ci: migrate releases to release-please (#367)

## Summary This updates release automation so the repository can enforce signed commits. Release version and changelog updates now happen through release-please PRs instead of direct workflow commits, which allows them to use the repository's normal signed-commit path. ## Changes - Replaces semantic-release configuration with release-please manifest configuration for stable releases and beta prereleases. - Builds committed `dist/**` assets from the trusted release workflow after release-please creates or updates a release PR, then commits those assets back to the release PR branch. - Keeps floating major version tags, such as `v3`, updated with the GitHub API after a release is created. --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-07 18:13:10 -07:00
parent 7989d206df
commit 6be28c6ca7
5 changed files with 75 additions and 40 deletions
@@ -1,6 +1,7 @@
 name: release

 on:
+  workflow_dispatch:
  push:
    branches:
      - "*.x"
@@ -17,24 +18,64 @@ jobs:
    name: release
    runs-on: ubuntu-latest
    steps:
-      # build local version to create token
      - uses: actions/checkout@v6
-        with:
-          persist-credentials: false

-      - uses: actions/setup-node@v6
-        with:
-          node-version-file: package.json
-
-      - run: npm ci
-      - run: npm run build
      - uses: ./
        id: app-token
        with:
          app-id: ${{ vars.RELEASER_APP_ID }}
          private-key: ${{ secrets.RELEASER_APP_PRIVATE_KEY }}
-      # install release dependencies and release
-      - run: npm install --no-save @semantic-release/git semantic-release-plugin-github-breaking-version-tag
-      - run: npx semantic-release --debug
+
+      - uses: googleapis/release-please-action@45996ed1f6d02564a971a2fa1b5860e934307cf7 # v5.0.0
+        id: release-please
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          config-file: ${{ github.ref_name == 'beta' && 'release-please-config.beta.json' || 'release-please-config.json' }}
+          manifest-file: .release-please-manifest.json
+          target-branch: ${{ github.ref_name }}
+
+      - uses: actions/checkout@v6
+        if: steps.release-please.outputs.prs_created == 'true'
+        with:
+          ref: ${{ fromJSON(steps.release-please.outputs.pr).headBranchName }}
+          token: ${{ steps.app-token.outputs.token }}
+
+      - uses: actions/setup-node@v6
+        if: steps.release-please.outputs.prs_created == 'true'
+        with:
+          node-version-file: package.json
+
+      - run: npm ci
+        if: steps.release-please.outputs.prs_created == 'true'
+
+      - run: npm run build
+        if: steps.release-please.outputs.prs_created == 'true'
+
+      - uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # v7.1.0
+        if: steps.release-please.outputs.prs_created == 'true'
+        with:
+          commit_author: "${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>"
+          commit_message: "chore: update dist files"
+          file_pattern: dist/**
+
+      - name: Update major version tag
+        id: update-major-tag
+        if: steps.release-please.outputs.release_created == 'true' && github.ref_name != 'beta'
+        uses: octokit/request-action@b91aabaa861c777dcdb14e2387e30eddf04619ae # v3.0.0
+        continue-on-error: true
+        with:
+          route: PATCH /repos/${{ github.repository }}/git/refs/tags/v${{ steps.release-please.outputs.major }}
+          sha: ${{ steps.release-please.outputs.sha }}
+          force: true
+        env:
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+
+      - name: Create major version tag
+        if: steps.release-please.outputs.release_created == 'true' && github.ref_name != 'beta' && steps.update-major-tag.outcome == 'failure'
+        uses: octokit/request-action@b91aabaa861c777dcdb14e2387e30eddf04619ae # v3.0.0
+        with:
+          route: POST /repos/${{ github.repository }}/git/refs
+          ref: refs/tags/v${{ steps.release-please.outputs.major }}
+          sha: ${{ steps.release-please.outputs.sha }}
        env:
          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
@@ -0,0 +1,3 @@
+{
+  ".": "3.1.1"
+}
@@ -28,33 +28,5 @@
    "open-cli": "^9.0.0",
    "undici": "^7.24.6",
    "yaml": "^2.8.3"
-  },
-  "release": {
-    "branches": [
-      "+([0-9]).x",
-      "main",
-      {
-        "name": "beta",
-        "prerelease": true
-      }
-    ],
-    "plugins": [
-      "@semantic-release/commit-analyzer",
-      "@semantic-release/release-notes-generator",
-      "@semantic-release/github",
-      "@semantic-release/npm",
-      "semantic-release-plugin-github-breaking-version-tag",
-      [
-        "@semantic-release/git",
-        {
-          "assets": [
-            "package.json",
-            "package-lock.json",
-            "dist/*"
-          ],
-          "message": "build(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
-        }
-      ]
-    ]
  }
 }
@@ -0,0 +1,11 @@
+{
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
+  "packages": {
+    ".": {
+      "prerelease": true,
+      "prerelease-type": "beta",
+      "release-type": "node",
+      "versioning": "prerelease"
+    }
+  }
+}
@@ -0,0 +1,8 @@
+{
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
+  "packages": {
+    ".": {
+      "release-type": "node"
+    }
+  }
+}