Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Manage releases using changesets #625

Merged
merged 7 commits into from
Nov 7, 2024
Merged

Conversation

trivikr
Copy link
Contributor

@trivikr trivikr commented Sep 5, 2024

Fixes: #494

The steps maintainers have to take:

Changesets Action will create a pull request for publishing new version whenever changesets are available.
When the pull request is reviewed and merged, a new GitHub Release will be created and npm version will be published.

Copy link

vercel bot commented Sep 5, 2024

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
jscodeshift ✅ Ready (Inspect) Visit Preview 💬 Add feedback Nov 5, 2024 6:19am

@trivikr trivikr marked this pull request as draft September 5, 2024 03:13
@trivikr trivikr changed the title chore(deps-dev): add @changesets/cli Manage releases using changesets Sep 5, 2024
@trivikr trivikr marked this pull request as ready for review September 5, 2024 03:23
@trivikr
Copy link
Contributor Author

trivikr commented Sep 5, 2024

I've copied setup from https://github.com/aws/aws-sdk-js-codemod/releases, a consumer of jscodeshift which has done 150+ releases using changesets.

@Daniel15
Copy link
Member

Daniel15 commented Sep 5, 2024

Create and store npm publish token in GitHub secret NPM_TOKEN

Do you know what the security risks are of this approach, and how they can be avoided? How does this play with npm requiring two-factor authentication to publish?

Edit: Also, does this create a GitHub release, or just an npm release? Ideally we'd have both.

@trivikr
Copy link
Contributor Author

trivikr commented Sep 6, 2024

Do you know what the security risks are of this approach, and how they can be avoided?

The Chsngeset Action will have access to NPM and GitHub tokens to do the releases.
It's downloaded 800K times weekly which helps gaining trust https://npmtrends.com/@changesets/cli

How does this play with npm requiring two-factor authentication to publish?

At aws-sdk-js-codemod, we use npm automation token for publishing.

Also, does this create a GitHub release

Yes. The aws-sdk-js-codemod for reference:

@trivikr
Copy link
Contributor Author

trivikr commented Sep 13, 2024

@Daniel15 Are there other open questions about using changesets, or the extra actions maintainers have to take?

@Daniel15
Copy link
Member

Daniel15 commented Sep 17, 2024

Sorry - I replied to this via email but it looks like it never posted. I should be able to get some time to look into this later this week 😄

In particular, I'll have to see if we're allowed to store npm tokens in GitHub secrets, since it introduces a new attack vector.

@Daniel15
Copy link
Member

Daniel15 commented Oct 3, 2024

Enable github.com/apps/changeset-bot which will inform contributors to optionally add a changeset in their PRs.

I'm still trying to figure out how to properly do this. I want to install pkg.pr.new too. GitHub's UI seems buggy and doesn't properly send the app installation request to the admins.

@Daniel15
Copy link
Member

I finally got pkg.pr.new GitHub app approved so now I'm attempting again to get this one approved.

@trivikr
Copy link
Contributor Author

trivikr commented Oct 31, 2024

Looks like v17.1.0 published artifacts which did not remove temp dependency, breaking consumers.
Details in #638

That's another reason to switch to automated publish mechanism like changesets done in this PR.

@Daniel15
Copy link
Member

Daniel15 commented Nov 1, 2024

@trivikr I'm looking into this now that the GitHub changesets app was approved by the Meta open-source team yesterday. I think I've done all the steps correctly - installed the app and created an NPM_TOKEN. how do we ensure it's working? Do I need to merge this PR before we can test it?

@trivikr
Copy link
Contributor Author

trivikr commented Nov 1, 2024

I tested changesets on aws-sdk-js-codemod by merging the code, and releasing a patch version.

The app will post comment on PRs as soon as they're posted. If a changeset is added, it'll provide details on which new version will be released. If no changeset is present, it'll request author to add one.

PRs without changeset will not update the CHANGELOG. When there are unreleased changesets, a PR will get created clubbing all the unreleased changesets. A new version will be released when that PR is merged.

@trivikr
Copy link
Contributor Author

trivikr commented Nov 1, 2024

For jscodeshift, we can try releasing v17.1.2 or v17.2.0 using changeset whenever new changes are ready.

We can consider releasing a prerelease version too using changesets by going through their documentation. I haven't tried it before.

Copy link

changeset-bot bot commented Nov 5, 2024

⚠️ No Changeset found

Latest commit: 0169599

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Copy link

pkg-pr-new bot commented Nov 5, 2024

Open in Stackblitz

yarn add https://pkg.pr.new/jscodeshift@625.tgz

commit: 0169599

@trivikr
Copy link
Contributor Author

trivikr commented Nov 5, 2024

Changeset Bot is working, and it posted message on this PR #625 (comment)

@Daniel15 I can add a changeset message for this PR, if you want to test releasing v17.1.2 using changesets.

@Daniel15
Copy link
Member

Daniel15 commented Nov 7, 2024

Great, let's merge this and test with new PRs.

@Daniel15 Daniel15 merged commit a0c7424 into facebook:main Nov 7, 2024
8 checks passed
@trivikr trivikr deleted the changesets branch November 7, 2024 23:16
@Daniel15
Copy link
Member

I just did the first changesets-powered release (#647) and it seems to have worked well. Did a few smoke tests and it looks good. Please let me know if you see anything weird!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Enable changesets to manage releases
3 participants