Skip to content


v4.6.0 #35

Workflow file for this run

name: publish-to-npm
types: [released]
# Support manual releases in case something goes wrong, or we need to do a test.
description: Tag to be published
type: string
required: true
# Step 1: Verify that the tag we're trying to release is a valid candidate for publishing.
runs-on: ubuntu-latest
# Check out the main branch, and get its head commit as output for later.
- uses: actions/checkout@v4
ref: 'main'
- run: echo "COMMIT_ID=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
id: get-branch-commit
# Checkout the tag we want to release, and get its head commit as output for later.
- uses: actions/checkout@v4
ref: ${{ github.event.release.tag_name || inputs.tag }}
- run: echo "COMMIT_ID=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
id: get-tag-commit
# If the two commits aren't identical, the tag isn't eligible for release.
- name: Fail non-matching commits
if: ${{ steps.get-branch-commit.outputs.COMMIT_ID != steps.get-tag-commit.outputs.COMMIT_ID }}
run: |
echo "Tag commit must match latest commit in main. Branch is ${{ steps.get-branch-commit.outputs.COMMIT_ID }}. Tag is ${{ steps.get-tag-commit.outputs.COMMIT_ID }}"
exit 1
# Verify that the `package.json`'s version property is 4.Y.Z, as we want to restrict the `dev` and `release`
# branches to publishing v4.x.
- name: Verify major version
run: |
MAJOR_VERSION=`cat package.json | jq '.version | split(".") | .[0]' | xargs`
[[ ${MAJOR_VERSION} == 4 ]] || (echo "package.json version must be 4.x" && exit 1)
# Verify that the tag is of the format "vX.Y.Z", where the X, Y, and Z exactly match the corresponding values in
# `package.json`'s version property.
- name: Compare tag to package.json
run: |
TAG=${{ github.event.release.tag_name || inputs.tag }}
PACKAGE_VERSION=v`cat package.json | jq '.version' | xargs`
[[ ${TAG} == ${PACKAGE_VERSION} ]] || (echo "Tag name must match package.json version, prefixed by lowercase v" && exit 1)
# Step 2: Publish the tag as a release candidate.
needs: verify-candidate-tag
uses: salesforcecli/github-workflows/.github/workflows/npmPublish.yml@main
ctc: false # We've been told we don't have to care about this until someone makes us care.
sign: true
tag: latest-rc # Publish as a release candidate, so we can do our validations against it.
githubTag: ${{ github.event.release.tag_name || inputs.tag }}
secrets: inherit
# Step 3: Run smoke tests against the release candidate.
needs: publish-rc
# By default, if any job in a matrix fails, all other jobs are immediately cancelled. This option makes the jobs
# run to completion instead.
fail-fast: false
os: [{vm: ubuntu-latest, exe: .sh}, {vm: macos-latest, exe: .sh}, {vm: windows-2019, exe: .cmd}]
runs-on: ${{ matrix.os.vm }}
# We need to checkout the tag to get the smoke tests
- uses: actions/checkout@v4
ref: ${{ github.event.release.tag_name || inputs.tag }}
# We need Node LTS and Java v11
- uses: actions/setup-node@v4
node-version: 'lts/*'
- uses: actions/setup-java@v4
distribution: 'temurin'
java-version: '11' # For now, Java version is hardcoded.
# Install SF, and the release candidate version.
- run: npm install -g @salesforce/cli
- run: sf plugins install @salesforce/sfdx-scanner@latest-rc
# Log the installed plugins for easier debugging.
- run: sf plugins
# Attempt to run the smoke tests.
- run: smoke-tests/smoke-test${{ matrix.os.exe }} sf
# Upload the smoke test result as an artifact, so it's visible for later.
- uses: actions/upload-artifact@v4
if: ${{ always() }}
name: ${{ runner.os }}-smoke-test-results
path: smoke-test-results
# Step 4: Promote the release candidate to latest.
needs: rc-test
runs-on: ubuntu-latest
- uses: actions/setup-node@v4
node-version: 'lts/*'
- run: |
echo "//${{ secrets.NPM_TOKEN }}" > ~/.npmrc
npm dist-tag add @salesforce/sfdx-scanner@${{ github.event.release.tag_name || inputs.tag }} latest
# Step 5: Create a Pull Request for merging `main` into `dev`
needs: promote-to-latest
runs-on: macos-latest
contents: write
pull-requests: write
# Check out `main`
- uses: actions/checkout@v4
ref: 'main'
# Create a new branch based on `main`, so that merge conflicts can be manually resolved if need be.
- run: |
NEW_VERSION=$(jq -r ".version" package.json)
git checkout -b m2d/v$NEW_VERSION
git push --set-upstream origin m2d/v$NEW_VERSION
# Create a Pull Request from the new branch into `dev`.
- run: |
NEW_VERSION=$(jq -r ".version" package.json)
# For whatever reason, the version of 'echo' on GHAs doesn't process backspace by default.
# The non-POSIX-standard -e flag causes it to do that.
echo -e "This branch and PR were automatically created following the successful release of v$NEW_VERSION.\n\
It must be MERGED into dev, NOT SQUASHED OR REBASED. Squashing or rebasing this branch onto dev can cause potentially irreconcilable merge conflicts later.\n\
As an additional safeguard and reminder, the title of this PR MUST include the word 'merging' in the description portion of the PR title, e.g., 'Main2Dev @W-XXXXXXX@ Merging main to dev after vX.Y.Z'.\n\
If there are conflicts between dev and this branch, you should do the following locally:\n\
- $ git checkout dev\n\
- $ git pull\n\
- $ git fetch --all\n\
- $ git checkout m2d/v$NEW_VERSION\n\
- $ git pull origin dev --no-rebase # You MUST include this flag, or someone's day will be ruined.\n\
- Resolve the merge conflicts manually. When in doubt, ask the code's author for help.\n\
- $ git commit\n\
- $ git push" > body.txt
# Create the pull request.
gh pr create -B dev -H m2d/v$NEW_VERSION --title "Filler title. Read description and rename." -F body.txt