actions/goreleaser-action
12
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser-action.git synced 2026-05-14 06:40:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
goreleaser-action/CONTRIBUTING.md
Carlos Alexandro Becker 5e53f8eea2
ci: add release-major-tag workflow (#552) 
* build: drop docker-bake in favor of plain npm

Every TypeScript action maintained by actions/* (checkout, setup-node,
setup-go, cache, upload-artifact) uses plain npm scripts. The bake
setup is a docker/* org convention and adds friction for TS work:
contributors need Docker, the dev loop is ~10x slower than npm, and
Alpine-vs-host byte drift in dist/index.js makes PRs bounce.

Replace with the standard pattern:
- .node-version pins Node 24 so contributors and CI agree
- npm scripts (build, lint, format, test, pre-checkin) replace bake
  targets one-for-one
- validate.yml runs lint + a check-dist diff (mirrors actions/setup-node)
  and a vendor check that npm install --package-lock-only is a no-op
- test.yml uses setup-node + sigstore/cosign-installer, drops bake-action
- dependabot-build.yml regenerates dist via npm instead of bake

CONTRIBUTING.md and README development section updated to match.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* build: align scripts and workflows with actions/* convention

Match the standard layout used by actions/checkout, actions/setup-node,
etc.:

- package.json scripts: split format/format-check (Prettier) from
  lint/lint:fix (ESLint), and have pre-checkin run all four (format,
  lint:fix, build, test) in that order.
- validate.yml lint job runs format-check + lint as separate steps.
- test.yml drops the redundant --coverage flag (now in the test script).
- Drop dependabot-build.yml: actions/* don't auto-rebuild dist on
  dependabot PRs; the check-dist style validate / build job catches
  drift and a maintainer rebuilds locally if needed.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* ci: add release-major-tag workflow

Adopts the actions/checkout pattern (workflow_dispatch with target +
major_version inputs that force-pushes the major tag). Doubles as a
rollback tool. Documented in CONTRIBUTING under a 'Releasing' section.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* ci: drop irrelevant pin comment from release-major-tag

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-18 15:23:21 -03:00

3.3 KiB
Raw Permalink Blame History

Contributing

Thanks for your interest in contributing!

Prerequisites

  • Node.js — version pinned in .node-version. Tools like nvm, fnm, asdf, or mise read this file automatically.
  • cosign — only required if you want to run the signature-verification integration tests locally.

Setup

npm ci

Pre-commit checklist

Before committing changes to src/, __tests__/, package.json, package-lock.json, or action.yml:

npm run pre-checkin

That runs format + build + test — the same checks CI runs.

Then commit dist/ along with your source changes; the action runtime loads dist/index.js directly, so it must stay in sync.

If CI's validate / build job fails because dist/ differs from a fresh build, just download the dist artifact from the failed run and commit it — or rerun npm run build locally with the Node version in .node-version.

npm scripts

Script Purpose
npm run build Bundle src/ to dist/index.js via ncc
npm run format Run Prettier (write)
npm run format-check Run Prettier (check only, used in CI)
npm run lint Run ESLint (check only, used in CI)
npm run lint:fix Run ESLint with --fix
npm test Run Jest with coverage
npm run pre-checkin format + lint:fix + build + test

Tests

npm test runs the full Jest suite, including integration tests that:

  • Download real GoReleaser releases from GitHub
  • Verify checksums.txt against the downloaded archive
  • Verify the cosign sigstore bundle (skipped if cosign isn't on PATH, but the CI image always has it installed)

These need outbound network access. Offline / restrictive-proxy runs will have those tests fail — that's expected.

Commit messages

Use Conventional Commits (feat:, fix:, test:, docs:, chore:, ci:, …). Keep the subject ≤72 chars.

Pull requests

  • Target master.
  • Make sure npm run pre-checkin passes.
  • One logical change per PR is easier to review.
  • The signing CI job and goreleaser-pro matrix entries are skipped on PRs from forks because they need repository secrets — that's expected and not something you need to fix.

Releasing (maintainers)

  1. Create a new GitHub Release with a semver tag (e.g. v7.1.0) — either through the UI or gh release create v7.1.0 --generate-notes.

  2. Once the release exists, run the release major tag workflow from the Actions tab:

    • target: the new tag (e.g. v7.1.0)
    • major_version: the major version to repoint (e.g. v7)

    This force-pushes the major tag to the new release so consumers using goreleaser/goreleaser-action@v7 pick up the change.

    The same workflow doubles as a rollback tool — pass an older tag as target to revert the major.