From 3c9e43c6167b2b645ca9cdcf66c33fa6fa885d0f Mon Sep 17 00:00:00 2001 From: pbio <10051819+paulbalaji@users.noreply.github.com> Date: Wed, 26 Nov 2025 14:03:09 +0000 Subject: [PATCH 1/2] feat: add NPM preview release workflow and fix CI permissions (pnpm) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR adds several improvements to the release workflows for the pnpm branch: 1. **NPM Preview Release Workflow** (`.github/workflows/npm-preview-release.yml`) - Manual dispatch workflow to publish NPM packages as preview releases - Supports beta, alpha, rc, and preview dist-tags - Version format: `{baseVersion}-{tag}.{gitSha}` (e.g., `19.10.0-beta.abc1234`) - Creates GitHub pre-release with installation instructions - Can be triggered from any branch - Uses pnpm instead of yarn 2. **Changeset Snapshot Configuration** (`.changeset/config.json`) - Added `snapshot` config for preview release versioning - Uses `{tag}.{commit}` format for prerelease identifiers 3. **CI Permissions Fix** (`.github/workflows/release.yml`) - Uses GitHub App token instead of GITHUB_TOKEN - Fixes issue where CI wouldn't trigger on changesets PRs - Added `title` override to pass PR title lint ("chore: release npm packages") 4. **CI Permissions Fix** (`.github/workflows/rust-release.yml`) - Uses GitHub App token instead of GITHUB_TOKEN - Fixes issue where CI wouldn't trigger on release PRs **Setup Required:** Create a GitHub App with the following: - Permissions: Contents (read/write), Pull requests (read/write) - Install the app on this repository - Add these secrets: - `HYPERLANE_GITHUB_APP_ID`: The App ID - `HYPERLANE_GITHUB_APP_PRIVATE_KEY`: The private key 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .changeset/config.json | 6 +- .github/workflows/npm-preview-release.yml | 115 ++++++++++++++++++++++ .github/workflows/release.yml | 20 +++- .github/workflows/rust-release.yml | 8 +- 4 files changed, 145 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/npm-preview-release.yml diff --git a/.changeset/config.json b/.changeset/config.json index a01341a4efa..cdc4180d3e9 100644 --- a/.changeset/config.json +++ b/.changeset/config.json @@ -30,5 +30,9 @@ "access": "public", "baseBranch": "main", "updateInternalDependencies": "patch", - "ignore": [] + "ignore": [], + "snapshot": { + "useCalculatedVersion": true, + "prereleaseTemplate": "{tag}.{commit}" + } } diff --git a/.github/workflows/npm-preview-release.yml b/.github/workflows/npm-preview-release.yml new file mode 100644 index 00000000000..a3f7d2d7cca --- /dev/null +++ b/.github/workflows/npm-preview-release.yml @@ -0,0 +1,115 @@ +name: NPM Preview Release + +on: + workflow_dispatch: + inputs: + snapshot_tag: + description: 'NPM dist-tag for the preview release' + required: true + default: 'beta' + type: choice + options: + - beta + - alpha + - rc + - preview + +concurrency: + group: npm-preview-release + cancel-in-progress: false + +env: + LOG_FORMAT: PRETTY + TURBO_TELEMETRY_DISABLED: 1 + TURBO_API: https://cache.depot.dev + TURBO_TOKEN: ${{ secrets.DEPOT_TURBO_TOKEN }} + TURBO_TEAM: ${{ secrets.DEPOT_ORG_ID }} + +jobs: + preview-release: + runs-on: depot-ubuntu-latest + permissions: + id-token: write + contents: write + steps: + - name: Checkout + uses: actions/checkout@v5 + with: + fetch-depth: 0 + submodules: recursive + + - name: Setup Node.js + uses: actions/setup-node@v6 + with: + node-version-file: .nvmrc + registry-url: 'https://registry.npmjs.org' + + - name: Setup pnpm + uses: pnpm/action-setup@v4 + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Get base version + id: version + run: | + BASE_VERSION=$(node -p "require('./typescript/sdk/package.json').version") + PREVIEW_VERSION="${BASE_VERSION}-${{ inputs.snapshot_tag }}.${{ steps.sha.outputs.short }}" + echo "base=$BASE_VERSION" >> $GITHUB_OUTPUT + echo "preview=$PREVIEW_VERSION" >> $GITHUB_OUTPUT + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Create snapshot versions + run: pnpm changeset version --snapshot ${{ inputs.snapshot_tag }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Build packages + run: pnpm build + + - name: Publish preview packages + run: pnpm changeset publish --tag ${{ inputs.snapshot_tag }} + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + NPM_CONFIG_PROVENANCE: true + + - name: Create GitHub Pre-release + uses: softprops/action-gh-release@v2 + with: + tag_name: v${{ steps.version.outputs.preview }} + name: v${{ steps.version.outputs.preview }} + target_commitish: ${{ github.sha }} + prerelease: true + generate_release_notes: true + body: | + > [!WARNING] + > This is a preview release for testing purposes. Do not use in production. + + **Branch:** `${{ github.ref_name }}` + **Commit:** ${{ github.sha }} + + ## Installation + ```bash + npm install @hyperlane-xyz/sdk@${{ inputs.snapshot_tag }} + npm install @hyperlane-xyz/cli@${{ inputs.snapshot_tag }} + ``` + + ## Packages Published + All packages in the fixed group were published with version `${{ steps.version.outputs.preview }}` + + - name: Summary + run: | + echo "### Preview Release Published" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "**Version:** \`${{ steps.version.outputs.preview }}\`" >> $GITHUB_STEP_SUMMARY + echo "**NPM Tag:** \`${{ inputs.snapshot_tag }}\`" >> $GITHUB_STEP_SUMMARY + echo "**Branch:** \`${{ github.ref_name }}\`" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "Install with:" >> $GITHUB_STEP_SUMMARY + echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY + echo "npm install @hyperlane-xyz/sdk@${{ inputs.snapshot_tag }}" >> $GITHUB_STEP_SUMMARY + echo "npm install @hyperlane-xyz/cli@${{ inputs.snapshot_tag }}" >> $GITHUB_STEP_SUMMARY + echo "\`\`\`" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6a1fdb358cb..350022fd8e4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -58,14 +58,22 @@ jobs: - name: Install Dependencies run: pnpm install --frozen-lockfile + - name: Generate GitHub App Token + id: generate-token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ secrets.HYPERLANE_GITHUB_APP_ID }} + private-key: ${{ secrets.HYPERLANE_GITHUB_APP_PRIVATE_KEY }} + - name: Create Release PR id: changesets uses: changesets/action@v1 with: version: pnpm version:prepare + title: 'chore: release npm packages' env: NPM_CONFIG_PROVENANCE: true - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} check-latest-published: @@ -156,13 +164,21 @@ jobs: - name: Install Dependencies run: pnpm install --frozen-lockfile + - name: Generate GitHub App Token + id: generate-token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ secrets.HYPERLANE_GITHUB_APP_ID }} + private-key: ${{ secrets.HYPERLANE_GITHUB_APP_PRIVATE_KEY }} + - name: Publish Release to NPM id: changesets uses: changesets/action@v1 with: version: pnpm version:prepare publish: pnpm release + title: 'chore: release npm packages' env: NPM_CONFIG_PROVENANCE: true - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/rust-release.yml b/.github/workflows/rust-release.yml index be45fcc0cfe..4884251e20f 100644 --- a/.github/workflows/rust-release.yml +++ b/.github/workflows/rust-release.yml @@ -170,9 +170,15 @@ jobs: cd ../sealevel cargo update --workspace --offline 2>/dev/null || cargo update --workspace echo "Updated rust/sealevel/Cargo.lock" + - name: Generate GitHub App Token + id: generate-token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ secrets.HYPERLANE_GITHUB_APP_ID }} + private-key: ${{ secrets.HYPERLANE_GITHUB_APP_PRIVATE_KEY }} - name: Create or update release PR env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} NEW_VERSION: ${{ steps.next_version.outputs.new_version }} BUMP_TYPE: ${{ steps.next_version.outputs.bump_type }} CHANGELOG: ${{ steps.changelog.outputs.changelog }} From 9cd57728979fb33bb75e51fd3d7d533934ee5d78 Mon Sep 17 00:00:00 2001 From: pbio <10051819+paulbalaji@users.noreply.github.com> Date: Wed, 26 Nov 2025 14:52:31 +0000 Subject: [PATCH 2/2] chore: rename secrets to HYPER_GONK prefix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .github/workflows/release.yml | 8 ++++---- .github/workflows/rust-release.yml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 350022fd8e4..15847203018 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -62,8 +62,8 @@ jobs: id: generate-token uses: actions/create-github-app-token@v1 with: - app-id: ${{ secrets.HYPERLANE_GITHUB_APP_ID }} - private-key: ${{ secrets.HYPERLANE_GITHUB_APP_PRIVATE_KEY }} + app-id: ${{ secrets.HYPER_GONK_APP_ID }} + private-key: ${{ secrets.HYPER_GONK_PRIVATE_KEY }} - name: Create Release PR id: changesets @@ -168,8 +168,8 @@ jobs: id: generate-token uses: actions/create-github-app-token@v1 with: - app-id: ${{ secrets.HYPERLANE_GITHUB_APP_ID }} - private-key: ${{ secrets.HYPERLANE_GITHUB_APP_PRIVATE_KEY }} + app-id: ${{ secrets.HYPER_GONK_APP_ID }} + private-key: ${{ secrets.HYPER_GONK_PRIVATE_KEY }} - name: Publish Release to NPM id: changesets diff --git a/.github/workflows/rust-release.yml b/.github/workflows/rust-release.yml index 4884251e20f..b8e905c5b16 100644 --- a/.github/workflows/rust-release.yml +++ b/.github/workflows/rust-release.yml @@ -174,8 +174,8 @@ jobs: id: generate-token uses: actions/create-github-app-token@v1 with: - app-id: ${{ secrets.HYPERLANE_GITHUB_APP_ID }} - private-key: ${{ secrets.HYPERLANE_GITHUB_APP_PRIVATE_KEY }} + app-id: ${{ secrets.HYPER_GONK_APP_ID }} + private-key: ${{ secrets.HYPER_GONK_PRIVATE_KEY }} - name: Create or update release PR env: GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}