Skip to content

Port release-publisher workflow from click-ui repository#631

Open
Claude wants to merge 2 commits intomainfrom
claude/port-release-publisher-workflow
Open

Port release-publisher workflow from click-ui repository#631
Claude wants to merge 2 commits intomainfrom
claude/port-release-publisher-workflow

Conversation

@Claude
Copy link
Copy Markdown
Contributor

@Claude Claude AI commented Mar 23, 2026

Summary

Ports the automated release publisher workflow from click-ui to automate npm publishing for the clickhouse-js packages.

Changes

Added .scripts/bash/verify-release-commit

  • Bash script that validates release commit message format: "Release vX.Y.Z" or "chore: Release vX.Y.Z"
  • Detects release type (latest, rc, beta, test, alpha) from version suffix
  • Returns version and release type for workflow consumption

Added .github/workflows/release-publisher.yml

  • Triggers on PR merge to any branch
  • Validates commit message to detect release PRs
  • Creates and pushes git tags automatically
  • Builds all packages via npm run build
  • Publishes 3 workspace packages to npm: @clickhouse/client-common, @clickhouse/client, @clickhouse/client-web
  • Uses npm provenance (--provenance) for supply chain security
  • Creates GitHub releases with extracted changelog
  • Manages maintenance branches (chore/vX.Y.Z)
  • Includes safeguards to prevent accidental releases from main when maintenance branch exists

Key Adaptations

  • Workspace publishing: npm --workspaces publish instead of single package
  • Node 20.x (matching repository requirements)
  • npm tooling (repository standard)
  • Changelog regex adjusted for # X.Y.Z format
  • Slack notifications removed (not configured in this repo)

Checklist

  • Unit and integration tests covering the common scenarios were added
  • A human-readable description of the changes was provided to include in CHANGELOG
  • For significant changes, documentation in https://github.com/ClickHouse/clickhouse-docs was updated with further explanations or tutorials

@Claude Claude AI requested review from Copilot and removed request for Copilot March 23, 2026 07:27
@CLAassistant
Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

Co-authored-by: peter-leonov-ch <209667683+peter-leonov-ch@users.noreply.github.com>
Agent-Logs-Url: https://github.com/ClickHouse/clickhouse-js/sessions/d376b777-65af-4504-9875-a092f8df210d
@Claude Claude AI requested review from Copilot and removed request for Copilot March 23, 2026 07:33
@Claude Claude AI changed the title [WIP] Port release publisher workflow from click-ui Port release-publisher workflow from click-ui repository Mar 23, 2026
@Claude Claude AI requested a review from peter-leonov-ch March 23, 2026 07:34
@peter-leonov-ch peter-leonov-ch marked this pull request as ready for review March 23, 2026 07:42
Copilot AI review requested due to automatic review settings March 23, 2026 07:42
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Ports an automated GitHub Actions release workflow into this repository to publish the ClickHouse JS workspace packages to npm when a release PR is merged, including tagging and GitHub Release creation.

Changes:

  • Added a bash helper script to detect/validate release commit messages and derive npm dist-tag type.
  • Added a release-publisher GitHub Actions workflow to tag, build, publish workspace packages with provenance, and create GitHub Releases.
  • Added logic to manage/guard maintenance branches (chore/vX.Y.Z) during releases.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 7 comments.

File Description
.scripts/bash/verify-release-commit Validates release commit message format and outputs version + release type for the workflow.
.github/workflows/release-publisher.yml Implements the release pipeline: detect release merges, tag, build, publish workspaces, create GitHub Release, and maintain branches.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +89 to +93
# Check if tag already exists
if git rev-parse "$TAG" >/dev/null 2>&1; then
echo "⚠️ Tag $TAG already exists. Skipping tag creation."
exit 0
fi
Copy link

Copilot AI Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the tag already exists, this step exits successfully but the job continues to npm publish / create a GitHub release. That will typically fail (npm won't allow re-publishing the same version) and can also create duplicate release artifacts. Consider marking the workflow as "already released" (set an output) and conditionally skipping the remaining release steps, or fail fast when the tag exists to avoid partial/duplicate releases.

Copilot uses AI. Check for mistakes.
Comment on lines +22 to +37
# Pattern matching for release commit messages
if [[ "$COMMIT_MSG" =~ ^(chore:\ )?[Rr]elease\ v([0-9]+\.[0-9]+\.[0-9]+(-[a-z]+\.[0-9]+)?)$ ]]; then
VERSION="${BASH_REMATCH[2]}"

# Determine release type based on version suffix
if [[ "$VERSION" =~ -rc\. ]]; then
RELEASE_TYPE="rc"
elif [[ "$VERSION" =~ -beta\. ]]; then
RELEASE_TYPE="beta"
elif [[ "$VERSION" =~ -test\. ]]; then
RELEASE_TYPE="test"
elif [[ "$VERSION" =~ -alpha\. ]]; then
RELEASE_TYPE="alpha"
else
RELEASE_TYPE="latest"
fi
Copy link

Copilot AI Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The release commit regex currently accepts any prerelease suffix (-[a-z]+.[0-9]+). That means a commit like Release v1.2.3-foo.1 would be treated as a valid release, but then the script would classify it as latest (since it doesn't match rc/beta/test/alpha), causing a prerelease to be published under the latest npm dist-tag. Restrict the allowed suffixes in the regex to the supported set (rc/beta/test/alpha), or treat unknown suffixes as an error instead of defaulting to latest.

Copilot uses AI. Check for mistakes.
- name: Upgrade npm for OIDC support
if: steps.verify-merge.outputs.is_release == 'true'
run: |
npm install -g npm@latest
Copy link

Copilot AI Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Installing npm@latest during the release workflow makes releases non-reproducible and can introduce breaking changes unexpectedly. Prefer relying on the npm version bundled with the chosen Node version, or pin npm to a known-good major/minor version required for OIDC/provenance support.

Suggested change
npm install -g npm@latest
npm install -g npm@10.9

Copilot uses AI. Check for mistakes.
Comment on lines +158 to +166
if [[ -f CHANGELOG.md ]]; then
CHANGELOG=$(awk "/^# $VERSION/,/^# [0-9]/" CHANGELOG.md | sed '1d;$d' | sed '/^$/d')

if [[ -z "$CHANGELOG" ]]; then
CHANGELOG="📝 See [CHANGELOG.md](./CHANGELOG.md) for details."
fi
else
CHANGELOG="No changelog available."
fi
Copy link

Copilot AI Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changelog extraction uses awk "/^# $VERSION/,/^# [0-9]/" ... | sed '1d;$d'. If the requested version is the last entry in CHANGELOG.md (no subsequent # ... header), sed '$d' will drop the last line of the actual changelog section. Adjust the extraction to only drop the trailing header when one is present (e.g., stop printing before the next header in awk) so the full section is preserved for the final entry.

Copilot uses AI. Check for mistakes.
Comment on lines +26 to +30
- name: Verify release PR merge
id: verify-merge
run: |
COMMIT_SHA="${{ github.sha }}"

Copy link

Copilot AI Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow triggers on pull_request: closed but doesn't check whether the PR was actually merged. On an unmerged/closed PR, github.sha refers to the PR head commit, so a commit message matching the release pattern could accidentally trigger a publish. Add a guard like if: github.event.pull_request.merged == true (job-level or before any publishing steps) and use github.event.pull_request.merge_commit_sha (or the merge commit) for the commit message/tagging logic instead of github.sha.

Copilot uses AI. Check for mistakes.
pull-requests: read
steps:
- name: Checkout Repo
uses: actions/checkout@v6
Copy link

Copilot AI Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other workflows in this repo pin GitHub Actions to full commit SHAs (e.g. actions/checkout@... # v6.0.2) for supply-chain hardening, but this workflow uses the mutable @v6 tag. Please pin actions/checkout to a specific commit SHA (and keep the version comment) to match the repo’s existing pattern.

Suggested change
uses: actions/checkout@v6
uses: actions/checkout@3df4d853f9c9b7a1c2e4b5f6a7d8e9f0b1c2d3e # v6.0.2

Copilot uses AI. Check for mistakes.

- name: Setup Node.js
if: steps.verify-merge.outputs.is_release == 'true'
uses: actions/setup-node@v6
Copy link

Copilot AI Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other workflows in this repo pin actions/setup-node to a specific commit SHA, but here it uses @v6. Pin actions/setup-node to a commit SHA (consistent with the rest of .github/workflows/*) so the release workflow isn't depending on a mutable tag.

Suggested change
uses: actions/setup-node@v6
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants