feat(ci): add VS Code Marketplace publishing with configurable registries#30
Merged
Conversation
Implements reqstool/reqstool.github.io#33. Adds 10 reusable workflows organized by language under .github/workflows/: - common/: check-release, release, release-preview, publish-to-docker - java/: publish-to-maven, publish-to-gradle (target: portal|central) - python/: publish-to-python, publish-to-python-test - typescript/: publish-to-npm, publish-to-vscode All publish workflows support a dry-run input for CI-safe validation without uploading to external registries. release-preview.yml computes the next version via git-cliff and optionally cross-checks it against the calling repo's build tool via a version-command input. Adds tests/ mirroring the workflow directory structure (1:1 file mapping) with act-compatible test workflows and JSON event fixtures for failure-path testing of check-release.yml. Adds ci.yml that runs actionlint, zizmor, yamllint, and act-based behavioral tests on any change to .github/workflows/** or tests/**. Adds .github/cliff.toml as the org-wide default changelog config. Signed-off-by: Jimisola Laursen <jimisola@jimisola.com>
…typescript Adds reusable build and lint workflows alongside the existing publish/release workflows, completing the org-wide CI/CD centralization. New workflows: - java/lint.yml — mvn clean validate; java-version input - java/build-maven.yml — mvn clean verify; java-version input - java/build-gradle.yml — ./gradlew clean build; java-version input - python/lint.yml — black + flake8; package-manager: hatch|poetry input - python/build-hatch.yml — hatch pytest + build; coverage-source input - python/build-poetry.yml — poetry install + pytest + build; install-self-as-plugin input for plugin e2e tests - typescript/lint.yml — npm ci + lint + format; node-version input - typescript/build.yml — npm ci + test + build; use-xvfb and dependency-version/install-command inputs for VS Code extension builds Adds 1:1 test files in tests/ for all new workflows (actionlint-validated; act execution requires a real project checkout so ci.yml skips act for build/lint tests). Signed-off-by: Jimisola Laursen <jimisola@jimisola.com>
Centralizes the identical Antora build + GitHub Pages deploy workflows from reqstool-java-annotations and reqstool-java-maven-plugin. Inputs: node-version (default 24), antora-playbook (default docs/antora-playbook.yml). Callers pass permissions: pages: write, id-token: write. Signed-off-by: Jimisola Laursen <jimisola@jimisola.com>
- check-release: replace [[ != glob ]] with case statement (SC2193)
- release, release-preview, ci: group multiple >> redirects into
{ ... } >> file blocks (SC2129)
- build-poetry: replace ls dist/*.whl with find (SC2012)
- publish-to-vscode: replace ls *.vsix with find -maxdepth 1 (SC2012, SC2035)
Signed-off-by: Jimisola Laursen <jimisola@jimisola.com>
act was showing a Docker image selection prompt and receiving EOF when run non-interactively, causing all test jobs to fail. Pre-creating ~/.config/act/actrc with node:20-bullseye-slim (sufficient for shell-only workflows) resolves this. Signed-off-by: Jimisola Laursen <jimisola@jimisola.com>
act's --input flag only works for workflow_dispatch events; for workflow_call the inputs must be embedded in the event JSON payload under an 'inputs' key. Signed-off-by: Jimisola Laursen <jimisola@jimisola.com>
act does not propagate with: inputs into nested workflow_call, causing false failures. release-preview also uses curl which is absent from the micro image. Both are validated by actionlint; end-to-end testing happens in the per-repo migration PRs. Signed-off-by: Jimisola Laursen <jimisola@jimisola.com>
…mat script Signed-off-by: Jimisola Laursen <jimisola@jimisola.com>
Addresses CodeQL findings — all jobs only read the repository, so contents: read is the correct minimal permission. Signed-off-by: Jimisola Laursen <jimisola@jimisola.com>
…ries
Add VSCE_PAT secret and a registries input ('both' | 'open-vsx' |
'vscode-marketplace', default: 'both') so consumers can choose which
registries to publish to.
Signed-off-by: Jimisola Laursen <jimisola@jimisola.com>
…sentinel Signed-off-by: Jimisola Laursen <jimisola@jimisola.com>
Signed-off-by: Jimisola Laursen <jimisola@jimisola.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
VSCE_PATsecret topublish-to-vscode.ymlfor VS Code Marketplace authenticationregistriesinput (comma-separated string, default:open-vsx,vscode-marketplace) so consumers can choose which registries to publish tocontains(inputs.registries, '<registry>'), removing the need for abothsentinel valueUsage
Publish to both (default — no change needed for existing consumers):
Publish to one registry only:
Secrets required
OPEN_VSX_TOKENVSCE_PATTest plan
registries: "open-vsx"and verify only the Open VSX step runsregistries: "vscode-marketplace"and verify only the Marketplace step runs