CI: Let release script publish to NPM registry (#39)

Make the `build+release` workflow actually publish the built packages to npmjs, not just as a dry-run. Based on https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages#publishing-packages-to-the-npm-registry.
Concordium · Nov 14, 2023 · 9223f42 · 9223f42
1 parent 0a28679
commit 9223f42
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 6 deletions.
diff --git a/.github/workflows/build+release.yml b/.github/workflows/build+release.yml
@@ -1,4 +1,4 @@
-# Release/publish workflow to run on all pushed commits.
+# Workflow for building and publishing a release of one of the libraries based on an annotated tag.
 
 # The commit to be released is selected by ref using the input 'tag_override' and defaults to the ref that triggered the workflow.
 # The ref must be an annotated tag with a specific format and a message consisting of the release notes.
@@ -13,9 +13,9 @@
 #
 # The workflow fails without uploading if the ref doesn't satisfy some of the requirements above or if any package fails to build.
 #
-# In addition to uploading a GitHub release, the workflow is intended to also publish the package to NPM registry in the future.
-# For now, the process of publishing is to download the pack file from the GitHub release to a box that is logged into the organization
-# (using 'npm login') and then publish it using the command 'npm publish <pack-file>'.
+# In addition to uploading a GitHub release, the workflow also publishes the package to the npmjs registry.
+# If, for whatever reason, this step stops working, download the pack file from the GitHub release to a box
+# that is logged into the organization (using 'npm login') and publish it manually using the command 'npm publish <pack-file>'.
 
 name: Build and publish release
 
@@ -85,15 +85,18 @@ jobs:
               with:
                   node-version: '${{env.node_version}}'
                   cache: yarn
+                  registry-url: 'https://registry.npmjs.org'
             - name: Run yarn install
               run: yarn install --immutable
             # TODO Find a way to force target lib to not build against local build of dependent lib, but always against published build.
             - name: Build all libraries
               run: yarn build
             - name: Archive target library
               run: npm pack --workspace="${{steps.package.outputs.workspace}}"
-            - name: Publish library to npm [dry run]
-              run: npm publish --dry-run "${{steps.release.outputs.npm-pack-file}}"
+            - name: Publish library to npm
+              run: npm publish "${{steps.release.outputs.npm-pack-file}}"
+              env:
+                NODE_AUTH_TOKEN: '${{secrets.NPM_TOKEN}}'
             - name: Extract changelog entries
               uses: concordium/github-action-changelog-extract@v1
               id: changelog

diff --git a/README.md b/README.md
@@ -36,3 +36,35 @@ yarn build
 ```
 
 to build all the libraries into the `dist` subfolder of their respective paths.
+
+## Release
+
+The libraries are released individually using the GitHub Actions workflow
+[`Build and publish release`](./.github/workflows/build+release.yml).
+The procedure is as follows:
+
+1. Add an annotated tag for the commit to build from.
+   The name of the tag name must follow the format `<package>/<version>`,
+   where `<package>` is `wallet-connectors` or `react-components` and `<version>` is the version to release.
+   The version must match the version given in `package.json` of the package followed by a build version.
+
+   Example: Release `@concordium/wallet-connectors` version 1.2.3 from commit `<ref>`:
+   ```
+   git checkout <ref>
+   git tag -a wallet-connectors/1.2.3-0
+   ```
+2. Provide an overview of the changes in the release as the message of the annotated tag.
+   The release notes of the GitHub release is constructed from this message followed by the items corresponding to the version
+   extracted from the library's `CHANGELOG.md`.
+3. Run the GitHub Actions workflow
+   [`Build and publish release`](https://github.com/Concordium/concordium-dapp-libraries/actions/workflows/build+release.yml)
+   using the "Run Workflow" button.
+   Keep `main` as the selected option of "Use workflow from" and provide the name of the tag created above as the value of "Tag".
+   Hit "Run workflow" to start the workflow.
+4. If the tag satisfies all the requirements, the workflow will build the package and publish it as a GitHub release
+   as well as to the npm registry.
+   Note that the procedure has to be performed once for each package to release.
+
+The npm package is published using the API key stored in the repository secret `NPM_TOKEN`,
+which belongs to the npm user `concordium-ci`.
+The current key expires 2024-06-03.