Add workflow to release upgradeable package

.github/workflows/release-upgradeable.yml

@@ -0,0 +1,46 @@
+name: Release Upgradeable
+
+on:
+  workflow_dispatch: {}
+
+jobs:
+  release-upgradeable:
+    environment: push-upgradeable
+    permissions:
+      id-token: write # Required for OIDC
+      contents: read
+    runs-on: ubuntu-latest
+    env:
+      VANILLA_REPO: OpenZeppelin/openzeppelin-contracts
+      UPGRADEABLE_REPO: james-toussaint/openzeppelin-contracts-upgradeable # TODO: Update repo before merging
+    steps:
+      - run: echo "UPGRADEABLE_DIR=${GITHUB_WORKSPACE}/upgradeable" >> "$GITHUB_ENV"
+      - uses: actions/checkout@v5
+        with:
+          repository: ${{ env.VANILLA_REPO }}
+          ref: ${{ github.ref }}
+      - id: vanilla
+        name: Get vanilla commit
+        run: echo "commit=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
+      - uses: actions/checkout@v5 # TODO: Remove this before merging (used to get node 24.x from setup action)
+      - name: Set up environment
+        uses: ./.github/actions/setup
+      - uses: actions/checkout@v5
+        with:
+          repository: ${{ env.UPGRADEABLE_REPO }}
+          submodules: true
+          token: ${{ secrets.GH_TOKEN_UPGRADEABLE }}
+          ref: ${{ github.ref }}
+          path: upgradeable
+      - run: cd "${UPGRADEABLE_DIR}" && bash ${{ github.workspace }}/scripts/git-user-config.sh
+      - id: publish
+        name: Publish
+        run: bash scripts/release/workflow/publish-upgradeable.sh
+        env:
+          VANILLA_COMMIT: ${{ steps.vanilla.outputs.commit }}
+      - name: Create Github Release Note
+        run: bash scripts/release/workflow/github-release-upgradeable.sh
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_TOKEN_UPGRADEABLE }}
+          GIT_TAG: ${{ steps.publish.outputs.git_tag }}
+          ADDITIONAL_OPTION_IF_PRERELEASE: ${{ steps.publish.outputs.additional_option_if_prerelease }}

scripts/release/workflow/github-release-upgradeable.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+gh release create "${GIT_TAG}" \
+  --repo="${UPGRADEABLE_REPO}" \
+  --title="${GIT_TAG}" \
+  --notes="$(gh release view "${OLD_GIT_TAG}" --repo="${VANILLA_REPO}" --json body -q .body)" `# TODO: Update tag before merging` \
+  "${ADDITIONAL_OPTION_IF_PRERELEASE}"

scripts/release/workflow/publish-upgradeable.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+cd $UPGRADEABLE_DIR
+
+if ! git log -1 --pretty=%B | grep -q "Transpile ${VANILLA_COMMIT}"; then
+  echo "Expected 'Transpile ${VANILLA_COMMIT}' but found '$(git log -1 --pretty=%B)'"
+  exit 1
+fi
+VERSION="$(jq -r .version contracts/package.json)"
+GIT_TAG="v${VERSION}"
+NPM_TAG="tmp"
+ADDITIONAL_OPTION_IF_PRERELEASE="--prerelease"
+if [[ "${GIT_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+  NPM_TAG="dev"
+  ADDITIONAL_OPTION_IF_PRERELEASE=""
+elif [[ "${GIT_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rc.[0-9]+$ ]]; then
+  NPM_TAG="next"
+fi
+echo "additional_option_if_prerelease=${ADDITIONAL_OPTION_IF_PRERELEASE}" >> "$GITHUB_OUTPUT"
+### [START BLOCK] TODO: Remove block before merging
+TIMESTAMPED_VERSION="${VERSION}-$(date +%s)"
+echo "OLD_GIT_TAG=${GIT_TAG}" >> "$GITHUB_ENV"
+GIT_TAG="${GIT_TAG}-$(date +%s)" # incremental git tag for testing
+sed -i'' -e 's/openzeppelin\/contracts-upgradeable/james-toussaint\/contracts-upgradeable/g' contracts/package.json # custom scope for testing
+sed -i'' -e "s/${VERSION}/${TIMESTAMPED_VERSION}/g" contracts/package.json && head contracts/package.json # incremental npm package version for testing
+### [END BLOCK]
+sed -i'' -e 's/OpenZeppelin\/openzeppelin-contracts-upgradeable/james-toussaint\/openzeppelin-contracts/g' contracts/package.json # repository.url for provenance (TODO: Update and try keep upgradeable url)
+git tag -m {,}"${GIT_TAG}"
+CI=true git push origin tag "${GIT_TAG}"
+npm ci
+cd "contracts/"
+npm publish --tag "${NPM_TAG}"
+echo "git_tag=${GIT_TAG}" >> "$GITHUB_OUTPUT"