ci: add release-major-tag workflow (#552)

* build: drop docker-bake in favor of plain npm Every TypeScript action maintained by actions/* (checkout, setup-node, setup-go, cache, upload-artifact) uses plain npm scripts. The bake setup is a docker/* org convention and adds friction for TS work: contributors need Docker, the dev loop is ~10x slower than npm, and Alpine-vs-host byte drift in dist/index.js makes PRs bounce. Replace with the standard pattern: - .node-version pins Node 24 so contributors and CI agree - npm scripts (build, lint, format, test, pre-checkin) replace bake targets one-for-one - validate.yml runs lint + a check-dist diff (mirrors actions/setup-node) and a vendor check that npm install --package-lock-only is a no-op - test.yml uses setup-node + sigstore/cosign-installer, drops bake-action - dependabot-build.yml regenerates dist via npm instead of bake CONTRIBUTING.md and README development section updated to match. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * build: align scripts and workflows with actions/* convention Match the standard layout used by actions/checkout, actions/setup-node, etc.: - package.json scripts: split format/format-check (Prettier) from lint/lint:fix (ESLint), and have pre-checkin run all four (format, lint:fix, build, test) in that order. - validate.yml lint job runs format-check + lint as separate steps. - test.yml drops the redundant --coverage flag (now in the test script). - Drop dependabot-build.yml: actions/* don't auto-rebuild dist on dependabot PRs; the check-dist style validate / build job catches drift and a maintainer rebuilds locally if needed. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * ci: add release-major-tag workflow Adopts the actions/checkout pattern (workflow_dispatch with target + major_version inputs that force-pushes the major tag). Doubles as a rollback tool. Documented in CONTRIBUTING under a 'Releasing' section. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * ci: drop irrelevant pin comment from release-major-tag Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-18 08:21:53 +00:00 · 2026-04-18 15:23:21 -03:00 · 2026-04-18 15:23:21 -03:00 · 5e53f8eea2
commit 5e53f8eea2
parent 4068afa2f0
2 changed files with 61 additions and 0 deletions
--- a/.github/workflows/release-major-tag.yml
+++ b/.github/workflows/release-major-tag.yml
@ -0,0 +1,46 @@
+name: release major tag
+
+run-name: Move ${{ github.event.inputs.major_version }} to ${{ github.event.inputs.target }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      target:
+        description: The tag, branch, or SHA the major version should point to (e.g. v7.1.0)
+        required: true
+      major_version:
+        type: choice
+        description: The major version tag to move
+        options:
+          - v7
+          - v6
+          - v5
+          - v4
+          - v3
+          - v2
+          - v1
+
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+permissions:
+  contents: write
+
+jobs:
+  tag:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          fetch-depth: 0
+      -
+        name: Git config
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+      -
+        name: Move ${{ github.event.inputs.major_version }} to ${{ github.event.inputs.target }}
+        run: git tag -f ${{ github.event.inputs.major_version }} ${{ github.event.inputs.target }}
+      -
+        name: Push
+        run: git push origin ${{ github.event.inputs.major_version }} --force
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -72,3 +72,18 @@ Use [Conventional Commits](https://www.conventionalcommits.org/) (`feat:`,
 - The `signing` CI job and `goreleaser-pro` matrix entries are skipped on PRs
  from forks because they need repository secrets — that's expected and not
  something you need to fix.
+
+## Releasing (maintainers)
+
+1. Create a new GitHub Release with a semver tag (e.g. `v7.1.0`) — either
+   through the UI or `gh release create v7.1.0 --generate-notes`.
+2. Once the release exists, run the [**release major tag**](./.github/workflows/release-major-tag.yml)
+   workflow from the Actions tab:
+   - `target`: the new tag (e.g. `v7.1.0`)
+   - `major_version`: the major version to repoint (e.g. `v7`)
+
+   This force-pushes the major tag to the new release so consumers using
+   `goreleaser/goreleaser-action@v7` pick up the change.
+
+   The same workflow doubles as a rollback tool — pass an older tag as
+   `target` to revert the major.