mirror of
https://github.com/goreleaser/goreleaser-action.git
synced 2026-05-14 06:40:32 +00:00
5e53f8eea2
* build: drop docker-bake in favor of plain npm Every TypeScript action maintained by actions/* (checkout, setup-node, setup-go, cache, upload-artifact) uses plain npm scripts. The bake setup is a docker/* org convention and adds friction for TS work: contributors need Docker, the dev loop is ~10x slower than npm, and Alpine-vs-host byte drift in dist/index.js makes PRs bounce. Replace with the standard pattern: - .node-version pins Node 24 so contributors and CI agree - npm scripts (build, lint, format, test, pre-checkin) replace bake targets one-for-one - validate.yml runs lint + a check-dist diff (mirrors actions/setup-node) and a vendor check that npm install --package-lock-only is a no-op - test.yml uses setup-node + sigstore/cosign-installer, drops bake-action - dependabot-build.yml regenerates dist via npm instead of bake CONTRIBUTING.md and README development section updated to match. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * build: align scripts and workflows with actions/* convention Match the standard layout used by actions/checkout, actions/setup-node, etc.: - package.json scripts: split format/format-check (Prettier) from lint/lint:fix (ESLint), and have pre-checkin run all four (format, lint:fix, build, test) in that order. - validate.yml lint job runs format-check + lint as separate steps. - test.yml drops the redundant --coverage flag (now in the test script). - Drop dependabot-build.yml: actions/* don't auto-rebuild dist on dependabot PRs; the check-dist style validate / build job catches drift and a maintainer rebuilds locally if needed. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * ci: add release-major-tag workflow Adopts the actions/checkout pattern (workflow_dispatch with target + major_version inputs that force-pushes the major tag). Doubles as a rollback tool. Documented in CONTRIBUTING under a 'Releasing' section. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * ci: drop irrelevant pin comment from release-major-tag Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
89 lines
3.3 KiB
Markdown
89 lines
3.3 KiB
Markdown
# Contributing
|
|
|
|
Thanks for your interest in contributing!
|
|
|
|
## Prerequisites
|
|
|
|
- [Node.js](https://nodejs.org/) — version pinned in [`.node-version`](./.node-version).
|
|
Tools like [`nvm`](https://github.com/nvm-sh/nvm), [`fnm`](https://github.com/Schniz/fnm),
|
|
[`asdf`](https://asdf-vm.com/), or [`mise`](https://mise.jdx.dev/) read this file
|
|
automatically.
|
|
- [`cosign`](https://docs.sigstore.dev/cosign/installation/) — only required if you
|
|
want to run the signature-verification integration tests locally.
|
|
|
|
## Setup
|
|
|
|
```sh
|
|
npm ci
|
|
```
|
|
|
|
## Pre-commit checklist
|
|
|
|
Before committing changes to `src/`, `__tests__/`, `package.json`,
|
|
`package-lock.json`, or `action.yml`:
|
|
|
|
```sh
|
|
npm run pre-checkin
|
|
```
|
|
|
|
That runs `format` + `build` + `test` — the same checks CI runs.
|
|
|
|
Then commit `dist/` along with your source changes; the action runtime loads
|
|
`dist/index.js` directly, so it must stay in sync.
|
|
|
|
If CI's `validate / build` job fails because `dist/` differs from a fresh
|
|
build, just download the `dist` artifact from the failed run and commit it —
|
|
or rerun `npm run build` locally with the Node version in `.node-version`.
|
|
|
|
## npm scripts
|
|
|
|
| Script | Purpose |
|
|
| ------------------- | ------------------------------------------------ |
|
|
| `npm run build` | Bundle `src/` to `dist/index.js` via `ncc` |
|
|
| `npm run format` | Run Prettier (write) |
|
|
| `npm run format-check` | Run Prettier (check only, used in CI) |
|
|
| `npm run lint` | Run ESLint (check only, used in CI) |
|
|
| `npm run lint:fix` | Run ESLint with `--fix` |
|
|
| `npm test` | Run Jest with coverage |
|
|
| `npm run pre-checkin` | `format` + `lint:fix` + `build` + `test` |
|
|
|
|
## Tests
|
|
|
|
`npm test` runs the full Jest suite, including integration tests that:
|
|
|
|
- Download real GoReleaser releases from GitHub
|
|
- Verify `checksums.txt` against the downloaded archive
|
|
- Verify the cosign sigstore bundle (skipped if `cosign` isn't on `PATH`,
|
|
but the CI image always has it installed)
|
|
|
|
These need outbound network access. Offline / restrictive-proxy runs will
|
|
have those tests fail — that's expected.
|
|
|
|
## Commit messages
|
|
|
|
Use [Conventional Commits](https://www.conventionalcommits.org/) (`feat:`,
|
|
`fix:`, `test:`, `docs:`, `chore:`, `ci:`, …). Keep the subject ≤72 chars.
|
|
|
|
## Pull requests
|
|
|
|
- Target `master`.
|
|
- Make sure `npm run pre-checkin` passes.
|
|
- One logical change per PR is easier to review.
|
|
- The `signing` CI job and `goreleaser-pro` matrix entries are skipped on PRs
|
|
from forks because they need repository secrets — that's expected and not
|
|
something you need to fix.
|
|
|
|
## Releasing (maintainers)
|
|
|
|
1. Create a new GitHub Release with a semver tag (e.g. `v7.1.0`) — either
|
|
through the UI or `gh release create v7.1.0 --generate-notes`.
|
|
2. Once the release exists, run the [**release major tag**](./.github/workflows/release-major-tag.yml)
|
|
workflow from the Actions tab:
|
|
- `target`: the new tag (e.g. `v7.1.0`)
|
|
- `major_version`: the major version to repoint (e.g. `v7`)
|
|
|
|
This force-pushes the major tag to the new release so consumers using
|
|
`goreleaser/goreleaser-action@v7` pick up the change.
|
|
|
|
The same workflow doubles as a rollback tool — pass an older tag as
|
|
`target` to revert the major.
|