feat: extract version bumping into reusable bump-npm-version workflow (#59)

kevwilliams · web-flow · commit 82f8b3714ac3 · 2026-04-02T08:42:46.000-07:00
## Summary - Removes version bumping, git tagging, and PR label detection from \`publish-npm-package\`'s \`publish-release\` job — it now only builds and publishes whatever version is already in \`package.json\` - Removes GitHub Release creation from \`publish-npm-package\` — callers are responsible for this - Adds a new \`bump-npm-version.yaml\` reusable workflow that owns the full version bump lifecycle: 1. **resolve-version** — computes the new version string from \`package.json\` + \`bump-type\` using inline Node.js (no git ops); outputs \`new-version\` (e.g. \`v1.3.0\`) 2. **bump** — runs \`npm version\`, creates the commit and tag 3. **push** — \`git push origin main --follow-tags\` ## Motivation The previous \`publish-release\` job did too much: it detected bump type from PR labels, bumped the version, pushed the tag, built, and published — all in one job. This made it hard to reuse across repos and coupled version calculation to the publish step. The new design separates concerns: - **bump-npm-version** owns the git side (version resolution → commit → tag → push) - **publish-npm-package** owns the npm side (build → publish) Callers compose them as sequential jobs, passing \`new-version\` between them. The resolved version is available as an output before any git operations run. ## Dependency \`datum-cloud/activity\` PR #160 references \`v1.13.0\` of both \`bump-npm-version.yaml\` and \`publish-npm-package.yaml\` — this PR should be merged and tagged \`v1.13.0\` first. ## Test plan - [ ] Merge this PR and cut tag \`v1.13.0\` - [ ] Merge datum-cloud/activity#160 which references \`v1.13.0\` - [ ] Trigger \`workflow_dispatch\` on activity with \`bump-type=minor\` → confirm minor bump commit, tag, npm publish, and GitHub Release all created correctly - [ ] Push to activity main without dispatch → confirm only dev build published, no release created
diff --git a/.github/workflows/bump-npm-version.yaml b/.github/workflows/bump-npm-version.yaml
@@ -0,0 +1,94 @@
+name: Bump npm Version
+
+on:
+  workflow_call:
+    inputs:
+      package-name:
+        required: true
+        type: string
+        description: "The npm package name (e.g. `@datum-cloud/datum-ui`)"
+      package-path:
+        required: true
+        type: string
+        description: "Path to the package directory relative to the repo root (e.g. `packages/datum-ui`)"
+      bump-type:
+        required: true
+        type: string
+        description: "Version bump type: `major`, `minor`, or `patch`"
+      node-version:
+        required: false
+        type: number
+        description: "Node.js version to use"
+        default: 24
+      lockfile-path:
+        required: false
+        type: string
+        description: >
+          Path to pnpm-lock.yaml relative to the repo root.
+          Defaults to "<package-path>/pnpm-lock.yaml".
+          Set to "pnpm-lock.yaml" for monorepos with a root lockfile.
+        default: ""
+    outputs:
+      new-version:
+        description: "The new version after bumping (e.g. `v1.3.0`)"
+        value: ${{ jobs.bump.outputs.new-version }}
+
+jobs:
+  bump:
+    name: Bump version
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    outputs:
+      new-version: ${{ steps.resolve-version.outputs.new-version }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: main
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          package_json_file: ${{ inputs.package-path }}/package.json
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ inputs.node-version }}
+          cache: pnpm
+          cache-dependency-path: ${{ inputs.lockfile-path || format('{0}/pnpm-lock.yaml', inputs.package-path) }}
+
+      - name: Resolve new version
+        id: resolve-version
+        working-directory: ${{ inputs.package-path }}
+        env:
+          BUMP_TYPE: ${{ inputs.bump-type }}
+        run: |
+          if [[ "$BUMP_TYPE" != "major" && "$BUMP_TYPE" != "minor" && "$BUMP_TYPE" != "patch" ]]; then
+            echo "::error::Invalid bump-type '$BUMP_TYPE'. Must be one of: major, minor, patch"
+            exit 1
+          fi
+          NEW_VERSION=$(node -e "
+          const v = require('./package.json').version.split('.').map(Number);
+          const t = process.env.BUMP_TYPE;
+          if (t==='major'){v[0]++;v[1]=0;v[2]=0;}
+          else if(t==='minor'){v[1]++;v[2]=0;}
+          else{v[2]++;}
+          console.log(v.join('.'));
+          ")
+          echo "new-version=v${NEW_VERSION}" >> "$GITHUB_OUTPUT"
+
+      - name: Bump version
+        working-directory: ${{ inputs.package-path }}
+        env:
+          BUMP_TYPE: ${{ inputs.bump-type }}
+          PACKAGE_NAME: ${{ inputs.package-name }}
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          npm version "$BUMP_TYPE" --message "chore: release ${PACKAGE_NAME} v%s [skip ci]"
+
+      - name: Push
+        run: git push origin main --follow-tags
diff --git a/.github/workflows/publish-npm-package.yaml b/.github/workflows/publish-npm-package.yaml
@@ -37,20 +37,21 @@ on:
         type: string
         description: >
           Publishing mode: "dev" publishes a pre-release version (x.y.z-dev.{sha})
-          to the dev dist-tag, "release" publishes a stable version to the latest
-          dist-tag with an auto-bumped version. Defaults to "dev".
+          to the dev dist-tag. "release" publishes the version already present in
+          package.json to the latest dist-tag. Version bumping, tagging, and git
+          operations are the caller's responsibility. Defaults to "dev".
         default: dev
     outputs:
       new-version:
-        description: "The new version that was published (e.g. `v1.2.3` or `0.1.2-dev.abc1234`)"
+        description: "The version that was published (e.g. `v1.2.3` or `0.1.2-dev.abc1234`)"
         value: ${{ jobs.publish-release.outputs.new-version || jobs.publish-dev.outputs.new-version }}
 
 jobs:
   changes:
     name: Detect changes
     runs-on: ubuntu-latest
-    # Skip the bot commit that this workflow itself creates when bumping the
-    # version. The committer name for GITHUB_TOKEN pushes is "github-actions[bot]".
+    # Skip the bot commit that callers create when bumping the version.
+    # The committer name for GITHUB_TOKEN pushes is "github-actions[bot]".
     if: github.actor != 'github-actions[bot]'
     outputs:
       # For release mode, always publish (skip path filtering). Releases are
@@ -135,17 +136,18 @@ jobs:
             echo "Pin: \`npm install ${{ inputs.package-name }}@${{ steps.version.outputs.new-version }}\`"
           } >> "$GITHUB_STEP_SUMMARY"
 
-  # ── Release publish ─────────────────────────────────────────────────────
-  # Publishes a stable version to the "latest" npm dist-tag. Bumps the
-  # version in package.json, creates a git tag, and pushes back to main.
-  # Triggered when the caller sets release-mode to "release".
+  # ── Release publish ──────────────────────────────────────────────────────
+  # Publishes the version already present in package.json to the "latest"
+  # npm dist-tag. The caller is responsible for bumping the version, creating
+  # the git tag, and pushing before invoking this workflow. This job only
+  # builds and publishes — it performs no git operations.
   publish-release:
     name: Publish release
     needs: changes
     if: needs.changes.outputs.package == 'true' && inputs.release-mode == 'release'
     runs-on: ubuntu-latest
     permissions:
-      contents: write  # needed to push the version bump commit and tag
+      contents: read
       id-token: write  # needed for npm trusted publishing (OIDC)
     outputs:
       new-version: ${{ steps.version.outputs.new-version }}
@@ -173,43 +175,12 @@ jobs:
         working-directory: ${{ inputs.install-path || inputs.package-path }}
         run: pnpm install --frozen-lockfile
 
-      - name: Determine version bump type from PR labels
-        id: bump-type
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          # Find the PR that was merged into this commit and read its labels.
-          # Falls back to "patch" if no relevant label is found.
-          PR_LABELS=$(gh pr list \
-            --state merged \
-            --base main \
-            --search "${{ github.sha }}" \
-            --json labels \
-            --jq '.[0].labels[].name' 2>/dev/null || true)
-
-          if echo "$PR_LABELS" | grep -q "release:major"; then
-            echo "type=major" >> "$GITHUB_OUTPUT"
-          elif echo "$PR_LABELS" | grep -q "release:minor"; then
-            echo "type=minor" >> "$GITHUB_OUTPUT"
-          else
-            echo "type=patch" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Configure git for version bump commit
-        run: |
-          git config user.name  "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
-
-      - name: Bump version and create git tag
+      - name: Read version from package.json
         id: version
         working-directory: ${{ inputs.package-path }}
         run: |
-          NEW_VERSION=$(npm version ${{ steps.bump-type.outputs.type }} \
-            --message "chore: release ${{ inputs.package-name }} v%s [skip ci]")
-          echo "new-version=${NEW_VERSION}" >> "$GITHUB_OUTPUT"
-
-      - name: Push version bump commit and tag
-        run: git push origin main --follow-tags
+          VERSION=$(node -p "require('./package.json').version")
+          echo "new-version=v${VERSION}" >> "$GITHUB_OUTPUT"
 
       - name: Build package
         working-directory: ${{ inputs.package-path }}
