action.yml

name: "Release Action"
description: "Automated release workflow with changeset, version bumping, npm/GitHub Packages publishing, and GitHub Release creation"
author: "ProverCoderAI"

inputs:
  ref:
    description: "Git ref/sha to checkout"
    required: true
  branch:
    description: "Branch to push back version bump commit"
    required: false
    default: "main"
  package_json_path:
    description: "Path to package.json of the published package"
    required: false
    default: "packages/app/package.json"
  pnpm_filter:
    description: "pnpm --filter target (workspace package selector)"
    required: false
    default: "./packages/app"
  bump_type:
    description: "changeset bump type: patch/minor/major"
    required: false
    default: "patch"
  tag_prefix:
    description: "Tag prefix"
    required: false
    default: "v"
  node_version:
    description: "Node.js version to use"
    required: false
    default: "24"
  copy_readme:
    description: "Whether to copy README to package directory"
    required: false
    default: "true"
  readme_source:
    description: "Source path for README"
    required: false
    default: "README.md"
  readme_dest:
    description: "Destination path for README"
    required: false
    default: "packages/app/README.md"
  publish_npm:
    description: "Whether to publish to npm registry"
    required: false
    default: "true"
  publish_github_packages:
    description: "Whether to publish to GitHub Packages"
    required: false
    default: "true"
  skip_if_unchanged:
    description: "Skip version bump and publish if package.json and dist match the latest npm package"
    required: false
    default: "false"
  neutral_on_no_changes:
    description: "Do not fail the workflow when no changes are detected"
    required: false
    default: "false"
  cancel_on_no_changes:
    description: "Cancel the workflow run when no changes are detected (requires actions: write)"
    required: false
    default: "false"
  npm_token:
    description: "NPM authentication token (required if publish_npm is true)"
    required: false
  github_token:
    description: "GitHub token for creating releases and publishing packages"
    required: true

outputs:
  version:
    description: "The version that was released"
    value: ${{ steps.release_version.outputs.version }}
  tag:
    description: "The git tag that was created"
    value: ${{ steps.release_version.outputs.tag }}

runs:
  using: "composite"
  steps:
    - name: Checkout
      uses: actions/checkout@v6
      with:
        fetch-depth: 0
        ref: ${{ inputs.ref }}
        token: ${{ inputs.github_token }}

    - name: Setup pnpm
      uses: pnpm/action-setup@v4

    - name: Setup Node
      uses: actions/setup-node@v6
      with:
        node-version: ${{ inputs.node_version }}
        cache: pnpm

    - name: Install dependencies
      shell: bash
      run: |
        set -euo pipefail
        pnpm install --frozen-lockfile

    - name: Build dist for comparison
      if: inputs.skip_if_unchanged == 'true'
      shell: bash
      run: |
        set -euo pipefail
        pnpm --filter "${{ inputs.pnpm_filter }}" build

    - name: Compare with npm package
      id: compare_npm
      if: inputs.skip_if_unchanged == 'true'
      shell: bash
      run: |
        set -euo pipefail
        PKG_PATH="${{ inputs.package_json_path }}"
        PKG_DIR="$(dirname "$PKG_PATH")"
        PKG_NAME="$(node -p "require('./${PKG_PATH}').name")"

        if [ -n "${{ inputs.npm_token }}" ]; then
          printf '%s\n' "//registry.npmjs.org/:_authToken=${{ inputs.npm_token }}" > "$HOME/.npmrc"
        fi

        if ! LATEST_VERSION="$(npm view "${PKG_NAME}" version 2>/dev/null)"; then
          echo "Package ${PKG_NAME} not found on npm; proceeding with release."
          echo "should_release=true" >> "$GITHUB_OUTPUT"
          exit 0
        fi

        TMP_DIR="$(mktemp -d)"
        LOCAL_PACK_DIR="${TMP_DIR}/local-pack"
        REMOTE_PACK_DIR="${TMP_DIR}/remote-pack"
        BACKUP_PKG=""
        README_SOURCE=""
        README_DEST=""
        README_BACKUP=""
        README_CREATED="false"
        cleanup_compare() {
          if [ -f "$BACKUP_PKG" ]; then
            cp "$BACKUP_PKG" "$PKG_PATH" || true
            rm -f "$BACKUP_PKG" || true
          fi
          if [ -n "$README_DEST" ]; then
            if [ -n "$README_BACKUP" ] && [ -f "$README_BACKUP" ]; then
              cp "$README_BACKUP" "$README_DEST" || true
              rm -f "$README_BACKUP" || true
            elif [ "$README_CREATED" = "true" ] && [ -f "$README_DEST" ]; then
              rm -f "$README_DEST" || true
            fi
          fi
          rm -rf "$TMP_DIR"
        }
        trap cleanup_compare EXIT
        mkdir -p "$LOCAL_PACK_DIR" "$REMOTE_PACK_DIR"

        REMOTE_TARBALL="$(npm pack "${PKG_NAME}@${LATEST_VERSION}" --silent --pack-destination "$REMOTE_PACK_DIR" 2>/dev/null | tail -n 1)"
        REMOTE_TAR_PATH="$REMOTE_PACK_DIR/$REMOTE_TARBALL"
        if [ ! -f "$REMOTE_TAR_PATH" ]; then
          echo "Unable to download ${PKG_NAME}@${LATEST_VERSION}; proceeding with release."
          echo "should_release=true" >> "$GITHUB_OUTPUT"
          exit 0
        fi

        BACKUP_PKG="${PKG_DIR}/.package.json.release.bak"
        README_SOURCE=""
        README_DEST=""

        if [ "${{ inputs.copy_readme }}" = "true" ]; then
          README_SOURCE="${{ inputs.readme_source }}"
          README_DEST="${{ inputs.readme_dest }}"
          if [ -z "$README_SOURCE" ] || [ -z "$README_DEST" ]; then
            echo "readme_source/readme_dest are required when copy_readme is true"
            exit 1
          fi
          if [ ! -f "$README_SOURCE" ]; then
            echo "README source not found: $README_SOURCE"
            exit 1
          fi
          if [ -f "$README_DEST" ]; then
            README_BACKUP="${TMP_DIR}/README.backup"
            cp "$README_DEST" "$README_BACKUP"
          else
            README_CREATED="true"
          fi
          mkdir -p "$(dirname "$README_DEST")"
          cp "$README_SOURCE" "$README_DEST"
        fi

        cp "$PKG_PATH" "$BACKUP_PKG"

        echo "dist-deps-prune version: $(pnpm dlx @prover-coder-ai/dist-deps-prune --version 2>/dev/null || true)"
        pnpm dlx @prover-coder-ai/dist-deps-prune apply \
          --package "${PKG_PATH}" \
          --prune-dev true \
          --write \
          --silent

        LOCAL_PACK_OUT="$(cd "$PKG_DIR" && pnpm pack --pack-destination "$LOCAL_PACK_DIR" 2>/dev/null || true)"
        LOCAL_TARBALL="$(printf '%s' "$LOCAL_PACK_OUT" | tail -n 1)"
        LOCAL_TAR_PATH="$LOCAL_TARBALL"
        if [ ! -f "$LOCAL_TAR_PATH" ]; then
          LOCAL_TAR_PATH="$LOCAL_PACK_DIR/$LOCAL_TARBALL"
        fi
        if [ ! -f "$LOCAL_TAR_PATH" ]; then
          cp "$BACKUP_PKG" "$PKG_PATH"
          rm -f "$BACKUP_PKG"
          echo "Unable to pack local ${PKG_NAME}; proceeding with release."
          echo "should_release=true" >> "$GITHUB_OUTPUT"
          exit 0
        fi

        cp "$BACKUP_PKG" "$PKG_PATH"
        rm -f "$BACKUP_PKG"
        if [ -n "$README_DEST" ]; then
          if [ -n "$README_BACKUP" ] && [ -f "$README_BACKUP" ]; then
            cp "$README_BACKUP" "$README_DEST"
            rm -f "$README_BACKUP"
          elif [ "$README_CREATED" = "true" ] && [ -f "$README_DEST" ]; then
            rm -f "$README_DEST"
          fi
        fi

        LOCAL_DIR="${TMP_DIR}/local"
        REMOTE_DIR="${TMP_DIR}/remote"
        mkdir -p "$LOCAL_DIR" "$REMOTE_DIR"

        tar -xzf "$LOCAL_TAR_PATH" -C "$LOCAL_DIR"
        tar -xzf "$REMOTE_TAR_PATH" -C "$REMOTE_DIR"

        LOCAL_PKG="${LOCAL_DIR}/package/package.json"
        REMOTE_PKG="${REMOTE_DIR}/package/package.json"

        if [ ! -f "$LOCAL_PKG" ] || [ ! -f "$REMOTE_PKG" ]; then
          echo "package.json missing in tarball; proceeding with release."
          echo "should_release=true" >> "$GITHUB_OUTPUT"
          exit 0
        fi

        node -e "const fs=require('fs');const p=process.argv[1];const sort=(v)=>Array.isArray(v)?v.map(sort):v&&typeof v==='object'?Object.keys(v).sort().reduce((acc,k)=>{acc[k]=sort(v[k]);return acc;},{}):v;const pkg=JSON.parse(fs.readFileSync(p,'utf8'));delete pkg.gitHead;pkg.version='0.0.0';const norm=sort(pkg);fs.writeFileSync(p, JSON.stringify(norm, null, 2)+'\n');" "$LOCAL_PKG"
        node -e "const fs=require('fs');const p=process.argv[1];const sort=(v)=>Array.isArray(v)?v.map(sort):v&&typeof v==='object'?Object.keys(v).sort().reduce((acc,k)=>{acc[k]=sort(v[k]);return acc;},{}):v;const pkg=JSON.parse(fs.readFileSync(p,'utf8'));delete pkg.gitHead;pkg.version='0.0.0';const norm=sort(pkg);fs.writeFileSync(p, JSON.stringify(norm, null, 2)+'\n');" "$REMOTE_PKG"

        if diff -qr "$LOCAL_DIR/package" "$REMOTE_DIR/package" >/dev/null 2>&1; then
          echo "::notice::No changes compared to ${PKG_NAME}@${LATEST_VERSION}. Skipping release."
          echo "should_release=false" >> "$GITHUB_OUTPUT"
        else
          echo "Package differs from ${PKG_NAME}@${LATEST_VERSION}; proceeding with release."
          echo "should_release=true" >> "$GITHUB_OUTPUT"
        fi

    - name: Clean comparison build artifacts
      if: inputs.skip_if_unchanged == 'true'
      shell: bash
      run: |
        set -euo pipefail
        if git status --porcelain | grep -q .; then
          git stash push -u -m "precompare-build"
          git stash drop >/dev/null 2>&1 || true
        fi

    - name: Handle no changes conclusion
      if: steps.compare_npm.outputs.should_release == 'false'
      shell: bash
      run: |
        set -euo pipefail

        if [ "${{ inputs.cancel_on_no_changes }}" = "true" ]; then
          echo "::notice::No changes detected; canceling workflow run."
          curl -sS -X POST \
            -H "Authorization: Bearer ${{ inputs.github_token }}" \
            -H "Accept: application/vnd.github+json" \
            "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/cancel" >/dev/null
          exit 0
        fi

        if [ "${{ inputs.neutral_on_no_changes }}" = "true" ]; then
          echo "::notice::No changes detected; stopping early."
          exit 0
        fi

    - name: Auto changeset (patch if no changeset exists)
      id: auto_changeset
      if: steps.compare_npm.outputs.should_release != 'false' && github.actor != 'github-actions[bot]'
      shell: bash
      run: |
        set -euo pipefail

        mkdir -p .changeset

        if ls .changeset/*.md >/dev/null 2>&1; then
          echo "has_changeset=true" >> "$GITHUB_OUTPUT"
          exit 0
        fi

        PKG_NAME="$(node -p "require('./${{ inputs.package_json_path }}').name")"
        CHANGESET_FILE=".changeset/auto-${{ github.sha }}.md"

        printf '%s\n' \
          '---' \
          "\"${PKG_NAME}\": ${{ inputs.bump_type }}" \
          '---' \
          '' \
          'chore: automated version bump' \
          > "$CHANGESET_FILE"

        echo "has_changeset=true" >> "$GITHUB_OUTPUT"

    - name: Version packages
      if: steps.compare_npm.outputs.should_release != 'false' && steps.auto_changeset.outputs.has_changeset == 'true' && github.actor != 'github-actions[bot]'
      shell: bash
      run: |
        set -euo pipefail
        pnpm changeset version

    - name: Read version
      id: release_version
      if: steps.compare_npm.outputs.should_release != 'false' && steps.auto_changeset.outputs.has_changeset == 'true' && github.actor != 'github-actions[bot]'
      shell: bash
      run: |
        set -euo pipefail
        VERSION="$(node -p "require('./${{ inputs.package_json_path }}').version")"
        echo "version=$VERSION" >> "$GITHUB_OUTPUT"
        echo "tag=${{ inputs.tag_prefix }}${VERSION}" >> "$GITHUB_OUTPUT"

    - name: Commit version changes
      if: steps.compare_npm.outputs.should_release != 'false' && steps.auto_changeset.outputs.has_changeset == 'true' && github.actor != 'github-actions[bot]'
      shell: bash
      run: |
        set -euo pipefail
        if git diff --quiet; then
          exit 0
        fi

        git config user.name "github-actions[bot]"
        git config user.email "41898282+github-actions[bot]@users.noreply.github.com"

        git add -A
        git commit -m "chore(release): version packages"
        BRANCH="${{ inputs.branch }}"
        git fetch origin "${BRANCH}"
        git rebase "origin/${BRANCH}"
        if ! git push origin "HEAD:${BRANCH}"; then
          git fetch origin "${BRANCH}"
          git rebase "origin/${BRANCH}"
          git push origin "HEAD:${BRANCH}"
        fi

    - name: Tag release
      if: steps.compare_npm.outputs.should_release != 'false' && steps.auto_changeset.outputs.has_changeset == 'true' && github.actor != 'github-actions[bot]'
      shell: bash
      run: |
        set -euo pipefail
        VERSION="${{ steps.release_version.outputs.version }}"
        TAG="${{ inputs.tag_prefix }}${VERSION}"

        if git rev-parse "$TAG" >/dev/null 2>&1; then
          echo "Tag $TAG already exists"
          exit 0
        fi

        git tag -a "$TAG" -m "$TAG"
        git push origin "$TAG"

    - name: Prepare package README
      if: steps.compare_npm.outputs.should_release != 'false' && inputs.copy_readme == 'true'
      shell: bash
      run: |
        set -euo pipefail
        mkdir -p "$(dirname "${{ inputs.readme_dest }}")"
        cp "${{ inputs.readme_source }}" "${{ inputs.readme_dest }}"

    - name: Build dist
      if: steps.compare_npm.outputs.should_release != 'false' && (inputs.publish_npm == 'true' || inputs.publish_github_packages == 'true')
      shell: bash
      run: |
        set -euo pipefail
        pnpm --filter "${{ inputs.pnpm_filter }}" build

    - name: Configure npm auth
      if: steps.compare_npm.outputs.should_release != 'false' && inputs.publish_npm == 'true' && github.actor != 'github-actions[bot]'
      shell: bash
      run: |
        set -euo pipefail
        if [ -z "${{ inputs.npm_token }}" ]; then
          echo "NPM_TOKEN is not set"
          exit 1
        fi
        printf '%s\n' "//registry.npmjs.org/:_authToken=${{ inputs.npm_token }}" > "$HOME/.npmrc"

    - name: Publish to npm
      if: steps.compare_npm.outputs.should_release != 'false' && inputs.publish_npm == 'true'
      shell: bash
      run: |
        set -euo pipefail
        PKG_PATH="${{ inputs.package_json_path }}"
        PKG_DIR="$(dirname "$PKG_PATH")"
        PKG_NAME="$(node -p "require('./${PKG_PATH}').name")"
        VERSION="$(node -p "require('./${PKG_PATH}').version")"

        if npm view "${PKG_NAME}@${VERSION}" version >/dev/null 2>&1; then
          echo "Version ${VERSION} already published; skipping npm publish."
          exit 0
        fi

        echo "dist-deps-prune version: $(pnpm dlx @prover-coder-ai/dist-deps-prune --version 2>/dev/null || true)"
        pnpm dlx @prover-coder-ai/dist-deps-prune release \
          --package "${PKG_PATH}" \
          --command "pnpm changeset publish" \
          --silent

    - name: Publish to GitHub Packages
      if: steps.compare_npm.outputs.should_release != 'false' && inputs.publish_github_packages == 'true' && steps.auto_changeset.outputs.has_changeset == 'true' && github.actor != 'github-actions[bot]'
      shell: bash
      run: |
        set -euo pipefail
        OWNER="${{ github.repository_owner }}"
        OWNER_LOWER="$(printf '%s' "$OWNER" | tr '[:upper:]' '[:lower:]')"

        PKG_NAME="$(node -p "require('./${{ inputs.package_json_path }}').name")"
        PKG_SUFFIX="${PKG_NAME#*/}"
        if [ "$PKG_SUFFIX" = "$PKG_NAME" ]; then
          GH_PKG="@${OWNER_LOWER}/${PKG_NAME}"
        else
          GH_PKG="@${OWNER_LOWER}/${PKG_SUFFIX}"
        fi

        printf '%s\n' "@${OWNER_LOWER}:registry=https://npm.pkg.github.com" >> "$HOME/.npmrc"
        printf '%s\n' "//npm.pkg.github.com/:_authToken=${{ inputs.github_token }}" >> "$HOME/.npmrc"

        node -e "const fs=require('fs');const p='${{ inputs.package_json_path }}';const pkg=require('./'+p);pkg.name='${GH_PKG}';fs.writeFileSync(p, JSON.stringify(pkg, null, 2)+'\n');"
        pnpm --filter "${{ inputs.pnpm_filter }}" publish --registry https://npm.pkg.github.com --no-git-checks

    - name: Create GitHub Release
      if: steps.compare_npm.outputs.should_release != 'false' && steps.auto_changeset.outputs.has_changeset == 'true' && github.actor != 'github-actions[bot]'
      uses: softprops/action-gh-release@v2
      with:
        tag_name: ${{ inputs.tag_prefix }}${{ steps.release_version.outputs.version }}
        generate_release_notes: true
        token: ${{ inputs.github_token }}

    - name: Print npm package link
      if: inputs.publish_npm == 'true' || inputs.skip_if_unchanged == 'true'
      shell: bash
      run: |
        set -euo pipefail
        PKG_PATH="${{ inputs.package_json_path }}"
        PKG_NAME="$(node -p "require('./${PKG_PATH}').name")"

        if [ -n "${{ inputs.npm_token }}" ]; then
          printf '%s\n' "//registry.npmjs.org/:_authToken=${{ inputs.npm_token }}" > "$HOME/.npmrc"
        fi

        if LATEST_VERSION="$(npm view "${PKG_NAME}" version 2>/dev/null)"; then
          echo "::notice::npm package: https://www.npmjs.com/package/${PKG_NAME}/v/${LATEST_VERSION}"
        else
          echo "::notice::npm package: https://www.npmjs.com/package/${PKG_NAME}"
        fi

branding:
  icon: "package"
  color: "blue"