diff --git a/.github/actions/npm-publish/action.yml b/.github/actions/npm-publish/action.yml
index 869f07d..ba3ceba 100644
--- a/.github/actions/npm-publish/action.yml
+++ b/.github/actions/npm-publish/action.yml
@@ -1,23 +1,28 @@
name: 'NPM Publish'
description: 'Publish package to npm registry.'
+
inputs:
node-version:
description: 'Node.js version to use.'
required: false
default: '20'
+
package-dir:
description: 'Directory containing package.json.'
required: false
default: '.'
+
deploy-command:
description: 'Publish command to execute.'
required: false
default: 'npm run deploy'
+
access-token:
description: 'NPM auth token.'
required: true
+
runs:
using: 'composite'
steps:
diff --git a/.github/actions/trb-project-node-version-bump/action.yml b/.github/actions/trb-project-node-version-bump/action.yml
new file mode 100644
index 0000000..b7beb68
--- /dev/null
+++ b/.github/actions/trb-project-node-version-bump/action.yml
@@ -0,0 +1,62 @@
+name: 'TRB Project Node Version Bump'
+description: 'Trigger TRB bump project node version workflow dispatch.'
+
+
+inputs:
+ trb-repository:
+ description: 'Target TRB repository.'
+ required: true
+
+ project-node-name:
+ description: 'The description (name) of TRB node.'
+ required: true
+
+ release-version:
+ description: 'Release version from the current publish tag without the v prefix (for example, 1.0.0).'
+ required: true
+
+ release-at:
+ description: 'UTC timestamp of the tagged commit in ISO 8601 format (YYYY-MM-DDTHH:mm:ss.000Z).'
+ required: true
+
+ access-token:
+ description: 'GitHub token with workflow dispatch permission.'
+ required: true
+
+
+runs:
+ using: 'composite'
+ steps:
+ - name: 🔍 Verify TRB Repository
+ shell: bash
+ run: |
+ if [ -z '${{ inputs.trb-repository }}' ]; then
+ echo '❌ TRB Repository is required.'
+ exit 1
+ fi
+
+ - name: 🔍 Verify TRB Repository Ref
+ id: repository_ref
+ shell: bash
+ env:
+ GH_TOKEN: ${{ inputs.access-token }}
+ run: |
+ REPOSITORY_REF=$(gh api "repos/${{ inputs.trb-repository }}" --jq '.default_branch')
+ if [ -z "$REPOSITORY_REF" ] || [ "$REPOSITORY_REF" = 'null' ]; then
+ echo '❌ Failed to resolve TRB default branch.'
+ exit 1
+ fi
+
+ printf 'value=%s\n' "$REPOSITORY_REF" >> "$GITHUB_OUTPUT"
+
+ - name: 🚀 Trigger TRB Workflow Dispatch
+ shell: bash
+ env:
+ GH_TOKEN: ${{ inputs.access-token }}
+ run: |
+ gh workflow run 'Bump Node Version' \
+ --repo '${{ inputs.trb-repository }}' \
+ --ref '${{ steps.repository_ref.outputs.value }}' \
+ -f node-description='${{ inputs.project-node-name }}' \
+ -f release-version='${{ inputs.release-version }}' \
+ -f release-at='${{ inputs.release-at }}'
diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml
index a67dc19..2e931c7 100644
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -1,14 +1,17 @@
name: Prepare Release
+
on:
push:
tags:
- 'v*'
+
permissions:
contents: write
pull-requests: write
+
jobs:
call-prepare:
uses: leoweyr/github-release-workflow/.github/workflows/reusable-prepare-release.yml@develop
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
index 472348f..e8530b8 100644
--- a/.github/workflows/publish-release.yml
+++ b/.github/workflows/publish-release.yml
@@ -1,12 +1,15 @@
name: Publish Release
+
on:
pull_request:
types: [closed]
+
permissions:
contents: write
+
jobs:
call-publish:
uses: leoweyr/github-release-workflow/.github/workflows/reusable-publish-release.yml@develop
diff --git a/.github/workflows/reusable-prepare-release.yml b/.github/workflows/reusable-prepare-release.yml
index 20231b2..c24d672 100644
--- a/.github/workflows/reusable-prepare-release.yml
+++ b/.github/workflows/reusable-prepare-release.yml
@@ -1,5 +1,6 @@
name: Prepare Release
+
on:
workflow_call:
inputs:
@@ -8,26 +9,31 @@ on:
required: false
type: string
default: '20'
+
base-branch:
description: 'Base branch name for release pull requests.'
required: false
type: string
default: 'master'
+
commit-user-name:
description: 'Git user name for commit'
required: false
type: string
default: 'github-actions[bot]'
+
commit-user-email:
description: 'Git user email for commit.'
required: false
type: string
default: 'github-actions[bot]@users.noreply.github.com'
+
secrets:
ACCESS_TOKEN:
required: true
description: 'GitHub Token for authentication.'
+
jobs:
prepare-release:
runs-on: ubuntu-latest
diff --git a/.github/workflows/reusable-publish-release.yml b/.github/workflows/reusable-publish-release.yml
index 5e0faf1..1452a66 100644
--- a/.github/workflows/reusable-publish-release.yml
+++ b/.github/workflows/reusable-publish-release.yml
@@ -1,5 +1,6 @@
name: Publish Release
+
on:
workflow_call:
inputs:
@@ -8,22 +9,38 @@ on:
required: false
type: string
default: '20'
+
npm-package-dir:
description: 'Directory containing package.json for npm publish.'
required: false
type: string
default: '.'
+
npm-deploy-command:
description: 'Command used to publish npm package.'
required: false
type: string
default: 'npm run deploy'
+
+ trb-repository:
+ description: 'Target TRB repository.'
+ required: false
+ type: string
+ default: ''
+
+ trb-project-node-name:
+ description: 'The description (name) of TRB node.'
+ required: false
+ type: string
+ default: ''
+
secrets:
ACCESS_TOKEN:
required: true
NPM_TOKEN:
required: false
+
jobs:
publish-release:
if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.title, 'release:')
@@ -44,22 +61,31 @@ jobs:
id: extract_tag
run: |
TITLE="${{ github.event.pull_request.title }}"
- TAG_NAME=$(echo "$TITLE" | sed 's/release: //')
- echo "TAG_NAME=$TAG_NAME" >> $GITHUB_ENV
- VERSION_TITLE=${TAG_NAME#v}
- echo "VERSION_TITLE=$VERSION_TITLE" >> $GITHUB_ENV
+ ORIGINAL_TAG_NAME=$(printf '%s' "$TITLE" | sed 's/release: //')
+ RELEASE_VERSION=${ORIGINAL_TAG_NAME#v}
+ TAG_COMMIT_HASH=$(git rev-list -n 1 "$ORIGINAL_TAG_NAME")
+
+ if [ -z "$TAG_COMMIT_HASH" ]; then
+ echo '❌ Tag commit hash not found.'
+ exit 1
+ fi
+
+ RELEASE_AT=$(TZ=UTC git show -s --format="%cd" --date=format-local:"%Y-%m-%dT%H:%M:%S.000Z" "$TAG_COMMIT_HASH")
+ printf 'TAG_NAME=%s\n' "$ORIGINAL_TAG_NAME" >> "$GITHUB_ENV"
+ printf 'RELEASE_VERSION=%s\n' "$RELEASE_VERSION" >> "$GITHUB_ENV"
+ printf 'RELEASE_AT=%s\n' "$RELEASE_AT" >> "$GITHUB_ENV"
- name: 📝 Create Release Body File
env:
PR_BODY: ${{ github.event.pull_request.body }}
- run: echo "$PR_BODY" > release_body.md
+ run: printf '%s\n' "$PR_BODY" > release_body.md
- name: 🚀 Deploy GitHub Release
env:
GH_TOKEN: ${{ secrets.ACCESS_TOKEN }}
run: |
gh release create ${{ env.TAG_NAME }} \
- --title "${{ env.VERSION_TITLE }}" \
+ --title "${{ env.RELEASE_VERSION }}" \
--notes-file release_body.md \
--verify-tag
@@ -68,19 +94,38 @@ jobs:
run: |
if [ -z "${{ secrets.NPM_TOKEN }}" ]; then
echo '👻 NPM_TOKEN is not configured.'
- echo 'enabled=false\n' >> "$GITHUB_OUTPUT"
+ printf 'enabled=false\n' >> "$GITHUB_OUTPUT"
exit 0
fi
- echo 'enabled=true\n' >> "$GITHUB_OUTPUT"
+ printf 'enabled=true\n' >> "$GITHUB_OUTPUT"
- - name: 🔄 Sync NPM Publish Action
- if: steps.verify_npm_token.outputs.enabled == 'true'
+ - name: 🔍 Verify TRB Inputs
+ id: verify_trb_inputs
+ run: |
+ if [ -z "${{ inputs.trb-repository }}" ]; then
+ echo '👻 trb-repository is not configured.'
+ printf 'enabled=false\n' >> "$GITHUB_OUTPUT"
+ exit 0
+ fi
+
+ if [ -z "${{ inputs.trb-project-node-name }}" ]; then
+ echo '👻 trb-project-node-name is not configured.'
+ printf 'enabled=false\n' >> "$GITHUB_OUTPUT"
+ exit 0
+ fi
+
+ printf 'enabled=true\n' >> "$GITHUB_OUTPUT"
+
+ - name: 🔄 Sync Release Actions
+ if: steps.verify_npm_token.outputs.enabled == 'true' || steps.verify_trb_inputs.outputs.enabled == 'true'
uses: actions/checkout@v4
with:
repository: 'leoweyr/github-release-workflow'
path: .release-workflow
- sparse-checkout: .github/actions/npm-publish
+ sparse-checkout: |
+ .github/actions/npm-publish
+ .github/actions/trb-project-node-version-bump
- name: 🚀 Deploy NPM Package
if: steps.verify_npm_token.outputs.enabled == 'true'
@@ -90,3 +135,13 @@ jobs:
package-dir: ${{ inputs.npm-package-dir }}
deploy-command: ${{ inputs.npm-deploy-command }}
access-token: ${{ secrets.NPM_TOKEN }}
+
+ - name: 🚀 Bump TRB Project Node Version
+ if: steps.verify_trb_inputs.outputs.enabled == 'true'
+ uses: ./.release-workflow/.github/actions/trb-project-node-version-bump
+ with:
+ trb-repository: ${{ inputs.trb-repository }}
+ project-node-name: ${{ inputs.trb-project-node-name }}
+ release-version: ${{ env.RELEASE_VERSION }}
+ release-at: ${{ env.RELEASE_AT }}
+ access-token: ${{ secrets.ACCESS_TOKEN }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3d19c1b..6a4a122 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,20 @@
All notable changes to this project will be documented in this file.
+# [1.2.0](https://github.com/leoweyr/github-release-workflow/compare/v1.1.0...v1.2.0) (2026-04-05)
+### Bug Fixes
+
+* correct NPM_TOKEN gating output ([6173ab3](https://github.com/leoweyr/github-release-workflow/commit/6173ab3a2a1f676b85100f51e11d6a96843b2e73)) [@leoweyr](https://github.com/leoweyr)
+* **publish-release:** align parameters in verify TRB inputs ([7bf326f](https://github.com/leoweyr/github-release-workflow/commit/7bf326f99154667914f3cbb5daad4a392e3a7a29)) [@leoweyr](https://github.com/leoweyr)
+* **publish-release:** align TRB local action path with synced directory ([e9f7736](https://github.com/leoweyr/github-release-workflow/commit/e9f7736bd68503c238280e1dcec553aa6d794a5e)) [@leoweyr](https://github.com/leoweyr)
+
+
+### Features
+
+* support trb project node version bump ([90eecbf](https://github.com/leoweyr/github-release-workflow/commit/90eecbfa1ae50f415195089c58eaac2139a1ef8f)) [@leoweyr](https://github.com/leoweyr)
+
+
+
# [1.1.0](https://github.com/leoweyr/github-release-workflow/compare/v1.0.1...v1.1.0) (2026-04-04)
### Features
diff --git a/README.md b/README.md
index a5bacaf..95278bf 100644
--- a/README.md
+++ b/README.md
@@ -44,11 +44,12 @@ This workflow streamlines your release process into a few simple steps:
> [!NOTE]
>
-> If the required secret for the release target are not configured, publishing will not start.
+> If the required inputs or secrets for a release target are not configured, publishing for that target will not start.
Configure target publishing in your user-side entry workflow (`.github/workflows/publish-release.yml`):
-| Release Target | Required Secret | User-Side Inputs (`with`) |
-|----------------|-----------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|
-| GitHub Release | `ACCESS_TOKEN` (Mapped from `secrets.GITHUB_TOKEN`) | None |
-| NPM | `NPM_TOKEN` | `npm-node-version` (Default `20`)
`npm-package-dir` (Default `.`)
`npm-deploy-command` (Default `npm run deploy`) |
+| Release Target | Required | User-Side Inputs (`with`) |
+|----------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|
+| GitHub Release | `ACCESS_TOKEN` (Mapped from `secrets.GITHUB_TOKEN`) | None |
+| npm | `NPM_TOKEN` | `npm-node-version` (Default `20`)
`npm-package-dir` (Default `.`)
`npm-deploy-command` (Default `npm run deploy`) |
+| [TODO Requirement Blueprint](https://github.com/leoweyr/todo-requirement-blueprint-spec) (Bump Project Node Version) | `trb-repository`
`trb-project-node-name` | |