to check (and delete invalid) tags --- .github/workflows/check-tag.yml | 61 +++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 .github/workflows/check-tag.yml diff --git a/.github/workflows/check-tag.yml b/.github/workflows/check-tag.yml new file mode 100644 index 0000000..26d4d22 --- /dev/null +++ b/.github/workflows/check-tag.yml @@ -0,0 +1,61 @@ +name: Check Tag + +on: + push: + tags: + - "v*" + +jobs: + check-tag: + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@v5 + with: + fetch-depth: 0 # Need to get all history to check that we're on main + + - name: Check branch + run: | + TAG_COMMIT=$(git rev-parse "$GITHUB_REF") + MAIN_COMMIT=$(git rev-parse origin/main) + + if [ "$TAG_COMMIT" != "$MAIN_COMMIT" ]; then + echo "Tag commit: $TAG_COMMIT" + echo "Main tip commit: $MAIN_COMMIT" + echo "Error: Tag does not appear to be on main. Exiting." + exit 1 + fi + + - name: Check tag + run: | + PACKAGE_VERSION=$(jq -r ".version" package.json) + + if [ "$TAG" != "v${PACKAGE_VERSION}" ]; then + echo "Pushed tag: $TAG" + echo "Version in package.json: $PACKAGE_VERSION" + echo "Error: Tag does not appear to match version in package.json. Exiting." + exit 1 + fi + env: + TAG: ${{ github.ref_name }} # On push.tags this is the name of the tag + + cleanup: + runs-on: ubuntu-latest + needs: + - "check-tag" + if: ${{ always() && contains(needs.*.result, 'failure') }} + permissions: + contents: write + steps: + - uses: actions/checkout@v5 + + - name: Delete tag + run: | + git tag -d "$TAG" + git push --delete origin "$TAG" + env: + TAG: ${{ github.ref_name }} # On push.tags this is the name of the tag + + - name: Die + run: exit 1 From 2c055f44e216d6b2d158ccf427534fcf2b52ddc3 Mon Sep 17 00:00:00 2001 From: DocEight Date: Sat, 15 Nov 2025 09:56:31 +0900 Subject: [PATCH 5/8] Fix bug in husky check --- .husky/pre-push | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/.husky/pre-push b/.husky/pre-push index b1b8757..0bddf38 100755 --- a/.husky/pre-push +++ b/.husky/pre-push @@ -2,14 +2,11 @@ . "$(dirname -- "$0")/_/husky.sh" CODE_CHANGED=$(git diff origin/main --name-only | grep -E "\.(js|ts|json|py)$") -if [ -z "$VERSION_CHANGED" ]; then - echo "No code changes detected. Skipping tests." - exit 0 -fi - -npm run test -VERSION_CHANGED=$(git diff origin/main package.json | grep '"version":') -if [ -z "$VERSION_CHANGED" ]; then - echo "ERROR: You must update package.json version before pushing to main!" - exit 1 +if [ -n "$CODE_CHANGED" ]; then + npm run test + VERSION_CHANGED=$(git diff origin/main package.json | grep '"version":') + if [ -z "$VERSION_CHANGED" ]; then + echo "ERROR: You must update package.json version before pushing to main!" + exit 1 + fi fi From 629bb03d0b5b17f8ccd3d733c4b850cc3fe1a5bc Mon Sep 17 00:00:00 2001 From: DocEight Date: Sat, 15 Nov 2025 09:58:15 +0900 Subject: [PATCH 6/8] Revert "Fix bug in husky check" This reverts commit 2c055f44e216d6b2d158ccf427534fcf2b52ddc3. --- .husky/pre-push | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/.husky/pre-push b/.husky/pre-push index 0bddf38..b1b8757 100755 --- a/.husky/pre-push +++ b/.husky/pre-push @@ -2,11 +2,14 @@ . "$(dirname -- "$0")/_/husky.sh" CODE_CHANGED=$(git diff origin/main --name-only | grep -E "\.(js|ts|json|py)$") -if [ -n "$CODE_CHANGED" ]; then - npm run test - VERSION_CHANGED=$(git diff origin/main package.json | grep '"version":') - if [ -z "$VERSION_CHANGED" ]; then - echo "ERROR: You must update package.json version before pushing to main!" - exit 1 - fi +if [ -z "$VERSION_CHANGED" ]; then + echo "No code changes detected. Skipping tests." + exit 0 +fi + +npm run test +VERSION_CHANGED=$(git diff origin/main package.json | grep '"version":') +if [ -z "$VERSION_CHANGED" ]; then + echo "ERROR: You must update package.json version before pushing to main!" + exit 1 fi From e6bdacacc5a972a0696911777840ea3d52823335 Mon Sep 17 00:00:00 2001 From: DocEight Date: Sat, 15 Nov 2025 09:58:48 +0900 Subject: [PATCH 7/8] Fix husky check --- .husky/pre-push | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.husky/pre-push b/.husky/pre-push index b1b8757..d39a7ef 100755 --- a/.husky/pre-push +++ b/.husky/pre-push @@ -2,7 +2,7 @@ . "$(dirname -- "$0")/_/husky.sh" CODE_CHANGED=$(git diff origin/main --name-only | grep -E "\.(js|ts|json|py)$") -if [ -z "$VERSION_CHANGED" ]; then +if [ -z "$CODE_CHANGED" ]; then echo "No code changes detected. Skipping tests." exit 0 fi From 33c03edb20ee05585c9ebdac473282f50035c3d7 Mon Sep 17 00:00:00 2001 From: DocEight Date: Sat, 15 Nov 2025 11:14:50 +0900 Subject: [PATCH 8/8] Kill the grep trap in husky --- .husky/pre-push | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.husky/pre-push b/.husky/pre-push index d39a7ef..1a6c6ed 100755 --- a/.husky/pre-push +++ b/.husky/pre-push @@ -1,15 +1,14 @@ -#!/bin/sh +#!/usr/bin/env sh . "$(dirname -- "$0")/_/husky.sh" -CODE_CHANGED=$(git diff origin/main --name-only | grep -E "\.(js|ts|json|py)$") -if [ -z "$CODE_CHANGED" ]; then +if git diff origin/main..HEAD --name-only | grep -Eq '\.(js|ts|json|py)$'; then + echo "Code changes detected" +else echo "No code changes detected. Skipping tests." exit 0 fi -npm run test -VERSION_CHANGED=$(git diff origin/main package.json | grep '"version":') -if [ -z "$VERSION_CHANGED" ]; then +if git diff origin/main package.json | grep '"version":'; then echo "ERROR: You must update package.json version before pushing to main!" exit 1 fi