ci(workflows): add release-chore

- replaces `release-branch`

Signed-off-by: Lexus Drumgold <unicornware@flexdevelopment.llc>

.commitlintrc.cts

@@ -21,6 +21,7 @@ const config: UserConfig = {
       scopes([
         'bump',
         'changelog',
+        'chore',
         'config',
         'git',
         'grease',

.dictionary.txt

@@ -38,7 +38,6 @@ sortbrk
 sortcmt
 sortgrp
 stringafiable
-tohgarashi
 tryit
 tscu
 unstub

.github/workflows/auto-review.yml

@@ -46,7 +46,7 @@ jobs:
         run: |
           GITHUB_TOKEN=
 
-          if [[ $GITHUB_ACTOR == flex-development[bot] ]]; then
+          if [[ $GITHUB_ACTOR == 'flex-development[bot]' ]]; then
             GITHUB_TOKEN=${{ secrets.GH_REPO_TOKEN }}
           else
             GITHUB_TOKEN=${{ steps.bot-token.outputs.token }}

.github/workflows/ci.yml

@@ -53,6 +53,7 @@ jobs:
       github.event.head_commit.author.name != 'dependabot[bot]'
       && github.event.head_commit.author.username != 'flexdevelopment[bot]'
       && !startsWith(github.event.head_commit.message, 'release:')
+      && !startsWith(github.event.head_commit.message, 'release(chore):')
     runs-on: ubuntu-latest
     outputs:
       cache-key: ${{ steps.cache-key.outputs.result }}

.github/workflows/release-branch.yml → .github/workflows/release-chore.yml

@@ -1,63 +1,86 @@
-# Release Branch
+# Release Chore
 #
-# Execute version bump, changelog, and pull request operations on release branch creation.
+# Execute branch, version bump, changelog, and pull request operations on release chore commit.
 #
 # References:
 #
-# - https://cli.github.com/manual/gh_auth_status
 # - https://cli.github.com/manual/gh_pr_create
 # - https://docs.github.com/actions/learn-github-actions/contexts
 # - https://docs.github.com/actions/learn-github-actions/expressions
-# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#create
+# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#push
 # - https://docs.github.com/actions/using-workflows/using-github-cli-in-workflows
 # - https://docs.github.com/actions/using-workflows/workflow-commands-for-github-actions
-# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#create
+# - https://docs.github.com/webhooks-and-events/webhooks/webhook-events-and-payloads#push
 # - https://github.com/actions/checkout
 # - https://github.com/actions/create-github-app-token
+# - https://github.com/flex-development/gh-commit
 # - https://github.com/hmarr/debug-action
 # - https://github.com/kaisugi/action-regex-match
-# - https://github.com/tohgarashi/verified-commit
 # - https://regex101.com/r/OwpOr2
+# - https://regex101.com/r/VIIVGd
 
 ---
-name: release-branch
-on: create
+name: release-chore
+on:
+  push:
+    branches:
+      - main
 concurrency:
   cancel-in-progress: true
   group: ${{ github.workflow }}-${{ github.ref }}
 jobs:
   preflight:
-    if: |
-      github.ref_type == 'branch' &&
-      startsWith(github.ref_name, 'release/') &&
-      contains(vars.MAINTAINERS, github.actor)
+    if: startsWith(github.event.head_commit.message, 'release(chore):')
     runs-on: ubuntu-latest
     outputs:
+      branch: ${{ steps.branch.outputs.result }}
       message: ${{ steps.message.outputs.result }}
       tag: ${{ steps.tag.outputs.result }}
       version: ${{ steps.version.outputs.match }}
     steps:
       - id: debug
         name: Print environment variables and event payload
         uses: hmarr/debug-action@v2.1.0
+      - id: fail-actor
+        if: contains(vars.MAINTAINERS, github.actor) == false
+        name: Fail on unauthorized actor
+        run: |
+          echo '**Unauthorized actor: ${{ github.actor }}**' >>$GITHUB_STEP_SUMMARY
+          exit 1
       - id: checkout
         name: Checkout ${{ github.ref_name }}
         uses: actions/checkout@v4.1.1
         with:
           persist-credentials: false
           ref: ${{ github.ref }}
+      - id: diff-tree
+        name: Get diff tree
+        run: echo "result=$(git diff-tree --name-only -r ${{ github.sha }})" >>$GITHUB_OUTPUT
+      - id: fail-diff-tree
+        if: steps.diff-tree.outputs.result != ''
+        name: Fail on invalid diff tree
+        run: |
+          ERR='**Invalid diff tree**
+          ```sh
+          ${{ steps.diff-tree.outputs.result }}
+          ```'
+          echo "$ERR" >>$GITHUB_STEP_SUMMARY
+          exit 1
       - id: version
         name: Get release version
         uses: kaisugi/action-regex-match@v1.0.0
         with:
-          regex: ${{ vars.RELEASE_BRANCH_REGEX }}
-          text: ${{ github.ref_name }}
-      - id: version-fail
+          regex: ${{ vars.RELEASE_CHORE_REGEX }}
+          text: ${{ github.event.head_commit.message }}
+      - id: fail-version
         if: steps.version.outputs.match == ''
         name: Fail on invalid release version
         run: |
-          ERR='**Invalid release branch: ${{ github.ref_name }}**
-          Branch must match [`${{ vars.RELEASE_BRANCH_REGEX }}`](https://regex101.com/r/OwpOr2)'
+          ERR='**Invalid release chore commit**
+          ```sh
+          ${{ github.event.head_commit.message }}
+          ```
+          Message must match [`${{ vars.RELEASE_CHORE_REGEX }}`](https://regex101.com/r/OwpOr2)'
           echo "$ERR" >>$GITHUB_STEP_SUMMARY
           exit 1
       - id: tag
@@ -66,10 +89,35 @@ jobs:
           echo "result=$(jq .tagprefix grease.config.json -r)${{ steps.version.outputs.match }}" >>$GITHUB_OUTPUT
       - id: message
         name: Get release message
+        run: 'echo "result=release: ${{ steps.tag.outputs.result }}" >>$GITHUB_OUTPUT'
+      - id: branch
+        name: Get release branch name
+        run: echo "result=release/${{ steps.version.outputs.match }}" >>$GITHUB_OUTPUT
+  branch:
+    needs: preflight
+    runs-on: ubuntu-latest
+    steps:
+      - id: bot-token
+        name: Get bot token
+        uses: actions/create-github-app-token@v1.5.1
+        with:
+          app-id: ${{ secrets.BOT_APP_ID }}
+          private-key: ${{ secrets.BOT_PRIVATE_KEY }}
+      - id: checkout
+        name: Checkout ${{ github.ref_name }}
+        uses: actions/checkout@v4.1.1
+        with:
+          ref: ${{ github.ref }}
+          token: ${{ steps.bot-token.outputs.token }}
+      - id: branch
+        name: Create and push branch ${{ needs.preflight.outputs.branch }}
         run: |
-          echo "result=release: ${{ steps.tag.outputs.result }}" >>$GITHUB_OUTPUT
+          git branch ${{ needs.preflight.outputs.branch }}
+          git push origin --no-verify ${{ needs.preflight.outputs.branch }}
   prepare:
-    needs: preflight
+    needs:
+      - branch
+      - preflight
     permissions:
       packages: read
     runs-on: ubuntu-latest
@@ -83,18 +131,18 @@ jobs:
           app-id: ${{ secrets.BOT_APP_ID }}
           private-key: ${{ secrets.BOT_PRIVATE_KEY }}
       - id: checkout
-        name: Checkout ${{ github.ref_name }}
+        name: Checkout ${{ needs.preflight.outputs.branch }}
         uses: actions/checkout@v4.1.1
         with:
           fetch-depth: 0
           persist-credentials: false
-          ref: ${{ github.ref }}
+          ref: ${{ needs.preflight.outputs.branch }}
           token: ${{ steps.bot-token.outputs.token }}
       - id: yarn
         name: Install dependencies
         env:
           HUSKY: 0
-        run: yarn --immutable
+        run: yarn
       - id: build
         name: Build project
         env:
@@ -111,20 +159,20 @@ jobs:
           echo "$(node ./dist/cli.mjs changelog)" >>$GITHUB_STEP_SUMMARY
           node ./dist/cli.mjs changelog -sw
       - id: commit
-        name: Commit release preparation
-        uses: tohgarashi/verified-commit@v2.1.0
-        env:
-          GH_TOKEN: ${{ steps.bot-token.outputs.token }}
+        name: Commit and push release preparation
+        uses: flex-development/gh-commit@1.0.0
         with:
-          commit-message: |
-            ${{ needs.preflight.outputs.message }}
-
-            Signed-off-by: ${{ vars.BOT_NAME }} <${{ vars.BOT_EMAIL }}>
-
-          detect-changed: true
-          ref: ${{ github.ref }}
+          message: ${{ needs.preflight.outputs.message }}
+          ref: ${{ needs.preflight.outputs.branch }}
+          token: ${{ steps.bot-token.outputs.token }}
+          trailers: 'Signed-off-by: ${{ vars.BOT_NAME }} <${{ vars.BOT_EMAIL }}>'
+      - id: commit-url
+        name: Print commit url
+        run: |
+          echo ${{ format('{0}/{1}/commit/{2}', github.server_url, github.repository, steps.commit.outputs.sha) }}
   pr:
     needs:
+      - branch
       - preflight
       - prepare
     runs-on: ubuntu-latest
@@ -135,21 +183,17 @@ jobs:
         with:
           app-id: ${{ secrets.BOT_APP_ID }}
           private-key: ${{ secrets.BOT_PRIVATE_KEY }}
-      - id: github-token
-        name: Set env.GITHUB_TOKEN
-        run: echo "GITHUB_TOKEN=${{ steps.bot-token.outputs.token }}" >>$GITHUB_ENV
-      - id: gh-auth
-        name: Check gh authentication state
-        run: gh auth status
       - id: checkout
-        name: Checkout ${{ github.ref_name }}
+        name: Checkout ${{ needs.preflight.outputs.branch }}
         uses: actions/checkout@v4.1.1
         with:
           persist-credentials: false
-          ref: ${{ github.ref }}
+          ref: ${{ needs.preflight.outputs.branch }}
           token: ${{ steps.bot-token.outputs.token }}
       - id: pr
         name: Create pull request
+        env:
+          GITHUB_TOKEN: ${{ steps.bot-token.outputs.token }}
         run: |
           gh pr create --title='${{ needs.preflight.outputs.message }}' --label=scope:release --assignee=${{ github.actor }} --reviewer=${{ github.actor }} --body='## Description
 

.github/workflows/release.yml

@@ -80,9 +80,8 @@ jobs:
     runs-on: ubuntu-latest
     environment:
       name: release
-      url:
-        ${{ format('{0}/{1}/releases/tag/{2}', github.server_url, github.repository,
-        needs.preflight.outputs.tag) }}
+      url: |
+        ${{ format('{0}/{1}/releases/tag/{2}', github.server_url, github.repository, needs.preflight.outputs.tag) }}
     env:
       GITHUB_TOKEN: ${{ secrets.GH_REPO_TOKEN }}
       HUSKY: 0

CONTRIBUTING.md

@@ -348,7 +348,7 @@ e.g:
 
 1. Get a version bump recommendation
    - `yarn bump:recommend`
-2. Create release branch
+2. Create release chore commit
    - `yarn release <new-version>`
    - `yarn release major`
    - `yarn release minor`
@@ -357,8 +357,10 @@ e.g:
    - `yarn release preminor --preid <dist-tag>`
    - `yarn release prepatch --preid <dist-tag>`
    - `yarn release prerelease --preid <dist-tag>`
-3. Monitor workflows
-   1. [`release-branch`](.github/workflows/release-branch.yml)
+3. Push release chore commit
+4. Monitor workflows
+   1. [`release-chore`](.github/workflows/release-chore.yml)
+      - create release branch
       - bump manifest version
       - add changelog entry for new release
       - create release pr

scripts/release.sh

@@ -11,14 +11,14 @@ set -e
 # 5. analyze types
 # 6. print package size report
 # 7. get release version data
-# 8. get release branch name
-# 9. create release branch
-# 10. push release branch
-# 11. cleanup
+# 8. create release chore commit
+# 9. cleanup
 #
 # References:
 #
+# - https://git-scm.com/docs/git-commit
 # - https://github.com/arethetypeswrong/arethetypeswrong.github.io
+# - https://jqlang.github.io
 
 yarn typecheck
 yarn test:cov
@@ -27,7 +27,5 @@ yarn check:types:build
 attw package.tgz
 yarn pkg-size
 RELEASE_VERSION=$(node ./dist/cli.mjs bump -j $@)
-RELEASE_BRANCH=release/$(jq .version -r <<<$RELEASE_VERSION)
-git branch $RELEASE_BRANCH
-git push origin --no-verify --set-upstream $RELEASE_BRANCH
+git commit --allow-empty -S -s -m "release(chore): $(jq .version -r <<<$RELEASE_VERSION)"
 yarn clean:pack