From 5f77eca3298c97536cfd388315140f1f451fce4c Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Wed, 5 Nov 2025 18:35:59 +0800 Subject: [PATCH 01/47] release pipeline change for beta release --- .github/workflows/release.yml | 262 +++++++++++++++++++++++----------- 1 file changed, 180 insertions(+), 82 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bbbbc102e7..6254134526 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,6 +9,9 @@ on: package_name: description: 'Package folder (Name of the package directory under packages/ folder. e.g., xrpl, ripple-address-codec)' required: true + release_branch_name: + description: 'Name of the release branch to be used' + required: true npmjs_dist_tag: description: 'npm distribution tag(Read more https://docs.npmjs.com/adding-dist-tags-to-packages)' default: 'latest' @@ -23,6 +26,12 @@ jobs: name: Get release version from package.json outputs: package_version: ${{ steps.get_version.outputs.version }} + npm_dist_tags: ${{ steps.get_version.outputs.dist_tags }} + npm_is_beta: ${{ steps.get_version.outputs.is_beta }} + npm_primary_dist_tag: ${{ steps.get_version.outputs.primary_dist_tag }} + release_branch: ${{ steps.validate_inputs.outputs.release_branch }} + release_pr_number: ${{ steps.validate_inputs.outputs.release_pr_number }} + release_pr_url: ${{ steps.validate_inputs.outputs.release_pr_url }} steps: - name: Checkout code uses: actions/checkout@v4 @@ -30,10 +39,18 @@ jobs: fetch-depth: 0 - name: Validate inputs + id: validate_inputs + env: + GH_TOKEN: ${{ github.token }} + REPO: ${{ github.repository }} run: | set -euo pipefail + + RELEASE_BRANCH_INPUT="${{ github.event.inputs.release_branch_name }}" RELEASE_BRANCH="$(git branch --show-current || true)" - if [[ -z "$RELEASE_BRANCH" ]]; then + if [[ -n "$RELEASE_BRANCH_INPUT" ]]; then + RELEASE_BRANCH="$RELEASE_BRANCH_INPUT" + elif [[ -z "$RELEASE_BRANCH" ]]; then RELEASE_BRANCH="${{ github.ref_name }}" fi @@ -66,28 +83,92 @@ jobs: echo "✅ No Internal Artifactory URL found" fi - # validate dist tag - NPM_DIST_TAG="${{ github.event.inputs.npmjs_dist_tag }}" + # validate dist tag(s) + RAW_DIST_TAGS="${{ github.event.inputs.npmjs_dist_tag }}" + declare -a TAGS + declare -A SEEN=() - # Empty → default to 'latest' - if [ -z "$NPM_DIST_TAG" ]; then - NPM_DIST_TAG="latest" + if [ -z "$RAW_DIST_TAGS" ]; then + TAGS=("latest") echo "ℹ️ npmjs_dist_tag empty → defaulting to 'latest'." + else + IFS=',' read -ra INPUT_TAGS <<< "$RAW_DIST_TAGS" + for raw_tag in "${INPUT_TAGS[@]}"; do + tag="$(printf '%s' "$raw_tag" | tr -d '[:space:]')" + if [ -z "$tag" ]; then + echo "❌ npmjs_dist_tag contains an empty tag entry." >&2 + exit 1 + fi + if ! [[ "$tag" =~ ^[a-z][a-z0-9._-]{0,127}$ ]]; then + echo "❌ Invalid npm dist-tag '$tag'. Must start with a lowercase letter and contain only [a-z0-9._-], max 128 chars." >&2 + exit 1 + fi + if [[ "$tag" =~ ^v[0-9] || "$tag" =~ ^[0-9] ]]; then + echo "❌ Invalid npm dist-tag '$tag'. Must not start with 'v' + digit or a digit (e.g., 'v1', '1.2.3')." >&2 + exit 1 + fi + if [[ -n "${SEEN[$tag]:-}" ]]; then + echo "❌ Duplicate npm dist-tag '$tag'." >&2 + exit 1 + fi + SEEN[$tag]=1 + TAGS+=("$tag") + done fi - # Must start with a lowercase letter; then [a-z0-9._-]; max 128 chars - if ! [[ "$NPM_DIST_TAG" =~ ^[a-z][a-z0-9._-]{0,127}$ ]]; then - echo "❌ Invalid npm dist-tag '$NPM_DIST_TAG'. Must start with a lowercase letter and contain only [a-z0-9._-], max 128 chars." >&2 - exit 1 + NORMALIZED_TAGS=$(IFS=','; printf '%s' "${TAGS[*]}") + HAS_LATEST="false" + for tag in "${TAGS[@]}"; do + if [ "$tag" = "latest" ]; then + HAS_LATEST="true" + fi + done + + if [ "$HAS_LATEST" = "true" ]; then + IS_BETA="false" + else + IS_BETA="true" fi - # Disallow version-like prefixes (avoid semver/range confusion) - if [[ "$NPM_DIST_TAG" =~ ^v[0-9] || "$NPM_DIST_TAG" =~ ^[0-9] ]]; then - echo "❌ Invalid npm dist-tag '$NPM_DIST_TAG'. Must not start with 'v' + digit or a digit (e.g., 'v1', '1.2.3')." >&2 - exit 1 + PRIMARY_TAG="${TAGS[0]}" + + echo "✅ npmjs_dist_tag normalized to '$NORMALIZED_TAGS'." + PR_NUMBER="" + PR_URL="" + + if [ "$IS_BETA" = "false" ]; then + OWNER="${REPO%%/*}" + echo "🔎 Validating that a release PR exists for ${RELEASE_BRANCH} → main…" + PRS_JSON="$(gh api -H 'Accept: application/vnd.github+json' \ + --method GET \ + -f state=open \ + -f base=main \ + -f head="${OWNER}:${RELEASE_BRANCH}" \ + "/repos/$REPO/pulls")" + PR_NUMBER="$(printf '%s' "$PRS_JSON" | jq -r '.[0].number // empty')" + PR_URL="$(printf '%s' "$PRS_JSON" | jq -r '.[0].html_url // empty')" + if [ -z "$PR_NUMBER" ]; then + echo "❌ No open PR found from ${RELEASE_BRANCH} to main. Please create the release PR before running this workflow." >&2 + exit 1 + fi + echo "ℹ️ Found release PR: #$PR_NUMBER ($PR_URL)" + else + echo "ℹ️ Beta release detected; skipping PR existence check." fi - echo "✅ npmjs_dist_tag '$NPM_DIST_TAG' is valid." + { + echo "NPM_DIST_TAGS=$NORMALIZED_TAGS" + echo "NPM_IS_BETA=$IS_BETA" + echo "NPM_PRIMARY_DIST_TAG=$PRIMARY_TAG" + echo "RELEASE_BRANCH=$RELEASE_BRANCH" + } >> "$GITHUB_ENV" + + { + echo "release_branch=$RELEASE_BRANCH" + echo "release_pr_number=$PR_NUMBER" + echo "release_pr_url=$PR_URL" + echo "is_beta=$IS_BETA" + } >> "$GITHUB_OUTPUT" - name: Get package version from package.json id: get_version @@ -104,16 +185,16 @@ jobs: echo "Version is empty or missing in $PKG_JSON" >&2 exit 1 fi - NPM_DIST_TAG="${{ github.event.inputs.npmjs_dist_tag }}" - if [ -z "$NPM_DIST_TAG" ]; then - NPM_DIST_TAG="latest" - fi - if [[ "$NPM_DIST_TAG" == "latest" ]] && ! [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + NPM_IS_BETA="${NPM_IS_BETA:-false}" + if [[ "$NPM_IS_BETA" != "true" ]] && ! [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "With npmjs_dist_tag 'latest', version must be of the form x.y.z. Found '$VERSION'." >&2 exit 1 fi echo "PACKAGE_VERSION=$VERSION" >> "$GITHUB_ENV" echo "version=$VERSION" >> "$GITHUB_OUTPUT" + echo "dist_tags=${NPM_DIST_TAGS:-latest}" >> "$GITHUB_OUTPUT" + echo "is_beta=${NPM_IS_BETA:-false}" >> "$GITHUB_OUTPUT" + echo "primary_dist_tag=${NPM_PRIMARY_DIST_TAG:-latest}" >> "$GITHUB_OUTPUT" run_faucet_test: name: Run faucet tests ${{ needs.get_version.outputs.package_version }} @@ -125,6 +206,7 @@ jobs: run_tests: name: Run unit/integration tests ${{ needs.get_version.outputs.package_version }} + continue-on-error: ${{ needs.get_version.outputs.npm_is_beta == 'true' }} permissions: contents: read id-token: write @@ -137,6 +219,7 @@ jobs: pre_release: runs-on: ubuntu-latest + if: ${{ needs.get_version.result == 'success' && needs.run_faucet_test.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.npm_is_beta == 'true') }} needs: [get_version, run_faucet_test, run_tests] name: Pre Release Pipeline for ${{ needs.get_version.outputs.package_version }} permissions: @@ -149,6 +232,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + ref: ${{ needs.get_version.outputs.release_branch }} - name: Set up Node.js uses: actions/setup-node@v4 @@ -297,6 +381,7 @@ jobs: ask_for_dev_team_review: runs-on: ubuntu-latest + if: ${{ needs.pre_release.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.npm_is_beta == 'true') }} needs: [get_version, run_faucet_test, run_tests, pre_release] permissions: pull-requests: write @@ -304,7 +389,7 @@ jobs: env: PACKAGE_VERSION: "${{ needs.get_version.outputs.package_version }}" PACKAGE_NAME: "${{ github.event.inputs.package_name }}" - RELEASE_BRANCH: "${{ github.ref_name }}" + RELEASE_BRANCH: "${{ github.event.inputs.release_branch_name }}" outputs: reviewers_dev: ${{ steps.get_reviewers.outputs.reviewers_dev }} reviewers_sec: ${{ steps.get_reviewers.outputs.reviewers_sec }} @@ -314,48 +399,6 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Create PR from release branch to main (skips for rc/beta) - id: ensure_pr - if: ${{ github.event.inputs.npmjs_dist_tag == '' || github.event.inputs.npmjs_dist_tag == 'latest' }} - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - REPO: ${{ github.repository }} - RELEASE_BRANCH: ${{ github.ref_name }} - VERSION: ${{ needs.get_version.outputs.package_version }} - run: | - set -euo pipefail - - echo "🔎 Checking if a PR already exists for $RELEASE_BRANCH → main…" - OWNER="${REPO%%/*}" - - # Find existing OPEN PR: base=main, head=OWNER:RELEASE_BRANCH - PRS_JSON="$(gh api -H 'Accept: application/vnd.github+json' \ - "/repos/$REPO/pulls?state=open&base=main&head=${OWNER}:${RELEASE_BRANCH}")" - - PR_NUMBER="$(printf '%s' "$PRS_JSON" | jq -r '.[0].number // empty')" - PR_URL="$(printf '%s' "$PRS_JSON" | jq -r '.[0].html_url // empty')" - - if [ -n "${PR_NUMBER:-}" ]; then - echo "ℹ️ Found existing PR: #$PR_NUMBER ($PR_URL)" - else - echo "📝 Creating PR for release $VERSION from $RELEASE_BRANCH → main" - CREATE_JSON="$(jq -n \ - --arg title "Release $VERSION: $RELEASE_BRANCH → main" \ - --arg head "$RELEASE_BRANCH" \ - --arg base "main" \ - --arg body "Automated PR for release **$VERSION** from **$RELEASE_BRANCH** → **main**. Workflow Run: https://github.com/$REPO/actions/runs/${{ github.run_id }}" \ - '{title:$title, head:$head, base:$base, body:$body}')" - - RESP="$(gh api -H 'Accept: application/vnd.github+json' \ - --method POST /repos/$REPO/pulls --input <(printf '%s' "$CREATE_JSON"))" - - PR_NUMBER="$(printf '%s' "$RESP" | jq -r '.number')" - PR_URL="$(printf '%s' "$RESP" | jq -r '.html_url')" - fi - - # Expose as step outputs (use these in later steps) - echo "pr_url=$PR_URL" >> "$GITHUB_OUTPUT" - echo "pr_number=$PR_NUMBER" >> "$GITHUB_OUTPUT" - name: Get reviewers id: get_reviewers @@ -369,8 +412,8 @@ jobs: ENV_SEC_NAME: official-release PACKAGE_NAME: ${{ env.PACKAGE_NAME }} PACKAGE_VERSION: ${{ env.PACKAGE_VERSION }} - NPMJS_DIST_TAG: ${{ github.event.inputs.npmjs_dist_tag }} - PR_URL: ${{ steps.ensure_pr.outputs.pr_url }} + NPM_DIST_TAGS: ${{ needs.get_version.outputs.npm_dist_tags }} + PR_URL: ${{ needs.get_version.outputs.release_pr_url }} GITHUB_ACTOR: ${{ github.actor }} GITHUB_TRIGGERING_ACTOR: ${{ github.triggering_actor }} run: | @@ -420,11 +463,11 @@ jobs: ENV_NAME: official-release PACKAGE_NAME: ${{ env.PACKAGE_NAME }} PACKAGE_VERSION: ${{ env.PACKAGE_VERSION }} - NPMJS_DIST_TAG: ${{ github.event.inputs.npmjs_dist_tag }} + NPM_DIST_TAGS: ${{ needs.get_version.outputs.npm_dist_tags }} GITHUB_ACTOR: ${{ github.actor }} GITHUB_TRIGGERING_ACTOR: ${{ github.triggering_actor }} RUN_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} - PR_URL: ${{ steps.ensure_pr.outputs.pr_url }} + PR_URL: ${{ needs.get_version.outputs.release_pr_url }} run: | set -euo pipefail @@ -461,7 +504,7 @@ jobs: PACKAGE_VERSION: ${{ env.PACKAGE_VERSION }} RUN_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} DEV_REVIEWERS: ${{ steps.get_reviewers.outputs.reviewers_dev }} - PR_URL: ${{ steps.ensure_pr.outputs.pr_url }} + PR_URL: ${{ needs.get_version.outputs.release_pr_url }} run: | set -euo pipefail @@ -480,6 +523,7 @@ jobs: first_review: runs-on: ubuntu-latest + if: ${{ needs.ask_for_dev_team_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.npm_is_beta == 'true') }} needs: [get_version, run_faucet_test, run_tests, pre_release, ask_for_dev_team_review] name: First approval (dev team) environment: @@ -491,6 +535,7 @@ jobs: ask_for_sec_team_review: runs-on: ubuntu-latest + if: ${{ needs.first_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.npm_is_beta == 'true') }} needs: [get_version, run_faucet_test, run_tests, pre_release, ask_for_dev_team_review, first_review] name: Invite sec team to review steps: @@ -507,7 +552,7 @@ jobs: run: | set -euo pipefail - MSG="${EXECUTOR} is releasing ${PACKAGE_NAME}@${PACKAGE_VERSION}. A member from the infosec team (${SEC_REVIEWERS}) needs to take the following action:\n Review the release artifacts and approve/reject the release. (${RUN_URL})" + MSG="${EXECUTOR} is releasing ${PACKAGE_NAME}@${PACKAGE_VERSION}. A sec reviewer from (${SEC_REVIEWERS}) needs to take the following action:\n Review the release artifacts and approve/reject the release. (${RUN_URL})" MSG=$(printf '%b' "$MSG") curl -sS -X POST https://slack.com/api/chat.postMessage \ -H "Authorization: Bearer $SLACK_TOKEN" \ @@ -520,6 +565,7 @@ jobs: permissions: id-token: write contents: write + if: ${{ needs.ask_for_sec_team_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.npm_is_beta == 'true') }} needs: [get_version, run_faucet_test, run_tests, pre_release, ask_for_dev_team_review, first_review, ask_for_sec_team_review] name: Release for ${{ needs.get_version.outputs.package_version }} env: @@ -553,20 +599,53 @@ jobs: registry-url: 'https://registry.npmjs.org/' - name: Publish to npm + env: + PRIMARY_NPM_TAG: ${{ needs.get_version.outputs.npm_primary_dist_tag }} + NPM_DIST_TAGS: ${{ needs.get_version.outputs.npm_dist_tags }} + NPM_IS_BETA: ${{ needs.get_version.outputs.npm_is_beta }} run: | + set -euo pipefail cd dist PKG=$(ls *.tgz) - echo $PKG - NPM_DIST_TAG="${{ github.event.inputs.npmjs_dist_tag }}" - if [ -z "$NPM_DIST_TAG" ]; then - NPM_DIST_TAG="latest" + echo "$PKG" + + if [ -z "${PRIMARY_NPM_TAG:-}" ]; then + echo "❌ Primary npm dist-tag is not set." >&2 + exit 1 fi - if [[ "$NPM_DIST_TAG" == "latest" ]] && ! [[ "${{ env.PACKAGE_VERSION }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo "With npmjs_dist_tag 'latest', version must be of the form x.y.z. Found '${{ env.PACKAGE_VERSION }}'." >&2 + + if [ -z "${NPM_DIST_TAGS:-}" ]; then + echo "❌ No npm dist-tags provided." >&2 + exit 1 + fi + + if [[ "${NPM_IS_BETA}" != "true" ]] && ! [[ "${PACKAGE_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Stable releases (tagged with 'latest') must use x.y.z SemVer. Found '${PACKAGE_VERSION}'." >&2 exit 1 fi + npm i -g npm@11.6.0 - npm publish "$PKG" --provenance --access public --registry=https://registry.npmjs.org/ --tag "$NPM_DIST_TAG" + # fix warning: npm warn Unknown user config always-auth + npm config delete always-auth --location=user + npm config set //registry.npmjs.org/:always-auth true --location=user + + npm publish "$PKG" --provenance --access public --registry=https://registry.npmjs.org/ --tag "$PRIMARY_NPM_TAG" + + PACKAGE_JSON_PATH="../packages/${PACKAGE_NAME}/package.json" + if [ ! -f "$PACKAGE_JSON_PATH" ]; then + echo "❌ package.json not found at $PACKAGE_JSON_PATH" >&2 + exit 1 + fi + + FULL_PACKAGE_NAME=$(jq -er '.name' "$PACKAGE_JSON_PATH") + + IFS=',' read -ra TAGS <<< "$NPM_DIST_TAGS" + for tag in "${TAGS[@]}"; do + if [ "$tag" = "$PRIMARY_NPM_TAG" ]; then + continue + fi + npm dist-tag add "$FULL_PACKAGE_NAME@${PACKAGE_VERSION}" "$tag" + done - name: Ensure Git tag exists id: create_tag @@ -594,8 +673,8 @@ jobs: name: "${{ steps.create_tag.outputs.tag_name }}" draft: false generate_release_notes: true - prerelease: ${{ github.event.inputs.npmjs_dist_tag != '' && github.event.inputs.npmjs_dist_tag != 'latest' }} - make_latest: ${{ github.event.inputs.npmjs_dist_tag == '' || github.event.inputs.npmjs_dist_tag == 'latest' }} + prerelease: ${{ needs.get_version.outputs.npm_is_beta == 'true' }} + make_latest: ${{ needs.get_version.outputs.npm_is_beta != 'true' }} - name: Notify Slack success (single-line) if: success() @@ -620,13 +699,32 @@ jobs: -H "Content-Type: application/json; charset=utf-8" \ -d "$(jq -n --arg channel "#xrpl-js" --arg text "$text" '{channel:$channel, text:$text}')" - - name: Notify Slack if tests fail - if: failure() + generate-documentation: + name: Generate and Publish documentation for ${{ needs.get_version.outputs.package_version }} + if: ${{ needs.get_version.outputs.npm_is_beta != 'true' }} + uses: ./.github/workflows/generate-documentation.yml + needs: [get_version, release] + with: + git_ref: ${{ github.ref_name }} + permissions: + contents: read + id-token: write + pages: write + + notify_release_failure: + runs-on: ubuntu-latest + needs: [get_version, release] + if: ${{ needs.release.result == 'failure' }} + steps: + - name: Notify Slack release failed env: SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }} + PACKAGE_NAME: ${{ github.event.inputs.package_name }} + PACKAGE_VERSION: ${{ needs.get_version.outputs.package_version }} run: | - MESSAGE="❌ Release failed for ${{ env.PACKAGE_NAME }}@${{ env.PACKAGE_VERSION }}. Check the logs: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" - curl -X POST https://slack.com/api/chat.postMessage \ + set -euo pipefail + MESSAGE="❌ Release failed for ${PACKAGE_NAME}@${PACKAGE_VERSION}. Check the logs: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" + curl -sS -X POST https://slack.com/api/chat.postMessage \ -H "Authorization: Bearer $SLACK_TOKEN" \ -H "Content-Type: application/json" \ -d "$(jq -n \ From c1ec7052da68660729c8046fa41cc3fef8b4f19e Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Wed, 5 Nov 2025 19:09:39 +0800 Subject: [PATCH 02/47] release pipeline change for beta release --- .github/workflows/release.yml | 43 +++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6254134526..91d39120f0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,6 +37,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 + ref: ${{ github.event.inputs.release_branch_name }} - name: Validate inputs id: validate_inputs @@ -46,14 +47,7 @@ jobs: run: | set -euo pipefail - RELEASE_BRANCH_INPUT="${{ github.event.inputs.release_branch_name }}" - RELEASE_BRANCH="$(git branch --show-current || true)" - if [[ -n "$RELEASE_BRANCH_INPUT" ]]; then - RELEASE_BRANCH="$RELEASE_BRANCH_INPUT" - elif [[ -z "$RELEASE_BRANCH" ]]; then - RELEASE_BRANCH="${{ github.ref_name }}" - fi - + RELEASE_BRANCH="${{ github.event.inputs.release_branch_name }}" if [[ -z "$RELEASE_BRANCH" ]]; then echo "❌ Unable to determine branch name." >&2 exit 1 @@ -71,11 +65,6 @@ jobs: exit 1 fi - if [[ ! "${RELEASE_BRANCH,,}" =~ ^release[-/] ]]; then - echo "❌ Release branch '$RELEASE_BRANCH' must start with 'release-' or 'release/'." >&2 - exit 1 - fi - if grep -R --exclude-dir=.git --exclude-dir=.github "artifactory.ops.ripple.com" .; then echo "❌ Internal Artifactory URL found" exit 1 @@ -87,9 +76,12 @@ jobs: RAW_DIST_TAGS="${{ github.event.inputs.npmjs_dist_tag }}" declare -a TAGS declare -A SEEN=() + HAS_LATEST="false" + HAS_EXPERIMENTAL="false" if [ -z "$RAW_DIST_TAGS" ]; then TAGS=("latest") + HAS_LATEST="true" echo "ℹ️ npmjs_dist_tag empty → defaulting to 'latest'." else IFS=',' read -ra INPUT_TAGS <<< "$RAW_DIST_TAGS" @@ -113,16 +105,16 @@ jobs: fi SEEN[$tag]=1 TAGS+=("$tag") + if [ "$tag" = "latest" ]; then + HAS_LATEST="true" + fi + if [[ "${tag,,}" == *experimental* ]]; then + HAS_EXPERIMENTAL="true" + fi done fi NORMALIZED_TAGS=$(IFS=','; printf '%s' "${TAGS[*]}") - HAS_LATEST="false" - for tag in "${TAGS[@]}"; do - if [ "$tag" = "latest" ]; then - HAS_LATEST="true" - fi - done if [ "$HAS_LATEST" = "true" ]; then IS_BETA="false" @@ -130,12 +122,25 @@ jobs: IS_BETA="true" fi + if [ "$IS_BETA" = "true" ]; then + if [ "$HAS_EXPERIMENTAL" != "true" ]; then + echo "❌ Beta releases must include an npm dist-tag containing 'experimental'. Provided tags: '$NORMALIZED_TAGS'." >&2 + exit 1 + fi + fi + + if [ "$IS_BETA" != "true" ] && [[ ! "${RELEASE_BRANCH,,}" =~ ^release[-/] ]]; then + echo "❌ Release branch '$RELEASE_BRANCH' must start with 'release-' or 'release/' for stable releases." >&2 + exit 1 + fi + PRIMARY_TAG="${TAGS[0]}" echo "✅ npmjs_dist_tag normalized to '$NORMALIZED_TAGS'." PR_NUMBER="" PR_URL="" + // For stable releases, check that a PR exists from the release branch to main if [ "$IS_BETA" = "false" ]; then OWNER="${REPO%%/*}" echo "🔎 Validating that a release PR exists for ${RELEASE_BRANCH} → main…" From 02d5774aa937fb6d3fd576a6f8573f5241741c53 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Wed, 5 Nov 2025 19:59:10 +0800 Subject: [PATCH 03/47] release pipeline change for beta release --- .github/workflows/release.yml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 91d39120f0..57d61bbdd8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -212,10 +212,6 @@ jobs: run_tests: name: Run unit/integration tests ${{ needs.get_version.outputs.package_version }} continue-on-error: ${{ needs.get_version.outputs.npm_is_beta == 'true' }} - permissions: - contents: read - id-token: write - pages: write needs: [get_version] uses: ./.github/workflows/nodejs.yml with: @@ -711,10 +707,6 @@ jobs: needs: [get_version, release] with: git_ref: ${{ github.ref_name }} - permissions: - contents: read - id-token: write - pages: write notify_release_failure: runs-on: ubuntu-latest @@ -736,15 +728,3 @@ jobs: --arg channel "#xrpl-js" \ --arg text "$MESSAGE" \ '{channel: $channel, text: $text}')" - - generate-documentation: - name: Generate and Publish documentation for ${{ needs.get_version.outputs.package_version }} - if: ${{ github.event.inputs.npmjs_dist_tag == 'latest' }} - uses: ./.github/workflows/generate-documentation.yml - needs: [get_version, release] - with: - git_ref: ${{ github.ref_name }} - permissions: - contents: read - id-token: write - pages: write From 08c189f24526b5849140460a23ae0a707cee82aa Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Wed, 5 Nov 2025 23:17:31 +0800 Subject: [PATCH 04/47] update workflow for beta release --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 57d61bbdd8..b88a6fffdc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -140,7 +140,7 @@ jobs: PR_NUMBER="" PR_URL="" - // For stable releases, check that a PR exists from the release branch to main + # For stable releases, check that a PR exists from the release branch to main if [ "$IS_BETA" = "false" ]; then OWNER="${REPO%%/*}" echo "🔎 Validating that a release PR exists for ${RELEASE_BRANCH} → main…" @@ -211,12 +211,12 @@ jobs: run_tests: name: Run unit/integration tests ${{ needs.get_version.outputs.package_version }} - continue-on-error: ${{ needs.get_version.outputs.npm_is_beta == 'true' }} needs: [get_version] uses: ./.github/workflows/nodejs.yml with: git_ref: ${{ github.ref }} secrets: inherit + continue-on-error: ${{ needs.get_version.outputs.npm_is_beta == 'true' }} pre_release: runs-on: ubuntu-latest From 1cc7680e40129065ea825d58166cb3587d77a715 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Thu, 6 Nov 2025 09:41:48 +0800 Subject: [PATCH 05/47] update workflow for beta release --- .github/workflows/faucet_test.yml | 12 +++++++++++- .github/workflows/nodejs.yml | 9 +++++++++ .github/workflows/release.yml | 5 +++-- 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/.github/workflows/faucet_test.yml b/.github/workflows/faucet_test.yml index 9ee0af3e2b..50cb5f0f13 100644 --- a/.github/workflows/faucet_test.yml +++ b/.github/workflows/faucet_test.yml @@ -1,5 +1,9 @@ name: Faucet Tests +env: + GIT_REF: ${{ inputs.git_ref || github.ref }} + ALLOW_FAILURE: ${{ inputs.allow_failure || false }} + on: push: branches: [main] @@ -10,12 +14,18 @@ on: description: 'Git ref to checkout (branch, tag, or commit SHA)' required: true type: string + allow_failure: + description: 'Allow workflow jobs to continue on error when invoked as a reusable workflow' + required: false + default: false + type: boolean jobs: faucet-test: runs-on: ubuntu-latest timeout-minutes: 15 + continue-on-error: ${{ env.ALLOW_FAILURE == 'true' }} strategy: max-parallel: 1 @@ -25,7 +35,7 @@ jobs: steps: - uses: actions/checkout@v4 with: - ref: ${{ inputs.git_ref || github.ref }} + ref: ${{ env.GIT_REF }} fetch-depth: 0 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 569644abab..7fcbb5ea57 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -6,6 +6,7 @@ name: Node.js CI env: RIPPLED_DOCKER_IMAGE: rippleci/rippled:develop GIT_REF: ${{ inputs.git_ref || github.ref }} + ALLOW_FAILURE: ${{ inputs.allow_failure || false }} on: push: @@ -20,11 +21,17 @@ on: description: 'Git ref to checkout (branch, tag, or commit SHA)' required: true type: string + allow_failure: + description: 'Allow workflow jobs to continue on error when invoked as a reusable workflow' + required: false + default: false + type: boolean jobs: build-and-lint: runs-on: ubuntu-latest timeout-minutes: 10 + continue-on-error: ${{ env.ALLOW_FAILURE == 'true' }} strategy: matrix: node-version: [24.x] @@ -67,6 +74,7 @@ jobs: unit: runs-on: ubuntu-latest timeout-minutes: 10 + continue-on-error: ${{ env.ALLOW_FAILURE == 'true' }} strategy: matrix: @@ -110,6 +118,7 @@ jobs: integration: runs-on: ubuntu-latest timeout-minutes: 10 + continue-on-error: ${{ env.ALLOW_FAILURE == 'true' }} strategy: matrix: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b88a6fffdc..39549280dd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -206,6 +206,7 @@ jobs: needs: [get_version] uses: ./.github/workflows/faucet_test.yml with: + allow_failure: ${{ needs.get_version.outputs.npm_is_beta == 'true' }} git_ref: ${{ github.ref }} secrets: inherit @@ -214,13 +215,13 @@ jobs: needs: [get_version] uses: ./.github/workflows/nodejs.yml with: + allow_failure: ${{ needs.get_version.outputs.npm_is_beta == 'true' }} git_ref: ${{ github.ref }} secrets: inherit - continue-on-error: ${{ needs.get_version.outputs.npm_is_beta == 'true' }} pre_release: runs-on: ubuntu-latest - if: ${{ needs.get_version.result == 'success' && needs.run_faucet_test.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.npm_is_beta == 'true') }} + if: ${{ needs.get_version.result == 'success' && (needs.run_faucet_test.result == 'success' || needs.get_version.outputs.npm_is_beta == 'true') && (needs.run_tests.result == 'success' || needs.get_version.outputs.npm_is_beta == 'true') }} needs: [get_version, run_faucet_test, run_tests] name: Pre Release Pipeline for ${{ needs.get_version.outputs.package_version }} permissions: From 06f505c5ab776a427268b015d67a8afa80c6969d Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Thu, 6 Nov 2025 09:51:41 +0800 Subject: [PATCH 06/47] update workflow for beta release --- .github/workflows/faucet_test.yml | 3 +-- .github/workflows/nodejs.yml | 7 +++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/faucet_test.yml b/.github/workflows/faucet_test.yml index 50cb5f0f13..4d51b0091d 100644 --- a/.github/workflows/faucet_test.yml +++ b/.github/workflows/faucet_test.yml @@ -2,7 +2,6 @@ name: Faucet Tests env: GIT_REF: ${{ inputs.git_ref || github.ref }} - ALLOW_FAILURE: ${{ inputs.allow_failure || false }} on: push: @@ -25,7 +24,7 @@ jobs: faucet-test: runs-on: ubuntu-latest timeout-minutes: 15 - continue-on-error: ${{ env.ALLOW_FAILURE == 'true' }} + continue-on-error: ${{ inputs.allow_failure }} strategy: max-parallel: 1 diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 7fcbb5ea57..2b2cd77dc0 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -6,7 +6,6 @@ name: Node.js CI env: RIPPLED_DOCKER_IMAGE: rippleci/rippled:develop GIT_REF: ${{ inputs.git_ref || github.ref }} - ALLOW_FAILURE: ${{ inputs.allow_failure || false }} on: push: @@ -31,7 +30,7 @@ jobs: build-and-lint: runs-on: ubuntu-latest timeout-minutes: 10 - continue-on-error: ${{ env.ALLOW_FAILURE == 'true' }} + continue-on-error: ${{ inputs.allow_failure }} strategy: matrix: node-version: [24.x] @@ -74,7 +73,7 @@ jobs: unit: runs-on: ubuntu-latest timeout-minutes: 10 - continue-on-error: ${{ env.ALLOW_FAILURE == 'true' }} + continue-on-error: ${{ inputs.allow_failure }} strategy: matrix: @@ -118,7 +117,7 @@ jobs: integration: runs-on: ubuntu-latest timeout-minutes: 10 - continue-on-error: ${{ env.ALLOW_FAILURE == 'true' }} + continue-on-error: ${{ inputs.allow_failure }} strategy: matrix: From e783b9e4758344fa02dc23a55e8a476888f479bb Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Thu, 6 Nov 2025 10:08:16 +0800 Subject: [PATCH 07/47] update workflow for beta release --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 39549280dd..7c46a3f05a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -207,7 +207,7 @@ jobs: uses: ./.github/workflows/faucet_test.yml with: allow_failure: ${{ needs.get_version.outputs.npm_is_beta == 'true' }} - git_ref: ${{ github.ref }} + git_ref: ${{ needs.get_version.outputs.release_branch }} secrets: inherit run_tests: @@ -216,7 +216,7 @@ jobs: uses: ./.github/workflows/nodejs.yml with: allow_failure: ${{ needs.get_version.outputs.npm_is_beta == 'true' }} - git_ref: ${{ github.ref }} + git_ref: ${{ needs.get_version.outputs.release_branch }} secrets: inherit pre_release: From 26b09eaf651ffadf572585fcb0ba8aba7f619c9d Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Thu, 6 Nov 2025 10:12:15 +0800 Subject: [PATCH 08/47] update workflow for beta release --- .github/workflows/release.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7c46a3f05a..484685c994 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -706,6 +706,10 @@ jobs: if: ${{ needs.get_version.outputs.npm_is_beta != 'true' }} uses: ./.github/workflows/generate-documentation.yml needs: [get_version, release] + permissions: + contents: read + pages: write + id-token: write with: git_ref: ${{ github.ref_name }} From 3e5e03c1e7709ae544c36afb670683a5ccd7c341 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Thu, 6 Nov 2025 10:21:21 +0800 Subject: [PATCH 09/47] update workflow for beta release --- .github/workflows/faucet_test.yml | 2 +- .github/workflows/nodejs.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/faucet_test.yml b/.github/workflows/faucet_test.yml index 4d51b0091d..f36ac0bb90 100644 --- a/.github/workflows/faucet_test.yml +++ b/.github/workflows/faucet_test.yml @@ -24,7 +24,7 @@ jobs: faucet-test: runs-on: ubuntu-latest timeout-minutes: 15 - continue-on-error: ${{ inputs.allow_failure }} + continue-on-error: ${{ github.event_name == 'workflow_call' && (inputs.allow_failure == true || inputs.allow_failure == 'true') }} strategy: max-parallel: 1 diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 2b2cd77dc0..94bdc47a1a 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -30,7 +30,7 @@ jobs: build-and-lint: runs-on: ubuntu-latest timeout-minutes: 10 - continue-on-error: ${{ inputs.allow_failure }} + continue-on-error: ${{ github.event_name == 'workflow_call' && (inputs.allow_failure == true || inputs.allow_failure == 'true') }} strategy: matrix: node-version: [24.x] @@ -73,7 +73,7 @@ jobs: unit: runs-on: ubuntu-latest timeout-minutes: 10 - continue-on-error: ${{ inputs.allow_failure }} + continue-on-error: ${{ github.event_name == 'workflow_call' && (inputs.allow_failure == true || inputs.allow_failure == 'true') }} strategy: matrix: @@ -117,7 +117,7 @@ jobs: integration: runs-on: ubuntu-latest timeout-minutes: 10 - continue-on-error: ${{ inputs.allow_failure }} + continue-on-error: ${{ github.event_name == 'workflow_call' && (inputs.allow_failure == true || inputs.allow_failure == 'true') }} strategy: matrix: From 3207743a27aab8309b287306d2573e99a3630b4d Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Thu, 6 Nov 2025 10:47:25 +0800 Subject: [PATCH 10/47] update workflow for beta release --- .github/workflows/release.yml | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 484685c994..ddf860c4ee 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,6 +32,7 @@ jobs: release_branch: ${{ steps.validate_inputs.outputs.release_branch }} release_pr_number: ${{ steps.validate_inputs.outputs.release_pr_number }} release_pr_url: ${{ steps.validate_inputs.outputs.release_pr_url }} + is_beta: ${{ steps.validate_inputs.outputs.is_beta }} steps: - name: Checkout code uses: actions/checkout@v4 @@ -206,7 +207,7 @@ jobs: needs: [get_version] uses: ./.github/workflows/faucet_test.yml with: - allow_failure: ${{ needs.get_version.outputs.npm_is_beta == 'true' }} + allow_failure: ${{ needs.get_version.outputs.is_beta == 'true' }} git_ref: ${{ needs.get_version.outputs.release_branch }} secrets: inherit @@ -215,13 +216,13 @@ jobs: needs: [get_version] uses: ./.github/workflows/nodejs.yml with: - allow_failure: ${{ needs.get_version.outputs.npm_is_beta == 'true' }} + allow_failure: ${{ needs.get_version.outputs.is_beta == 'true' }} git_ref: ${{ needs.get_version.outputs.release_branch }} secrets: inherit pre_release: runs-on: ubuntu-latest - if: ${{ needs.get_version.result == 'success' && (needs.run_faucet_test.result == 'success' || needs.get_version.outputs.npm_is_beta == 'true') && (needs.run_tests.result == 'success' || needs.get_version.outputs.npm_is_beta == 'true') }} + if: ${{ needs.get_version.result == 'success' && (needs.run_faucet_test.result == 'success' || needs.get_version.outputs.is_beta == 'true') && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} needs: [get_version, run_faucet_test, run_tests] name: Pre Release Pipeline for ${{ needs.get_version.outputs.package_version }} permissions: @@ -383,7 +384,7 @@ jobs: ask_for_dev_team_review: runs-on: ubuntu-latest - if: ${{ needs.pre_release.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.npm_is_beta == 'true') }} + if: ${{ needs.pre_release.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} needs: [get_version, run_faucet_test, run_tests, pre_release] permissions: pull-requests: write @@ -525,7 +526,7 @@ jobs: first_review: runs-on: ubuntu-latest - if: ${{ needs.ask_for_dev_team_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.npm_is_beta == 'true') }} + if: ${{ needs.ask_for_dev_team_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} needs: [get_version, run_faucet_test, run_tests, pre_release, ask_for_dev_team_review] name: First approval (dev team) environment: @@ -537,7 +538,7 @@ jobs: ask_for_sec_team_review: runs-on: ubuntu-latest - if: ${{ needs.first_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.npm_is_beta == 'true') }} + if: ${{ needs.first_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} needs: [get_version, run_faucet_test, run_tests, pre_release, ask_for_dev_team_review, first_review] name: Invite sec team to review steps: @@ -567,7 +568,7 @@ jobs: permissions: id-token: write contents: write - if: ${{ needs.ask_for_sec_team_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.npm_is_beta == 'true') }} + if: ${{ needs.ask_for_sec_team_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} needs: [get_version, run_faucet_test, run_tests, pre_release, ask_for_dev_team_review, first_review, ask_for_sec_team_review] name: Release for ${{ needs.get_version.outputs.package_version }} env: @@ -604,7 +605,7 @@ jobs: env: PRIMARY_NPM_TAG: ${{ needs.get_version.outputs.npm_primary_dist_tag }} NPM_DIST_TAGS: ${{ needs.get_version.outputs.npm_dist_tags }} - NPM_IS_BETA: ${{ needs.get_version.outputs.npm_is_beta }} + NPM_IS_BETA: ${{ needs.get_version.outputs.is_beta }} run: | set -euo pipefail cd dist @@ -675,8 +676,8 @@ jobs: name: "${{ steps.create_tag.outputs.tag_name }}" draft: false generate_release_notes: true - prerelease: ${{ needs.get_version.outputs.npm_is_beta == 'true' }} - make_latest: ${{ needs.get_version.outputs.npm_is_beta != 'true' }} + prerelease: ${{ needs.get_version.outputs.is_beta == 'true' }} + make_latest: ${{ needs.get_version.outputs.is_beta != 'true' }} - name: Notify Slack success (single-line) if: success() @@ -703,7 +704,7 @@ jobs: generate-documentation: name: Generate and Publish documentation for ${{ needs.get_version.outputs.package_version }} - if: ${{ needs.get_version.outputs.npm_is_beta != 'true' }} + if: ${{ needs.get_version.outputs.is_beta != 'true' }} uses: ./.github/workflows/generate-documentation.yml needs: [get_version, release] permissions: From 9c382a15569afdc2da84aef0b6093c2dee618653 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Thu, 6 Nov 2025 11:22:12 +0800 Subject: [PATCH 11/47] update workflow for beta release --- .github/workflows/faucet_test.yml | 2 +- .github/workflows/nodejs.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/faucet_test.yml b/.github/workflows/faucet_test.yml index f36ac0bb90..11139c1c8b 100644 --- a/.github/workflows/faucet_test.yml +++ b/.github/workflows/faucet_test.yml @@ -24,7 +24,7 @@ jobs: faucet-test: runs-on: ubuntu-latest timeout-minutes: 15 - continue-on-error: ${{ github.event_name == 'workflow_call' && (inputs.allow_failure == true || inputs.allow_failure == 'true') }} + continue-on-error: ${{ inputs.allow_failure || false }} strategy: max-parallel: 1 diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 94bdc47a1a..b5aac38868 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -30,7 +30,7 @@ jobs: build-and-lint: runs-on: ubuntu-latest timeout-minutes: 10 - continue-on-error: ${{ github.event_name == 'workflow_call' && (inputs.allow_failure == true || inputs.allow_failure == 'true') }} + continue-on-error: ${{ inputs.allow_failure || false }} strategy: matrix: node-version: [24.x] @@ -73,7 +73,7 @@ jobs: unit: runs-on: ubuntu-latest timeout-minutes: 10 - continue-on-error: ${{ github.event_name == 'workflow_call' && (inputs.allow_failure == true || inputs.allow_failure == 'true') }} + continue-on-error: ${{ inputs.allow_failure || false }} strategy: matrix: @@ -117,7 +117,7 @@ jobs: integration: runs-on: ubuntu-latest timeout-minutes: 10 - continue-on-error: ${{ github.event_name == 'workflow_call' && (inputs.allow_failure == true || inputs.allow_failure == 'true') }} + continue-on-error: ${{ inputs.allow_failure || false }} strategy: matrix: From 9958a28045ea3e14c9e2af3be4be8f2c01fe77d0 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Thu, 6 Nov 2025 12:05:48 +0800 Subject: [PATCH 12/47] update workflow for beta release --- .github/workflows/faucet_test.yml | 6 ------ .github/workflows/nodejs.yml | 8 -------- .github/workflows/release.yml | 12 +++++------- 3 files changed, 5 insertions(+), 21 deletions(-) diff --git a/.github/workflows/faucet_test.yml b/.github/workflows/faucet_test.yml index 11139c1c8b..d7503c0b16 100644 --- a/.github/workflows/faucet_test.yml +++ b/.github/workflows/faucet_test.yml @@ -13,18 +13,12 @@ on: description: 'Git ref to checkout (branch, tag, or commit SHA)' required: true type: string - allow_failure: - description: 'Allow workflow jobs to continue on error when invoked as a reusable workflow' - required: false - default: false - type: boolean jobs: faucet-test: runs-on: ubuntu-latest timeout-minutes: 15 - continue-on-error: ${{ inputs.allow_failure || false }} strategy: max-parallel: 1 diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index b5aac38868..569644abab 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -20,17 +20,11 @@ on: description: 'Git ref to checkout (branch, tag, or commit SHA)' required: true type: string - allow_failure: - description: 'Allow workflow jobs to continue on error when invoked as a reusable workflow' - required: false - default: false - type: boolean jobs: build-and-lint: runs-on: ubuntu-latest timeout-minutes: 10 - continue-on-error: ${{ inputs.allow_failure || false }} strategy: matrix: node-version: [24.x] @@ -73,7 +67,6 @@ jobs: unit: runs-on: ubuntu-latest timeout-minutes: 10 - continue-on-error: ${{ inputs.allow_failure || false }} strategy: matrix: @@ -117,7 +110,6 @@ jobs: integration: runs-on: ubuntu-latest timeout-minutes: 10 - continue-on-error: ${{ inputs.allow_failure || false }} strategy: matrix: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ddf860c4ee..706880f3e9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -207,7 +207,6 @@ jobs: needs: [get_version] uses: ./.github/workflows/faucet_test.yml with: - allow_failure: ${{ needs.get_version.outputs.is_beta == 'true' }} git_ref: ${{ needs.get_version.outputs.release_branch }} secrets: inherit @@ -216,13 +215,12 @@ jobs: needs: [get_version] uses: ./.github/workflows/nodejs.yml with: - allow_failure: ${{ needs.get_version.outputs.is_beta == 'true' }} git_ref: ${{ needs.get_version.outputs.release_branch }} secrets: inherit pre_release: runs-on: ubuntu-latest - if: ${{ needs.get_version.result == 'success' && (needs.run_faucet_test.result == 'success' || needs.get_version.outputs.is_beta == 'true') && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} + if: ${{ always() && needs.get_version.result == 'success' && (needs.run_faucet_test.result == 'success' || needs.get_version.outputs.is_beta == 'true') && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} needs: [get_version, run_faucet_test, run_tests] name: Pre Release Pipeline for ${{ needs.get_version.outputs.package_version }} permissions: @@ -384,7 +382,7 @@ jobs: ask_for_dev_team_review: runs-on: ubuntu-latest - if: ${{ needs.pre_release.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} + if: ${{ always() && needs.pre_release.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} needs: [get_version, run_faucet_test, run_tests, pre_release] permissions: pull-requests: write @@ -526,7 +524,7 @@ jobs: first_review: runs-on: ubuntu-latest - if: ${{ needs.ask_for_dev_team_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} + if: ${{ always() && needs.ask_for_dev_team_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} needs: [get_version, run_faucet_test, run_tests, pre_release, ask_for_dev_team_review] name: First approval (dev team) environment: @@ -538,7 +536,7 @@ jobs: ask_for_sec_team_review: runs-on: ubuntu-latest - if: ${{ needs.first_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} + if: ${{ always() && needs.first_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} needs: [get_version, run_faucet_test, run_tests, pre_release, ask_for_dev_team_review, first_review] name: Invite sec team to review steps: @@ -568,7 +566,7 @@ jobs: permissions: id-token: write contents: write - if: ${{ needs.ask_for_sec_team_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} + if: ${{ always() && needs.ask_for_sec_team_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} needs: [get_version, run_faucet_test, run_tests, pre_release, ask_for_dev_team_review, first_review, ask_for_sec_team_review] name: Release for ${{ needs.get_version.outputs.package_version }} env: From 1d74ec340d8a9c16d3d8209d35f3934df5b14d82 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Thu, 6 Nov 2025 12:50:46 +0800 Subject: [PATCH 13/47] update workflow for beta release --- .github/workflows/release.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 706880f3e9..a76b47870c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -264,7 +264,7 @@ jobs: -H "Authorization: Bearer $SLACK_TOKEN" \ -H "Content-Type: application/json" \ -d "$(jq -n \ - --arg channel "#xrpl-js" \ + --arg channel "#test-alert" \ --arg text "$MESSAGE" \ '{channel: $channel, text: $text}')" @@ -499,7 +499,7 @@ jobs: shell: bash env: SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }} - CHANNEL: "#xrpl-js" + CHANNEL: "#test-alert" EXECUTOR: ${{ github.triggering_actor || github.actor }} PACKAGE_NAME: ${{ env.PACKAGE_NAME }} PACKAGE_VERSION: ${{ env.PACKAGE_VERSION }} @@ -544,7 +544,7 @@ jobs: shell: bash env: SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }} - CHANNEL: "#ripplex-security" + CHANNEL: "#test-alert" EXECUTOR: ${{ github.triggering_actor || github.actor }} PACKAGE_NAME: ${{ needs.get_version.outputs.package_version && github.event.inputs.package_name }} PACKAGE_VERSION: ${{ needs.get_version.outputs.package_version }} @@ -698,7 +698,7 @@ jobs: curl -sS -X POST https://slack.com/api/chat.postMessage \ -H "Authorization: Bearer $SLACK_TOKEN" \ -H "Content-Type: application/json; charset=utf-8" \ - -d "$(jq -n --arg channel "#xrpl-js" --arg text "$text" '{channel:$channel, text:$text}')" + -d "$(jq -n --arg channel "#test-alert" --arg text "$text" '{channel:$channel, text:$text}')" generate-documentation: name: Generate and Publish documentation for ${{ needs.get_version.outputs.package_version }} @@ -729,6 +729,6 @@ jobs: -H "Authorization: Bearer $SLACK_TOKEN" \ -H "Content-Type: application/json" \ -d "$(jq -n \ - --arg channel "#xrpl-js" \ + --arg channel "#test-alert" \ --arg text "$MESSAGE" \ '{channel: $channel, text: $text}')" From 6aacbb6249b4e1f227231291a9a0b330d7efa06a Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Thu, 6 Nov 2025 15:32:17 +0800 Subject: [PATCH 14/47] update workflow for beta release --- .github/workflows/release.yml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a76b47870c..32110b1168 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -241,16 +241,21 @@ jobs: node-version: 20 registry-url: 'https://registry.npmjs.org' + - name: Normalize npm auth config + run: | + npm config delete always-auth --location=user || true + npm config set //registry.npmjs.org/:always-auth true --location=user + - name: Build package run: | - # dubugging info + # debugging info npm i -g npm@11.6.0 npm --version node --version ls -l pwd - #build + # build npm ci npm run build @@ -599,6 +604,11 @@ jobs: node-version: 20 registry-url: 'https://registry.npmjs.org/' + - name: Normalize npm auth config + run: | + npm config delete always-auth --location=user || true + npm config set //registry.npmjs.org/:always-auth true --location=user + - name: Publish to npm env: PRIMARY_NPM_TAG: ${{ needs.get_version.outputs.npm_primary_dist_tag }} @@ -626,9 +636,6 @@ jobs: fi npm i -g npm@11.6.0 - # fix warning: npm warn Unknown user config always-auth - npm config delete always-auth --location=user - npm config set //registry.npmjs.org/:always-auth true --location=user npm publish "$PKG" --provenance --access public --registry=https://registry.npmjs.org/ --tag "$PRIMARY_NPM_TAG" From b65ddc7246e144b2c3e4fb662ae7b1fe4692f563 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Thu, 6 Nov 2025 16:39:25 +0800 Subject: [PATCH 15/47] update workflow for beta release --- .github/workflows/release.yml | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 32110b1168..c0d2599756 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -243,8 +243,15 @@ jobs: - name: Normalize npm auth config run: | - npm config delete always-auth --location=user || true - npm config set //registry.npmjs.org/:always-auth true --location=user + set -euo pipefail + CONFIG_FILE="${NPM_CONFIG_USERCONFIG:-$HOME/.npmrc}" + touch "$CONFIG_FILE" + tmp="$(mktemp)" + grep -v '^always-auth[[:space:]]*=' "$CONFIG_FILE" > "$tmp" || true + mv "$tmp" "$CONFIG_FILE" + if ! grep -q '^//registry.npmjs.org/:always-auth' "$CONFIG_FILE"; then + printf '//registry.npmjs.org/:always-auth=true\n' >> "$CONFIG_FILE" + fi - name: Build package run: | @@ -606,8 +613,15 @@ jobs: - name: Normalize npm auth config run: | - npm config delete always-auth --location=user || true - npm config set //registry.npmjs.org/:always-auth true --location=user + set -euo pipefail + CONFIG_FILE="${NPM_CONFIG_USERCONFIG:-$HOME/.npmrc}" + touch "$CONFIG_FILE" + tmp="$(mktemp)" + grep -v '^always-auth[[:space:]]*=' "$CONFIG_FILE" > "$tmp" || true + mv "$tmp" "$CONFIG_FILE" + if ! grep -q '^//registry.npmjs.org/:always-auth' "$CONFIG_FILE"; then + printf '//registry.npmjs.org/:always-auth=true\n' >> "$CONFIG_FILE" + fi - name: Publish to npm env: From 04ba9c6561d14285e2000befc826e7f306789efa Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Thu, 6 Nov 2025 17:13:33 +0800 Subject: [PATCH 16/47] update workflow for beta release --- .github/workflows/nodejs.yml | 203 ++++++++++++++++++---------------- .github/workflows/release.yml | 10 +- 2 files changed, 110 insertions(+), 103 deletions(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 569644abab..15b6f393ad 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -38,97 +38,19 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} + registry-url: https://registry.npmjs.org/ - - name: Setup npm version 10 - run: | - npm i -g npm@10 --registry=https://registry.npmjs.org - - - name: Cache node modules - id: cache-nodemodules - uses: actions/cache@v4 - env: - cache-name: cache-node-modules - with: - # caching node_modules - path: | - node_modules - */*/node_modules - key: ${{ runner.os }}-deps-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-deps-${{ matrix.node-version }}- - - - name: Install Dependencies - if: steps.cache-nodemodules.outputs.cache-hit != 'true' - run: npm ci - - - run: npm run build - - run: npm run lint - - unit: - runs-on: ubuntu-latest - timeout-minutes: 10 - - strategy: - matrix: - node-version: [20.x, 22.x, 24.x] - - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ env.GIT_REF }} - fetch-depth: 0 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 - with: - node-version: ${{ matrix.node-version }} - - - name: Setup npm version 10 - run: | - npm i -g npm@10 --registry=https://registry.npmjs.org - - - name: Cache node modules - id: cache-nodemodules - uses: actions/cache@v4 - env: - cache-name: cache-node-modules - with: - # caching node_modules - path: | - node_modules - */*/node_modules - key: ${{ runner.os }}-deps-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-deps-${{ matrix.node-version }}- - - - name: Install Dependencies - if: steps.cache-nodemodules.outputs.cache-hit != 'true' - run: npm ci - - - run: npm run build - - run: npm test - - integration: - runs-on: ubuntu-latest - timeout-minutes: 10 - - strategy: - matrix: - node-version: [20.x, 22.x, 24.x] - - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ env.GIT_REF }} - fetch-depth: 0 - - - name: Run docker in background + - name: Normalize npm auth config run: | - docker run --detach --rm -p 6006:6006 --volume "${{ github.workspace }}/.ci-config/":"/etc/opt/ripple/" --name rippled-service --health-cmd="rippled server_info || exit 1" --health-interval=5s --health-retries=10 --health-timeout=2s --env GITHUB_ACTIONS=true --env CI=true --entrypoint bash ${{ env.RIPPLED_DOCKER_IMAGE }} -c "rippled -a" - - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 - with: - node-version: ${{ matrix.node-version }} + set -euo pipefail + CONFIG_FILE="${NPM_CONFIG_USERCONFIG:-$HOME/.npmrc}" + touch "$CONFIG_FILE" + tmp="$(mktemp)" + grep -v '^always-auth[[:space:]]*=' "$CONFIG_FILE" > "$tmp" || true + mv "$tmp" "$CONFIG_FILE" + if ! grep -q '^//registry.npmjs.org/:always-auth' "$CONFIG_FILE"; then + printf '//registry.npmjs.org/:always-auth=true\n' >> "$CONFIG_FILE" + fi - name: Setup npm version 10 run: | @@ -153,13 +75,104 @@ jobs: run: npm ci - run: npm run build + - run: npm run lint - - name: Run integration test - run: npm run test:integration - - - name: Stop docker container - if: always() - run: docker stop rippled-service + # unit: + # runs-on: ubuntu-latest + # timeout-minutes: 10 + + # strategy: + # matrix: + # node-version: [20.x, 22.x, 24.x] + + # steps: + # - uses: actions/checkout@v4 + # with: + # ref: ${{ env.GIT_REF }} + # fetch-depth: 0 + # - name: Use Node.js ${{ matrix.node-version }} + # uses: actions/setup-node@v4 + # with: + # node-version: ${{ matrix.node-version }} + + # - name: Setup npm version 10 + # run: | + # npm i -g npm@10 --registry=https://registry.npmjs.org + + # - name: Cache node modules + # id: cache-nodemodules + # uses: actions/cache@v4 + # env: + # cache-name: cache-node-modules + # with: + # # caching node_modules + # path: | + # node_modules + # */*/node_modules + # key: ${{ runner.os }}-deps-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }} + # restore-keys: | + # ${{ runner.os }}-deps-${{ matrix.node-version }}- + + # - name: Install Dependencies + # if: steps.cache-nodemodules.outputs.cache-hit != 'true' + # run: npm ci + + # - run: npm run build + # - run: npm test + + # integration: + # runs-on: ubuntu-latest + # timeout-minutes: 10 + + # strategy: + # matrix: + # node-version: [20.x, 22.x, 24.x] + + # steps: + # - uses: actions/checkout@v4 + # with: + # ref: ${{ env.GIT_REF }} + # fetch-depth: 0 + + # - name: Run docker in background + # run: | + # docker run --detach --rm -p 6006:6006 --volume "${{ github.workspace }}/.ci-config/":"/etc/opt/ripple/" --name rippled-service --health-cmd="rippled server_info || exit 1" --health-interval=5s --health-retries=10 --health-timeout=2s --env GITHUB_ACTIONS=true --env CI=true --entrypoint bash ${{ env.RIPPLED_DOCKER_IMAGE }} -c "rippled -a" + + # - name: Use Node.js ${{ matrix.node-version }} + # uses: actions/setup-node@v4 + # with: + # node-version: ${{ matrix.node-version }} + + # - name: Setup npm version 10 + # run: | + # npm i -g npm@10 --registry=https://registry.npmjs.org + + # - name: Cache node modules + # id: cache-nodemodules + # uses: actions/cache@v4 + # env: + # cache-name: cache-node-modules + # with: + # # caching node_modules + # path: | + # node_modules + # */*/node_modules + # key: ${{ runner.os }}-deps-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }} + # restore-keys: | + # ${{ runner.os }}-deps-${{ matrix.node-version }}- + + # - name: Install Dependencies + # if: steps.cache-nodemodules.outputs.cache-hit != 'true' + # run: npm ci + + # - run: npm run build + + # - name: Run integration test + # run: npm run test:integration + + # - name: Stop docker container + # if: always() + # run: docker stop rippled-service browser: runs-on: ubuntu-latest diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c0d2599756..d9643b585f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -247,11 +247,8 @@ jobs: CONFIG_FILE="${NPM_CONFIG_USERCONFIG:-$HOME/.npmrc}" touch "$CONFIG_FILE" tmp="$(mktemp)" - grep -v '^always-auth[[:space:]]*=' "$CONFIG_FILE" > "$tmp" || true + grep -v 'always-auth' "$CONFIG_FILE" > "$tmp" || true mv "$tmp" "$CONFIG_FILE" - if ! grep -q '^//registry.npmjs.org/:always-auth' "$CONFIG_FILE"; then - printf '//registry.npmjs.org/:always-auth=true\n' >> "$CONFIG_FILE" - fi - name: Build package run: | @@ -617,11 +614,8 @@ jobs: CONFIG_FILE="${NPM_CONFIG_USERCONFIG:-$HOME/.npmrc}" touch "$CONFIG_FILE" tmp="$(mktemp)" - grep -v '^always-auth[[:space:]]*=' "$CONFIG_FILE" > "$tmp" || true + grep -v 'always-auth' "$CONFIG_FILE" > "$tmp" || true mv "$tmp" "$CONFIG_FILE" - if ! grep -q '^//registry.npmjs.org/:always-auth' "$CONFIG_FILE"; then - printf '//registry.npmjs.org/:always-auth=true\n' >> "$CONFIG_FILE" - fi - name: Publish to npm env: From a56856ec15a5a65d2060ef3ad864b1f81c95a51e Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Thu, 6 Nov 2025 17:26:38 +0800 Subject: [PATCH 17/47] update workflow for beta release --- .github/workflows/release.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d9643b585f..e8e0e55391 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -608,14 +608,14 @@ jobs: node-version: 20 registry-url: 'https://registry.npmjs.org/' - - name: Normalize npm auth config - run: | - set -euo pipefail - CONFIG_FILE="${NPM_CONFIG_USERCONFIG:-$HOME/.npmrc}" - touch "$CONFIG_FILE" - tmp="$(mktemp)" - grep -v 'always-auth' "$CONFIG_FILE" > "$tmp" || true - mv "$tmp" "$CONFIG_FILE" + # - name: Normalize npm auth config + # run: | + # set -euo pipefail + # CONFIG_FILE="${NPM_CONFIG_USERCONFIG:-$HOME/.npmrc}" + # touch "$CONFIG_FILE" + # tmp="$(mktemp)" + # grep -v 'always-auth' "$CONFIG_FILE" > "$tmp" || true + # mv "$tmp" "$CONFIG_FILE" - name: Publish to npm env: From a4c23b3ef1cc753688c5b2b1072a045fd82420b8 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Thu, 6 Nov 2025 19:21:10 +0800 Subject: [PATCH 18/47] update workflow for beta release --- .github/workflows/release.yml | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e8e0e55391..2412f8cb54 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -241,14 +241,14 @@ jobs: node-version: 20 registry-url: 'https://registry.npmjs.org' - - name: Normalize npm auth config - run: | - set -euo pipefail - CONFIG_FILE="${NPM_CONFIG_USERCONFIG:-$HOME/.npmrc}" - touch "$CONFIG_FILE" - tmp="$(mktemp)" - grep -v 'always-auth' "$CONFIG_FILE" > "$tmp" || true - mv "$tmp" "$CONFIG_FILE" + # - name: Normalize npm auth config + # run: | + # set -euo pipefail + # CONFIG_FILE="${NPM_CONFIG_USERCONFIG:-$HOME/.npmrc}" + # touch "$CONFIG_FILE" + # tmp="$(mktemp)" + # grep -v 'always-auth' "$CONFIG_FILE" > "$tmp" || true + # mv "$tmp" "$CONFIG_FILE" - name: Build package run: | @@ -591,10 +591,6 @@ jobs: echo "❌ Workflow rerun (attempt ${GITHUB_RUN_ATTEMPT}). Second attempts are not allowed." exit 1 fi - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - name: Download artifact uses: actions/download-artifact@v4 From a46627e94fd7a34073e498cd09cfd9a5eb55bdda Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Fri, 7 Nov 2025 00:13:45 +0800 Subject: [PATCH 19/47] update workflow for beta release --- .github/workflows/release.yml | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2412f8cb54..3573f2ab3a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -241,15 +241,6 @@ jobs: node-version: 20 registry-url: 'https://registry.npmjs.org' - # - name: Normalize npm auth config - # run: | - # set -euo pipefail - # CONFIG_FILE="${NPM_CONFIG_USERCONFIG:-$HOME/.npmrc}" - # touch "$CONFIG_FILE" - # tmp="$(mktemp)" - # grep -v 'always-auth' "$CONFIG_FILE" > "$tmp" || true - # mv "$tmp" "$CONFIG_FILE" - - name: Build package run: | # debugging info @@ -604,15 +595,6 @@ jobs: node-version: 20 registry-url: 'https://registry.npmjs.org/' - # - name: Normalize npm auth config - # run: | - # set -euo pipefail - # CONFIG_FILE="${NPM_CONFIG_USERCONFIG:-$HOME/.npmrc}" - # touch "$CONFIG_FILE" - # tmp="$(mktemp)" - # grep -v 'always-auth' "$CONFIG_FILE" > "$tmp" || true - # mv "$tmp" "$CONFIG_FILE" - - name: Publish to npm env: PRIMARY_NPM_TAG: ${{ needs.get_version.outputs.npm_primary_dist_tag }} From 03f6c1dadadf090ed19f039560b147dcca445342 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Fri, 7 Nov 2025 13:56:11 +0800 Subject: [PATCH 20/47] update workflow for beta release --- .github/workflows/release.yml | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3573f2ab3a..39f4c4520c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -594,6 +594,11 @@ jobs: with: node-version: 20 registry-url: 'https://registry.npmjs.org/' + - name: Checkout release branch + uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: ${{ needs.get_version.outputs.release_branch }} - name: Publish to npm env: @@ -602,6 +607,14 @@ jobs: NPM_IS_BETA: ${{ needs.get_version.outputs.is_beta }} run: | set -euo pipefail + REPO_ROOT="$PWD" + PACKAGE_JSON_PATH="$REPO_ROOT/packages/${PACKAGE_NAME}/package.json" + if [ ! -f "$PACKAGE_JSON_PATH" ]; then + echo "❌ package.json not found at $PACKAGE_JSON_PATH" >&2 + exit 1 + fi + FULL_PACKAGE_NAME=$(jq -er '.name' "$PACKAGE_JSON_PATH") + cd dist PKG=$(ls *.tgz) echo "$PKG" @@ -625,22 +638,16 @@ jobs: npm publish "$PKG" --provenance --access public --registry=https://registry.npmjs.org/ --tag "$PRIMARY_NPM_TAG" - PACKAGE_JSON_PATH="../packages/${PACKAGE_NAME}/package.json" - if [ ! -f "$PACKAGE_JSON_PATH" ]; then - echo "❌ package.json not found at $PACKAGE_JSON_PATH" >&2 - exit 1 - fi - - FULL_PACKAGE_NAME=$(jq -er '.name' "$PACKAGE_JSON_PATH") - IFS=',' read -ra TAGS <<< "$NPM_DIST_TAGS" for tag in "${TAGS[@]}"; do - if [ "$tag" = "$PRIMARY_NPM_TAG" ]; then + tag="$(printf '%s' "$tag" | tr -d '[:space:]')" + if [ -z "$tag" ] || [ "$tag" = "$PRIMARY_NPM_TAG" ]; then continue fi npm dist-tag add "$FULL_PACKAGE_NAME@${PACKAGE_VERSION}" "$tag" done + - name: Ensure Git tag exists id: create_tag run: | From ea958118c062b44514f85d724596d570f267b8c9 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Fri, 7 Nov 2025 14:48:18 +0800 Subject: [PATCH 21/47] update workflow for beta release --- .github/workflows/release.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 39f4c4520c..9a43becf58 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -583,12 +583,6 @@ jobs: exit 1 fi - - name: Download artifact - uses: actions/download-artifact@v4 - with: - name: npm-package-tarball - path: dist - - name: Set up Node.js uses: actions/setup-node@v4 with: @@ -600,6 +594,12 @@ jobs: fetch-depth: 0 ref: ${{ needs.get_version.outputs.release_branch }} + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: npm-package-tarball + path: dist + - name: Publish to npm env: PRIMARY_NPM_TAG: ${{ needs.get_version.outputs.npm_primary_dist_tag }} From d9d4581553a1456752653b79137885a414826a9b Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Fri, 7 Nov 2025 15:16:29 +0800 Subject: [PATCH 22/47] update workflow for beta release --- .github/workflows/release.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9a43becf58..724bb17093 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -644,7 +644,19 @@ jobs: if [ -z "$tag" ] || [ "$tag" = "$PRIMARY_NPM_TAG" ]; then continue fi - npm dist-tag add "$FULL_PACKAGE_NAME@${PACKAGE_VERSION}" "$tag" + echo "➡️ Adding dist-tag '$tag' to ${FULL_PACKAGE_NAME}@${PACKAGE_VERSION}" + for attempt in 1 2 3; do + if npm dist-tag add "$FULL_PACKAGE_NAME@${PACKAGE_VERSION}" "$tag"; then + echo "✅ Added tag '$tag'" + break + fi + if [ "$attempt" -eq 3 ]; then + echo "❌ Failed to add tag '$tag' after 3 attempts." >&2 + exit 1 + fi + echo "⚠️ Tag '$tag' failed (attempt $attempt). Retrying in 5s…" + sleep 5 + done done From 9408803e82c00a9a6f4bbfa8b909583704665220 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Fri, 7 Nov 2025 16:25:35 +0800 Subject: [PATCH 23/47] update workflow for beta release --- .github/workflows/release.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 724bb17093..d77e04a811 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -600,6 +600,9 @@ jobs: name: npm-package-tarball path: dist + - uses: electron/npm-trusted-auth-action@v1 + with: + package-name: 'xrpl' - name: Publish to npm env: PRIMARY_NPM_TAG: ${{ needs.get_version.outputs.npm_primary_dist_tag }} From 27a877d3bfe0d66eda27a151c445a9d85013e69f Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Fri, 7 Nov 2025 16:51:15 +0800 Subject: [PATCH 24/47] update workflow for beta release --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d77e04a811..009c13253b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -600,7 +600,7 @@ jobs: name: npm-package-tarball path: dist - - uses: electron/npm-trusted-auth-action@v1 + - uses: electron/npm-trusted-auth-action@v1.0.0 with: package-name: 'xrpl' - name: Publish to npm From 66ef14be2bdc340e768fbbaa29f6299d6aeed89f Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Fri, 7 Nov 2025 17:47:21 +0800 Subject: [PATCH 25/47] update workflow for beta release --- .github/workflows/release.yml | 125 +++++++++------------------------- 1 file changed, 31 insertions(+), 94 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 009c13253b..90252c23bc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,9 +26,8 @@ jobs: name: Get release version from package.json outputs: package_version: ${{ steps.get_version.outputs.version }} - npm_dist_tags: ${{ steps.get_version.outputs.dist_tags }} + dist_tag: ${{ steps.get_version.outputs.dist_tag }} npm_is_beta: ${{ steps.get_version.outputs.is_beta }} - npm_primary_dist_tag: ${{ steps.get_version.outputs.primary_dist_tag }} release_branch: ${{ steps.validate_inputs.outputs.release_branch }} release_pr_number: ${{ steps.validate_inputs.outputs.release_pr_number }} release_pr_url: ${{ steps.validate_inputs.outputs.release_pr_url }} @@ -74,60 +73,32 @@ jobs: fi # validate dist tag(s) - RAW_DIST_TAGS="${{ github.event.inputs.npmjs_dist_tag }}" - declare -a TAGS - declare -A SEEN=() - HAS_LATEST="false" - HAS_EXPERIMENTAL="false" - - if [ -z "$RAW_DIST_TAGS" ]; then - TAGS=("latest") - HAS_LATEST="true" + RAW_DIST_TAG="${{ github.event.inputs.npmjs_dist_tag }}" + if [ -z "$RAW_DIST_TAG" ]; then + TAG="latest" echo "ℹ️ npmjs_dist_tag empty → defaulting to 'latest'." else - IFS=',' read -ra INPUT_TAGS <<< "$RAW_DIST_TAGS" - for raw_tag in "${INPUT_TAGS[@]}"; do - tag="$(printf '%s' "$raw_tag" | tr -d '[:space:]')" - if [ -z "$tag" ]; then - echo "❌ npmjs_dist_tag contains an empty tag entry." >&2 - exit 1 - fi - if ! [[ "$tag" =~ ^[a-z][a-z0-9._-]{0,127}$ ]]; then - echo "❌ Invalid npm dist-tag '$tag'. Must start with a lowercase letter and contain only [a-z0-9._-], max 128 chars." >&2 - exit 1 - fi - if [[ "$tag" =~ ^v[0-9] || "$tag" =~ ^[0-9] ]]; then - echo "❌ Invalid npm dist-tag '$tag'. Must not start with 'v' + digit or a digit (e.g., 'v1', '1.2.3')." >&2 - exit 1 - fi - if [[ -n "${SEEN[$tag]:-}" ]]; then - echo "❌ Duplicate npm dist-tag '$tag'." >&2 - exit 1 - fi - SEEN[$tag]=1 - TAGS+=("$tag") - if [ "$tag" = "latest" ]; then - HAS_LATEST="true" - fi - if [[ "${tag,,}" == *experimental* ]]; then - HAS_EXPERIMENTAL="true" - fi - done + TAG="$(printf '%s' "$RAW_DIST_TAG" | tr -d '[:space:]')" fi - NORMALIZED_TAGS=$(IFS=','; printf '%s' "${TAGS[*]}") + if [ -z "$TAG" ]; then + echo "❌ npmjs_dist_tag is empty." >&2 + exit 1 + fi + if ! [[ "$TAG" =~ ^[a-z][a-z0-9._-]{0,127}$ ]]; then + echo "❌ Invalid npm dist-tag '$TAG'. Must start with a lowercase letter and contain only [a-z0-9._-], max 128 chars." >&2 + exit 1 + fi + if [[ "$TAG" =~ ^v[0-9] || "$TAG" =~ ^[0-9] ]]; then + echo "❌ Invalid npm dist-tag '$TAG'. Must not start with 'v' + digit or a digit (e.g., 'v1', '1.2.3')." >&2 + exit 1 + fi - if [ "$HAS_LATEST" = "true" ]; then + if [ "$TAG" = "latest" ]; then IS_BETA="false" else IS_BETA="true" - fi - - if [ "$IS_BETA" = "true" ]; then - if [ "$HAS_EXPERIMENTAL" != "true" ]; then - echo "❌ Beta releases must include an npm dist-tag containing 'experimental'. Provided tags: '$NORMALIZED_TAGS'." >&2 - exit 1 - fi + TAG="${TAG}-experimental" fi if [ "$IS_BETA" != "true" ] && [[ ! "${RELEASE_BRANCH,,}" =~ ^release[-/] ]]; then @@ -135,9 +106,11 @@ jobs: exit 1 fi - PRIMARY_TAG="${TAGS[0]}" + { + echo "NPM_DIST_TAG=$TAG" + echo "RELEASE_BRANCH=$RELEASE_BRANCH" + } >> "$GITHUB_ENV" - echo "✅ npmjs_dist_tag normalized to '$NORMALIZED_TAGS'." PR_NUMBER="" PR_URL="" @@ -162,13 +135,6 @@ jobs: echo "ℹ️ Beta release detected; skipping PR existence check." fi - { - echo "NPM_DIST_TAGS=$NORMALIZED_TAGS" - echo "NPM_IS_BETA=$IS_BETA" - echo "NPM_PRIMARY_DIST_TAG=$PRIMARY_TAG" - echo "RELEASE_BRANCH=$RELEASE_BRANCH" - } >> "$GITHUB_ENV" - { echo "release_branch=$RELEASE_BRANCH" echo "release_pr_number=$PR_NUMBER" @@ -178,6 +144,8 @@ jobs: - name: Get package version from package.json id: get_version + env: + IS_BETA: ${{ steps.validate_inputs.outputs.is_beta }} run: | set -euo pipefail PACKAGE_NAME="${{ github.event.inputs.package_name }}" @@ -191,16 +159,14 @@ jobs: echo "Version is empty or missing in $PKG_JSON" >&2 exit 1 fi - NPM_IS_BETA="${NPM_IS_BETA:-false}" - if [[ "$NPM_IS_BETA" != "true" ]] && ! [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + NPM_DIST_TAG="${NPM_DIST_TAG:-latest}" + if [[ "${IS_BETA:-false}" != "true" ]] && ! [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "With npmjs_dist_tag 'latest', version must be of the form x.y.z. Found '$VERSION'." >&2 exit 1 fi echo "PACKAGE_VERSION=$VERSION" >> "$GITHUB_ENV" echo "version=$VERSION" >> "$GITHUB_OUTPUT" - echo "dist_tags=${NPM_DIST_TAGS:-latest}" >> "$GITHUB_OUTPUT" - echo "is_beta=${NPM_IS_BETA:-false}" >> "$GITHUB_OUTPUT" - echo "primary_dist_tag=${NPM_PRIMARY_DIST_TAG:-latest}" >> "$GITHUB_OUTPUT" + echo "dist_tag=${NPM_DIST_TAG}" >> "$GITHUB_OUTPUT" run_faucet_test: name: Run faucet tests ${{ needs.get_version.outputs.package_version }} @@ -413,7 +379,6 @@ jobs: ENV_SEC_NAME: official-release PACKAGE_NAME: ${{ env.PACKAGE_NAME }} PACKAGE_VERSION: ${{ env.PACKAGE_VERSION }} - NPM_DIST_TAGS: ${{ needs.get_version.outputs.npm_dist_tags }} PR_URL: ${{ needs.get_version.outputs.release_pr_url }} GITHUB_ACTOR: ${{ github.actor }} GITHUB_TRIGGERING_ACTOR: ${{ github.triggering_actor }} @@ -464,7 +429,6 @@ jobs: ENV_NAME: official-release PACKAGE_NAME: ${{ env.PACKAGE_NAME }} PACKAGE_VERSION: ${{ env.PACKAGE_VERSION }} - NPM_DIST_TAGS: ${{ needs.get_version.outputs.npm_dist_tags }} GITHUB_ACTOR: ${{ github.actor }} GITHUB_TRIGGERING_ACTOR: ${{ github.triggering_actor }} RUN_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} @@ -605,8 +569,7 @@ jobs: package-name: 'xrpl' - name: Publish to npm env: - PRIMARY_NPM_TAG: ${{ needs.get_version.outputs.npm_primary_dist_tag }} - NPM_DIST_TAGS: ${{ needs.get_version.outputs.npm_dist_tags }} + NPM_DIST_TAG: ${{ needs.get_version.outputs.dist_tag }} NPM_IS_BETA: ${{ needs.get_version.outputs.is_beta }} run: | set -euo pipefail @@ -622,16 +585,11 @@ jobs: PKG=$(ls *.tgz) echo "$PKG" - if [ -z "${PRIMARY_NPM_TAG:-}" ]; then + if [ -z "${NPM_DIST_TAG:-}" ]; then echo "❌ Primary npm dist-tag is not set." >&2 exit 1 fi - if [ -z "${NPM_DIST_TAGS:-}" ]; then - echo "❌ No npm dist-tags provided." >&2 - exit 1 - fi - if [[ "${NPM_IS_BETA}" != "true" ]] && ! [[ "${PACKAGE_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "Stable releases (tagged with 'latest') must use x.y.z SemVer. Found '${PACKAGE_VERSION}'." >&2 exit 1 @@ -639,28 +597,7 @@ jobs: npm i -g npm@11.6.0 - npm publish "$PKG" --provenance --access public --registry=https://registry.npmjs.org/ --tag "$PRIMARY_NPM_TAG" - - IFS=',' read -ra TAGS <<< "$NPM_DIST_TAGS" - for tag in "${TAGS[@]}"; do - tag="$(printf '%s' "$tag" | tr -d '[:space:]')" - if [ -z "$tag" ] || [ "$tag" = "$PRIMARY_NPM_TAG" ]; then - continue - fi - echo "➡️ Adding dist-tag '$tag' to ${FULL_PACKAGE_NAME}@${PACKAGE_VERSION}" - for attempt in 1 2 3; do - if npm dist-tag add "$FULL_PACKAGE_NAME@${PACKAGE_VERSION}" "$tag"; then - echo "✅ Added tag '$tag'" - break - fi - if [ "$attempt" -eq 3 ]; then - echo "❌ Failed to add tag '$tag' after 3 attempts." >&2 - exit 1 - fi - echo "⚠️ Tag '$tag' failed (attempt $attempt). Retrying in 5s…" - sleep 5 - done - done + npm publish "$PKG" --provenance --access public --registry=https://registry.npmjs.org/ --tag "$NPM_DIST_TAG" - name: Ensure Git tag exists From bfb2a6d6ad8c0fc0640c601b814f7239c065302c Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Fri, 7 Nov 2025 20:33:34 +0800 Subject: [PATCH 26/47] update workflow for beta release --- .github/workflows/release.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 90252c23bc..10614bde0e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -564,9 +564,6 @@ jobs: name: npm-package-tarball path: dist - - uses: electron/npm-trusted-auth-action@v1.0.0 - with: - package-name: 'xrpl' - name: Publish to npm env: NPM_DIST_TAG: ${{ needs.get_version.outputs.dist_tag }} From 8de643915df40a38974ab3e587813f47789fed2c Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Fri, 7 Nov 2025 20:50:18 +0800 Subject: [PATCH 27/47] update workflow for beta release --- .github/workflows/release.yml | 42 ++++++++++++++++++++++++++++++----- 1 file changed, 37 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 10614bde0e..bf16f2cef4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -661,19 +661,51 @@ jobs: with: git_ref: ${{ github.ref_name }} - notify_release_failure: + notify_failures: runs-on: ubuntu-latest - needs: [get_version, release] - if: ${{ needs.release.result == 'failure' }} + needs: + [ + get_version, + run_faucet_test, + run_tests, + pre_release, + ask_for_dev_team_review, + first_review, + ask_for_sec_team_review, + release, + generate-documentation + ] + if: ${{ always() && ( + needs.get_version.result == 'failure' || + needs.run_faucet_test.result == 'failure' || + needs.run_tests.result == 'failure' || + needs.pre_release.result == 'failure' || + needs.ask_for_dev_team_review.result == 'failure' || + needs.first_review.result == 'failure' || + needs.ask_for_sec_team_review.result == 'failure' || + needs.release.result == 'failure' || + needs.generate-documentation.result == 'failure' + ) }} steps: - - name: Notify Slack release failed + - name: Notify Slack about workflow failure env: SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }} PACKAGE_NAME: ${{ github.event.inputs.package_name }} PACKAGE_VERSION: ${{ needs.get_version.outputs.package_version }} + NEEDS_JSON: ${{ toJson(needs) }} run: | set -euo pipefail - MESSAGE="❌ Release failed for ${PACKAGE_NAME}@${PACKAGE_VERSION}. Check the logs: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" + FAILED_JOBS=$(printf '%s' "$NEEDS_JSON" | jq -r ' + to_entries + | map(select(.value.result=="failure") | .key) + | join(", ") + ') + if [ -z "$FAILED_JOBS" ]; then + echo "No failed jobs detected; skipping notification." + exit 0 + fi + + MESSAGE="❌ Workflow failure for ${PACKAGE_NAME}@${PACKAGE_VERSION}. Release failed at ${FAILED_JOBS}. For details: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" curl -sS -X POST https://slack.com/api/chat.postMessage \ -H "Authorization: Bearer $SLACK_TOKEN" \ -H "Content-Type: application/json" \ From 81472e017b7d9c57fe27cf962ddbb930fd985ec0 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Fri, 7 Nov 2025 21:03:06 +0800 Subject: [PATCH 28/47] update workflow for beta release --- .github/workflows/release.yml | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bf16f2cef4..9841b79cae 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -675,17 +675,18 @@ jobs: release, generate-documentation ] - if: ${{ always() && ( - needs.get_version.result == 'failure' || - needs.run_faucet_test.result == 'failure' || - needs.run_tests.result == 'failure' || - needs.pre_release.result == 'failure' || - needs.ask_for_dev_team_review.result == 'failure' || - needs.first_review.result == 'failure' || - needs.ask_for_sec_team_review.result == 'failure' || - needs.release.result == 'failure' || - needs.generate-documentation.result == 'failure' - ) }} + if: >- + ${{ always() && ( + needs.get_version.result == 'failure' || + needs.run_faucet_test.result == 'failure' || + needs.run_tests.result == 'failure' || + needs.pre_release.result == 'failure' || + needs.ask_for_dev_team_review.result == 'failure' || + needs.first_review.result == 'failure' || + needs.ask_for_sec_team_review.result == 'failure' || + needs.release.result == 'failure' || + needs.generate-documentation.result == 'failure' + ) }} steps: - name: Notify Slack about workflow failure env: From 45415f2dbde29263cdf891e17266e1e07701994f Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Mon, 10 Nov 2025 09:44:51 +0800 Subject: [PATCH 29/47] fix sending failure notification --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9841b79cae..9b44bbce9c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -678,8 +678,8 @@ jobs: if: >- ${{ always() && ( needs.get_version.result == 'failure' || - needs.run_faucet_test.result == 'failure' || - needs.run_tests.result == 'failure' || + (needs.run_faucet_test.result == 'failure' && needs.get_version.outputs.is_beta != 'true') || + (needs.run_tests.result == 'failure' && needs.get_version.outputs.is_beta != 'true') || needs.pre_release.result == 'failure' || needs.ask_for_dev_team_review.result == 'failure' || needs.first_review.result == 'failure' || From fc01aa6c1d55d5afcd7ea765cd68a2f4f32e8416 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Mon, 10 Nov 2025 13:26:54 +0800 Subject: [PATCH 30/47] fix sending failure notification --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9b44bbce9c..c3bd1126e1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -517,7 +517,7 @@ jobs: run: | set -euo pipefail - MSG="${EXECUTOR} is releasing ${PACKAGE_NAME}@${PACKAGE_VERSION}. A sec reviewer from (${SEC_REVIEWERS}) needs to take the following action:\n Review the release artifacts and approve/reject the release. (${RUN_URL})" + MSG="${EXECUTOR} is releasing ${PACKAGE_NAME}@${PACKAGE_VERSION}. A sec reviewer from (${SEC_REVIEWERS}) needs to take the following action:\nReview the release artifacts and approve/reject the release. (${RUN_URL})" MSG=$(printf '%b' "$MSG") curl -sS -X POST https://slack.com/api/chat.postMessage \ -H "Authorization: Bearer $SLACK_TOKEN" \ From ebcdc7caf668684cf62ef953d2b5525ff6f34a18 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Mon, 10 Nov 2025 15:24:49 +0800 Subject: [PATCH 31/47] fix sending failure notification --- .github/workflows/nodejs.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 15b6f393ad..545d796b13 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -221,9 +221,9 @@ jobs: - run: npm run build - - name: Run integration test - run: npm run test:browser + # - name: Run integration test + # run: npm run test:browser - - name: Stop docker container - if: always() - run: docker stop rippled-service + # - name: Stop docker container + # if: always() + # run: docker stop rippled-service From b9bd782f496eb8d6db594cc0cb8ae8719dc27282 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Mon, 10 Nov 2025 23:02:15 +0800 Subject: [PATCH 32/47] revert changes --- .github/workflows/faucet_test.yml | 5 +- .github/workflows/nodejs.yml | 202 +++++++++++++++--------------- .github/workflows/release.yml | 10 +- 3 files changed, 107 insertions(+), 110 deletions(-) diff --git a/.github/workflows/faucet_test.yml b/.github/workflows/faucet_test.yml index d7503c0b16..9ee0af3e2b 100644 --- a/.github/workflows/faucet_test.yml +++ b/.github/workflows/faucet_test.yml @@ -1,8 +1,5 @@ name: Faucet Tests -env: - GIT_REF: ${{ inputs.git_ref || github.ref }} - on: push: branches: [main] @@ -28,7 +25,7 @@ jobs: steps: - uses: actions/checkout@v4 with: - ref: ${{ env.GIT_REF }} + ref: ${{ inputs.git_ref || github.ref }} fetch-depth: 0 - name: Use Node.js ${{ matrix.node-version }} uses: actions/setup-node@v4 diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 545d796b13..0cfad19aea 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -77,102 +77,102 @@ jobs: - run: npm run build - run: npm run lint - # unit: - # runs-on: ubuntu-latest - # timeout-minutes: 10 - - # strategy: - # matrix: - # node-version: [20.x, 22.x, 24.x] - - # steps: - # - uses: actions/checkout@v4 - # with: - # ref: ${{ env.GIT_REF }} - # fetch-depth: 0 - # - name: Use Node.js ${{ matrix.node-version }} - # uses: actions/setup-node@v4 - # with: - # node-version: ${{ matrix.node-version }} - - # - name: Setup npm version 10 - # run: | - # npm i -g npm@10 --registry=https://registry.npmjs.org - - # - name: Cache node modules - # id: cache-nodemodules - # uses: actions/cache@v4 - # env: - # cache-name: cache-node-modules - # with: - # # caching node_modules - # path: | - # node_modules - # */*/node_modules - # key: ${{ runner.os }}-deps-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }} - # restore-keys: | - # ${{ runner.os }}-deps-${{ matrix.node-version }}- - - # - name: Install Dependencies - # if: steps.cache-nodemodules.outputs.cache-hit != 'true' - # run: npm ci - - # - run: npm run build - # - run: npm test - - # integration: - # runs-on: ubuntu-latest - # timeout-minutes: 10 - - # strategy: - # matrix: - # node-version: [20.x, 22.x, 24.x] - - # steps: - # - uses: actions/checkout@v4 - # with: - # ref: ${{ env.GIT_REF }} - # fetch-depth: 0 - - # - name: Run docker in background - # run: | - # docker run --detach --rm -p 6006:6006 --volume "${{ github.workspace }}/.ci-config/":"/etc/opt/ripple/" --name rippled-service --health-cmd="rippled server_info || exit 1" --health-interval=5s --health-retries=10 --health-timeout=2s --env GITHUB_ACTIONS=true --env CI=true --entrypoint bash ${{ env.RIPPLED_DOCKER_IMAGE }} -c "rippled -a" - - # - name: Use Node.js ${{ matrix.node-version }} - # uses: actions/setup-node@v4 - # with: - # node-version: ${{ matrix.node-version }} - - # - name: Setup npm version 10 - # run: | - # npm i -g npm@10 --registry=https://registry.npmjs.org - - # - name: Cache node modules - # id: cache-nodemodules - # uses: actions/cache@v4 - # env: - # cache-name: cache-node-modules - # with: - # # caching node_modules - # path: | - # node_modules - # */*/node_modules - # key: ${{ runner.os }}-deps-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }} - # restore-keys: | - # ${{ runner.os }}-deps-${{ matrix.node-version }}- - - # - name: Install Dependencies - # if: steps.cache-nodemodules.outputs.cache-hit != 'true' - # run: npm ci - - # - run: npm run build - - # - name: Run integration test - # run: npm run test:integration - - # - name: Stop docker container - # if: always() - # run: docker stop rippled-service + unit: + runs-on: ubuntu-latest + timeout-minutes: 10 + + strategy: + matrix: + node-version: [20.x, 22.x, 24.x] + + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ env.GIT_REF }} + fetch-depth: 0 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v4 + with: + node-version: ${{ matrix.node-version }} + + - name: Setup npm version 10 + run: | + npm i -g npm@10 --registry=https://registry.npmjs.org + + - name: Cache node modules + id: cache-nodemodules + uses: actions/cache@v4 + env: + cache-name: cache-node-modules + with: + # caching node_modules + path: | + node_modules + */*/node_modules + key: ${{ runner.os }}-deps-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-deps-${{ matrix.node-version }}- + + - name: Install Dependencies + if: steps.cache-nodemodules.outputs.cache-hit != 'true' + run: npm ci + + - run: npm run build + - run: npm test + + integration: + runs-on: ubuntu-latest + timeout-minutes: 10 + + strategy: + matrix: + node-version: [20.x, 22.x, 24.x] + + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ env.GIT_REF }} + fetch-depth: 0 + + - name: Run docker in background + run: | + docker run --detach --rm -p 6006:6006 --volume "${{ github.workspace }}/.ci-config/":"/etc/opt/ripple/" --name rippled-service --health-cmd="rippled server_info || exit 1" --health-interval=5s --health-retries=10 --health-timeout=2s --env GITHUB_ACTIONS=true --env CI=true --entrypoint bash ${{ env.RIPPLED_DOCKER_IMAGE }} -c "rippled -a" + + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v4 + with: + node-version: ${{ matrix.node-version }} + + - name: Setup npm version 10 + run: | + npm i -g npm@10 --registry=https://registry.npmjs.org + + - name: Cache node modules + id: cache-nodemodules + uses: actions/cache@v4 + env: + cache-name: cache-node-modules + with: + # caching node_modules + path: | + node_modules + */*/node_modules + key: ${{ runner.os }}-deps-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-deps-${{ matrix.node-version }}- + + - name: Install Dependencies + if: steps.cache-nodemodules.outputs.cache-hit != 'true' + run: npm ci + + - run: npm run build + + - name: Run integration test + run: npm run test:integration + + - name: Stop docker container + if: always() + run: docker stop rippled-service browser: runs-on: ubuntu-latest @@ -221,9 +221,9 @@ jobs: - run: npm run build - # - name: Run integration test - # run: npm run test:browser + - name: Run integration test + run: npm run test:browser - # - name: Stop docker container - # if: always() - # run: docker stop rippled-service + - name: Stop docker container + if: always() + run: docker stop rippled-service diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c3bd1126e1..ac0f5ef195 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -230,7 +230,7 @@ jobs: -H "Authorization: Bearer $SLACK_TOKEN" \ -H "Content-Type: application/json" \ -d "$(jq -n \ - --arg channel "#test-alert" \ + --arg channel "#xrpl-js" \ --arg text "$MESSAGE" \ '{channel: $channel, text: $text}')" @@ -463,7 +463,7 @@ jobs: shell: bash env: SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }} - CHANNEL: "#test-alert" + CHANNEL: "#xrpl-js" EXECUTOR: ${{ github.triggering_actor || github.actor }} PACKAGE_NAME: ${{ env.PACKAGE_NAME }} PACKAGE_VERSION: ${{ env.PACKAGE_VERSION }} @@ -508,7 +508,7 @@ jobs: shell: bash env: SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }} - CHANNEL: "#test-alert" + CHANNEL: "#ripplex-security" EXECUTOR: ${{ github.triggering_actor || github.actor }} PACKAGE_NAME: ${{ needs.get_version.outputs.package_version && github.event.inputs.package_name }} PACKAGE_VERSION: ${{ needs.get_version.outputs.package_version }} @@ -647,7 +647,7 @@ jobs: curl -sS -X POST https://slack.com/api/chat.postMessage \ -H "Authorization: Bearer $SLACK_TOKEN" \ -H "Content-Type: application/json; charset=utf-8" \ - -d "$(jq -n --arg channel "#test-alert" --arg text "$text" '{channel:$channel, text:$text}')" + -d "$(jq -n --arg channel "#xrpl-js" --arg text "$text" '{channel:$channel, text:$text}')" generate-documentation: name: Generate and Publish documentation for ${{ needs.get_version.outputs.package_version }} @@ -711,6 +711,6 @@ jobs: -H "Authorization: Bearer $SLACK_TOKEN" \ -H "Content-Type: application/json" \ -d "$(jq -n \ - --arg channel "#test-alert" \ + --arg channel "#xrpl-js" \ --arg text "$MESSAGE" \ '{channel: $channel, text: $text}')" From a70790c6774949ca9cabb782b1f2cbb7fe5bf0ba Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Mon, 10 Nov 2025 23:04:00 +0800 Subject: [PATCH 33/47] revert changes --- .github/workflows/nodejs.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 0cfad19aea..f17ec005bb 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -40,18 +40,6 @@ jobs: node-version: ${{ matrix.node-version }} registry-url: https://registry.npmjs.org/ - - name: Normalize npm auth config - run: | - set -euo pipefail - CONFIG_FILE="${NPM_CONFIG_USERCONFIG:-$HOME/.npmrc}" - touch "$CONFIG_FILE" - tmp="$(mktemp)" - grep -v '^always-auth[[:space:]]*=' "$CONFIG_FILE" > "$tmp" || true - mv "$tmp" "$CONFIG_FILE" - if ! grep -q '^//registry.npmjs.org/:always-auth' "$CONFIG_FILE"; then - printf '//registry.npmjs.org/:always-auth=true\n' >> "$CONFIG_FILE" - fi - - name: Setup npm version 10 run: | npm i -g npm@10 --registry=https://registry.npmjs.org From 963af92f1f447a15b9342eb188504620a45479c7 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Mon, 10 Nov 2025 23:04:23 +0800 Subject: [PATCH 34/47] revert changes --- .github/workflows/nodejs.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index f17ec005bb..569644abab 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -38,7 +38,6 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} - registry-url: https://registry.npmjs.org/ - name: Setup npm version 10 run: | From d6ad138f166e674c4d6a04c9499b01572c5ef610 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Mon, 24 Nov 2025 16:24:54 +0800 Subject: [PATCH 35/47] test release 4.4.21 --- .github/workflows/release.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5139a99b64..2d56b32d6b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -229,7 +229,7 @@ jobs: -H "Authorization: Bearer ${SLACK_TOKEN}" \ -H "Content-Type: application/json" \ -d "$(jq -n \ - --arg channel "#xrpl-js" \ + --arg channel "#test-alert" \ --arg text "${MESSAGE}" \ '{channel: $channel, text: $text}')" @@ -256,7 +256,7 @@ jobs: curl -X POST \ -H "X-Api-Key: ${OWASP_TOKEN}" \ -F "autoCreate=true" \ - -F "projectName=xrpl-js" \ + -F "projectName=test-alert" \ -F "projectVersion=${PKG_VERSION}" \ -F "bom=@sbom.json" \ https://owasp-dt-api.prod.ripplex.io/api/v1/bom @@ -460,7 +460,7 @@ jobs: shell: bash env: SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }} - CHANNEL: "#xrpl-js" + CHANNEL: "#test-alert" EXECUTOR: ${{ github.triggering_actor || github.actor }} RUN_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} DEV_REVIEWERS: ${{ steps.get_reviewers.outputs.reviewers_dev }} @@ -519,7 +519,7 @@ jobs: shell: bash env: SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }} - CHANNEL: "#ripplex-security" + CHANNEL: "#test-alert" EXECUTOR: ${{ github.triggering_actor || github.actor }} PKG_NAME: ${{ github.event.inputs.package_name }} PKG_VERSION: ${{ needs.get_version.outputs.package_version }} @@ -666,7 +666,7 @@ jobs: curl -sS -X POST https://slack.com/api/chat.postMessage \ -H "Authorization: Bearer ${SLACK_TOKEN}" \ -H "Content-Type: application/json; charset=utf-8" \ - -d "$(jq -n --arg channel '#xrpl-js' --arg text "${text}" '{channel:$channel, text:$text}')" + -d "$(jq -n --arg channel '#test-alert' --arg text "${text}" '{channel:$channel, text:$text}')" generate-documentation: name: Generate and Publish documentation for ${{ needs.get_version.outputs.package_version }} @@ -730,6 +730,6 @@ jobs: -H "Authorization: Bearer $SLACK_TOKEN" \ -H "Content-Type: application/json" \ -d "$(jq -n \ - --arg channel '#xrpl-js' \ + --arg channel '#test-alert' \ --arg text "${MESSAGE}" \ '{channel: $channel, text: $text}')" From bad0af96fc6ed87154c774a9e69885d6cca10037 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Mon, 24 Nov 2025 16:35:48 +0800 Subject: [PATCH 36/47] resove conflict --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2d56b32d6b..367c045c26 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -43,6 +43,7 @@ jobs: id: validate_inputs env: GH_TOKEN: ${{ github.token }} + PKG_NAME: ${{ github.event.inputs.package_name }} REPO: ${{ github.repository }} RELEASE_BRANCH: ${{ github.event.inputs.release_branch_name }} NPM_DIST_TAG: ${{ github.event.inputs.npmjs_dist_tag }} From afc5252d54db5160bb41b57f118de031e6ad47b7 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Mon, 24 Nov 2025 16:54:28 +0800 Subject: [PATCH 37/47] resove conflict --- .github/workflows/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 367c045c26..b714bd4aca 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -464,6 +464,8 @@ jobs: CHANNEL: "#test-alert" EXECUTOR: ${{ github.triggering_actor || github.actor }} RUN_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + REPO: ${{ github.repository }} + RUN_ID: ${{ github.run_id }} DEV_REVIEWERS: ${{ steps.get_reviewers.outputs.reviewers_dev }} PR_URL: ${{ needs.get_version.outputs.release_pr_url }} run: | From 2bc1d6a55cef5d811a599f9f6d631dd6b5820e92 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Mon, 24 Nov 2025 17:33:49 +0800 Subject: [PATCH 38/47] resove conflict --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b714bd4aca..f780247c06 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -613,8 +613,8 @@ jobs: exit 1 fi - if [[ "${NPM_IS_BETA}" != "true" ]] && ! [[ "${PACKAGE_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo "Stable releases (tagged with 'latest') must use x.y.z SemVer. Found '${PACKAGE_VERSION}'." >&2 + if [[ "${NPM_IS_BETA}" != "true" ]] && ! [[ "${PKG_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Stable releases (tagged with 'latest') must use x.y.z SemVer. Found '${PKG_VERSION}'." >&2 exit 1 fi From 8f25227b4eda1eca2daafca387590b94a9cb8bde Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Mon, 24 Nov 2025 18:25:20 +0800 Subject: [PATCH 39/47] resove conflict --- .github/workflows/release.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f780247c06..1f100bf875 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,7 +27,6 @@ jobs: outputs: package_version: ${{ steps.get_version.outputs.package_version }} dist_tag: ${{ steps.get_version.outputs.dist_tag }} - npm_is_beta: ${{ steps.get_version.outputs.is_beta }} release_branch: ${{ steps.validate_inputs.outputs.release_branch }} release_pr_number: ${{ steps.validate_inputs.outputs.release_pr_number }} release_pr_url: ${{ steps.validate_inputs.outputs.release_pr_url }} @@ -593,7 +592,7 @@ jobs: - name: Publish to npm env: NPM_DIST_TAG: ${{ needs.get_version.outputs.dist_tag }} - NPM_IS_BETA: ${{ needs.get_version.outputs.is_beta }} + IS_BETA: ${{ needs.get_version.outputs.is_beta }} run: | set -euo pipefail REPO_ROOT="$PWD" @@ -613,7 +612,7 @@ jobs: exit 1 fi - if [[ "${NPM_IS_BETA}" != "true" ]] && ! [[ "${PKG_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + if [[ "${IS_BETA}" != "true" ]] && ! [[ "${PKG_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "Stable releases (tagged with 'latest') must use x.y.z SemVer. Found '${PKG_VERSION}'." >&2 exit 1 fi From bb1c25f55de29e5b06f5ab00c660523c937e7b9e Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Tue, 25 Nov 2025 15:36:57 +0800 Subject: [PATCH 40/47] revert slack channel --- .github/workflows/release.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1f100bf875..a556139955 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -229,7 +229,7 @@ jobs: -H "Authorization: Bearer ${SLACK_TOKEN}" \ -H "Content-Type: application/json" \ -d "$(jq -n \ - --arg channel "#test-alert" \ + --arg channel "#xrpl-js" \ --arg text "${MESSAGE}" \ '{channel: $channel, text: $text}')" @@ -460,7 +460,7 @@ jobs: shell: bash env: SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }} - CHANNEL: "#test-alert" + CHANNEL: "#xrpl-js" EXECUTOR: ${{ github.triggering_actor || github.actor }} RUN_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} REPO: ${{ github.repository }} @@ -521,7 +521,7 @@ jobs: shell: bash env: SLACK_TOKEN: ${{ secrets.SLACK_TOKEN }} - CHANNEL: "#test-alert" + CHANNEL: "#ripplex-security" EXECUTOR: ${{ github.triggering_actor || github.actor }} PKG_NAME: ${{ github.event.inputs.package_name }} PKG_VERSION: ${{ needs.get_version.outputs.package_version }} @@ -668,7 +668,7 @@ jobs: curl -sS -X POST https://slack.com/api/chat.postMessage \ -H "Authorization: Bearer ${SLACK_TOKEN}" \ -H "Content-Type: application/json; charset=utf-8" \ - -d "$(jq -n --arg channel '#test-alert' --arg text "${text}" '{channel:$channel, text:$text}')" + -d "$(jq -n --arg channel '#xrpl-js' --arg text "${text}" '{channel:$channel, text:$text}')" generate-documentation: name: Generate and Publish documentation for ${{ needs.get_version.outputs.package_version }} @@ -732,6 +732,6 @@ jobs: -H "Authorization: Bearer $SLACK_TOKEN" \ -H "Content-Type: application/json" \ -d "$(jq -n \ - --arg channel '#test-alert' \ + --arg channel '#xrpl-js' \ --arg text "${MESSAGE}" \ '{channel: $channel, text: $text}')" From 226b81af7e234f70c35f0b5a5c01d0dff620d272 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Tue, 25 Nov 2025 15:54:53 +0800 Subject: [PATCH 41/47] fix git ref for generate document --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a556139955..e357f51ed9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -680,7 +680,7 @@ jobs: pages: write id-token: write with: - git_ref: ${{ github.ref_name }} + git_ref: ${{ needs.get_version.outputs.release_branch }} notify_failures: runs-on: ubuntu-latest From d0b575f9733239db9cf56e1ddc20f407eb7e984a Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Tue, 25 Nov 2025 19:59:44 +0800 Subject: [PATCH 42/47] resolve beta release PR comments --- .github/workflows/release.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e357f51ed9..fc397c6d40 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,6 +20,10 @@ concurrency: group: release cancel-in-progress: true +defaults: + run: + shell: bash + jobs: get_version: runs-on: ubuntu-latest @@ -45,6 +49,7 @@ jobs: PKG_NAME: ${{ github.event.inputs.package_name }} REPO: ${{ github.repository }} RELEASE_BRANCH: ${{ github.event.inputs.release_branch_name }} + TRIGGER_BRANCH: ${{ github.ref_name }} NPM_DIST_TAG: ${{ github.event.inputs.npmjs_dist_tag }} run: | set -euo pipefail @@ -100,6 +105,11 @@ jobs: exit 1 fi + if [[ "$TRIGGER_BRANCH" != "main" ]]; then + echo "❌ Release pipeline can only be triggered from the 'main' branch. Current branch: '$TRIGGER_BRANCH'." >&2 + exit 1 + fi + { echo "NPM_DIST_TAG=$NPM_DIST_TAG" echo "RELEASE_BRANCH=$RELEASE_BRANCH" @@ -142,7 +152,6 @@ jobs: env: IS_BETA: ${{ steps.validate_inputs.outputs.is_beta }} PKG_NAME: ${{ github.event.inputs.package_name }} - NPM_DIST_TAG: ${{ github.event.inputs.npmjs_dist_tag }} run: | set -euo pipefail PKG_JSON="packages/${PKG_NAME}/package.json" @@ -156,12 +165,10 @@ jobs: exit 1 fi - NPM_DIST_TAG="${NPM_DIST_TAG:-latest}" if [[ "${IS_BETA:-false}" != "true" ]] && ! [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "With npmjs_dist_tag 'latest', version must be of the form x.y.z. Found '$VERSION'." >&2 exit 1 fi - echo "PACKAGE_VERSION=$VERSION" >> "$GITHUB_ENV" echo "package_version=$VERSION" >> "$GITHUB_OUTPUT" echo "dist_tag=${NPM_DIST_TAG}" >> "$GITHUB_OUTPUT" From 7b4273b87a04ce04f2dcfb8d21cf375fd0577c88 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Tue, 25 Nov 2025 21:02:40 +0800 Subject: [PATCH 43/47] fix beta dist tag --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fc397c6d40..f6f89a2ecf 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,7 +30,7 @@ jobs: name: Get release version from package.json outputs: package_version: ${{ steps.get_version.outputs.package_version }} - dist_tag: ${{ steps.get_version.outputs.dist_tag }} + dist_tag: ${{ steps.validate_inputs.outputs.dist_tag }} release_branch: ${{ steps.validate_inputs.outputs.release_branch }} release_pr_number: ${{ steps.validate_inputs.outputs.release_pr_number }} release_pr_url: ${{ steps.validate_inputs.outputs.release_pr_url }} @@ -144,6 +144,7 @@ jobs: echo "release_pr_number=$PR_NUMBER" echo "release_pr_url=$PR_URL" echo "is_beta=$IS_BETA" + echo "dist_tag=$NPM_DIST_TAG" } >> "$GITHUB_OUTPUT" @@ -170,7 +171,6 @@ jobs: exit 1 fi echo "package_version=$VERSION" >> "$GITHUB_OUTPUT" - echo "dist_tag=${NPM_DIST_TAG}" >> "$GITHUB_OUTPUT" run_faucet_test: name: Run faucet tests ${{ needs.get_version.outputs.package_version }} From c22dfd1939c909a9005a1ef63f26ca7e785ce26b Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Tue, 25 Nov 2025 22:37:34 +0800 Subject: [PATCH 44/47] update RELEASE.md --- RELEASE.md | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index f2dc4e4bb4..968c4c451f 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -10,21 +10,23 @@ You can manually trigger the release workflow from the [GitHub Actions UI](https ### **Before triggering a release** -1. Create a release branch. A qualified branch name should start with "release-" or "release/", case-insensitive. e.g: `release/xrpl@4.3.8`, `release-xrpl-4.3.8`, `Release/xrpl@4.3.8`. -2. Update the **`version`** field in `packages//package.json` to the intended release version. - ```json - { - "name": "", - "version": "x.y.z" - } - ``` -3. Run npm i to update the package-lock with the updated versions and commit the lock file to the release branch +**Stable release (`npmjs_dist_tag = latest`)** +1. Branch: must start with `release-` or `release/` (case-insensitive), e.g., `release/xrpl@4.3.8` or `release-xrpl-4.3.8`. +2. Version: `packages//package.json` must use strict SemVer `x.y.z`. +3. Tag: leave `npmjs_dist_tag` blank or set to `latest`. +4. Lockfile: run `npm i` to refresh `package-lock.json` and commit it. + +**Beta/experimental release (any other `npmjs_dist_tag`)** +1. Branch: no `release-`/`release/` naming requirement. +2. Version: `packages//package.json` can be prerelease/other valid SemVer. +3. Tag: choose a non-`latest` `npmjs_dist_tag` matching `[a-z][a-z0-9._-]{0,127}` and not starting with `v` + digit or a digit; the workflow publishes it as `-experimental`. +4. Lockfile: run `npm i` to refresh `package-lock.json` and commit it. ### **Triggering a Release** -1. Go to **GitHub → Actions → Release Pipeline → Run workflow** -2. Choose the release branch from dropdown -3. Fill in these fields: +1. Go to **GitHub → Actions → Release Pipeline → Run workflow** (must be triggered from `main`). +2. Fill in these fields: + - **release_branch_name** → Name of the release branch to run against. - **package_name** → The folder name under `packages/`, e.g., `xrpl` or `ripple-address-codec`. - **npmjs_dist_tag** → The npm distribution tag to publish under. Defaults to `latest`. - Examples: @@ -34,10 +36,11 @@ You can manually trigger the release workflow from the [GitHub Actions UI](https ➡️ Example: -| Field | Example | -|------------------|-----------------------| -| package_name | xrpl | -| npmjs_dist_tag | latest | +| Field | Example | +|---------------------|-----------------------| +| release_branch_name | release/xrpl@4.3.8 | +| package_name | xrpl | +| npmjs_dist_tag | latest | ### **Reviewing the release details and scan result** @@ -58,6 +61,7 @@ You can manually trigger the release workflow from the [GitHub Actions UI](https ### 2. **Run Tests** - Triggers the `faucet_test.yml` and `nodejs.yml` workflows to run unit, integration, and faucet tests against the specified Git ref. - Ensures the code at the given Git ref passes all tests. +- Tests are allowed to fail for beta releases. --- From 9ea2f61c996e7e2b9b006e25849520e71e7f1aa3 Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Wed, 26 Nov 2025 00:06:41 +0800 Subject: [PATCH 45/47] update RELEASE.md --- RELEASE.md | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index 968c4c451f..8cb5e1c633 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -10,17 +10,30 @@ You can manually trigger the release workflow from the [GitHub Actions UI](https ### **Before triggering a release** -**Stable release (`npmjs_dist_tag = latest`)** -1. Branch: must start with `release-` or `release/` (case-insensitive), e.g., `release/xrpl@4.3.8` or `release-xrpl-4.3.8`. -2. Version: `packages//package.json` must use strict SemVer `x.y.z`. -3. Tag: leave `npmjs_dist_tag` blank or set to `latest`. -4. Lockfile: run `npm i` to refresh `package-lock.json` and commit it. - -**Beta/experimental release (any other `npmjs_dist_tag`)** -1. Branch: no `release-`/`release/` naming requirement. -2. Version: `packages//package.json` can be prerelease/other valid SemVer. -3. Tag: choose a non-`latest` `npmjs_dist_tag` matching `[a-z][a-z0-9._-]{0,127}` and not starting with `v` + digit or a digit; the workflow publishes it as `-experimental`. -4. Lockfile: run `npm i` to refresh `package-lock.json` and commit it. +**Stable release ** +1. Create a release branch. A qualified branch name should start with "release-" or "release/", case-insensitive. e.g: `release/xrpl@4.3.8`, `release-xrpl-4.3.8`, `Release/xrpl@4.3.8`. +2. Raise a PR from the release branch to main branch +3. Update the **`version`** field in `packages//package.json` to the intended release version. + ```json + { + "name": "", + "version": "x.y.z" + } + ``` +4. Set `npm distribution tag` to `latest`. +5. Run npm i to update the package-lock with the updated versions and commit the lock file to the release branch + +**Beta release ** +1. Create a release branch. There is no restriction for branch name. +2. 2. Update the **`version`** field in `packages//package.json` to the intended beta release version. + ```json + { + "name": "", + "version": "x.y.z-.a" + } + ``` +3. Provide a non-`latest` `npm distribution tag` and not starting with `v` + digit or a digit. The workflow will automatically append `-experimental`, as `-experimental`. +4. Run `npm i` to refresh `package-lock.json` and commit it. ### **Triggering a Release** @@ -45,7 +58,7 @@ You can manually trigger the release workflow from the [GitHub Actions UI](https ### **Reviewing the release details and scan result** -1. The pipeline will pause at the "Print Test/Security scan result and invite Dev team to review" step and also before the final release step, relevant team should review the release details and scan result. +1. The pipeline will pause at the "Print Test/Security scan result and invite Dev team to review" step and also before the final release step, relevant team should review the release details and scan result. Stable release release will be reviewed by infosec team as Sec reviewer. Beta release will be reviewed by security champions from Dev team. --- From 9cb5792470a8a232b102eadaf0c84b94e1158dae Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Mon, 1 Dec 2025 19:26:05 +0800 Subject: [PATCH 46/47] resolve comments on RELEASE.md --- RELEASE.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index 8cb5e1c633..385fcb46ab 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -25,7 +25,7 @@ You can manually trigger the release workflow from the [GitHub Actions UI](https **Beta release ** 1. Create a release branch. There is no restriction for branch name. -2. 2. Update the **`version`** field in `packages//package.json` to the intended beta release version. +2. Update the **`version`** field in `packages//package.json` to the intended beta release version. ```json { "name": "", @@ -58,7 +58,7 @@ You can manually trigger the release workflow from the [GitHub Actions UI](https ### **Reviewing the release details and scan result** -1. The pipeline will pause at the "Print Test/Security scan result and invite Dev team to review" step and also before the final release step, relevant team should review the release details and scan result. Stable release release will be reviewed by infosec team as Sec reviewer. Beta release will be reviewed by security champions from Dev team. +1. The pipeline will pause at the "Print Test/Security scan result and invite Dev team to review" step and also before the final release step, relevant team should review the release details and scan result. Stable release will be reviewed by infosec team as Sec reviewer. Beta release will be reviewed by security champions from Dev team. --- From 3266411a443e639e0e429343294d310411bbd20e Mon Sep 17 00:00:00 2001 From: Shi Cheng Date: Tue, 2 Dec 2025 14:56:07 +0800 Subject: [PATCH 47/47] update RELEASE.md and only unit test for beta release --- .github/workflows/faucet_test.yml | 6 +++++ .github/workflows/nodejs.yml | 18 ++++++++++++++ .github/workflows/release.yml | 16 ++++++++----- RELEASE.md | 40 +++++++++++++++---------------- 4 files changed, 53 insertions(+), 27 deletions(-) diff --git a/.github/workflows/faucet_test.yml b/.github/workflows/faucet_test.yml index 9ee0af3e2b..fc96b18356 100644 --- a/.github/workflows/faucet_test.yml +++ b/.github/workflows/faucet_test.yml @@ -10,10 +10,16 @@ on: description: 'Git ref to checkout (branch, tag, or commit SHA)' required: true type: string + run_faucet_tests: + description: 'Run faucet tests job' + required: false + type: boolean + default: true jobs: faucet-test: + if: ${{ !(github.event_name == 'workflow_call' && inputs.run_faucet_tests == false) }} runs-on: ubuntu-latest timeout-minutes: 15 diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 569644abab..72f2ddf1f3 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -20,6 +20,21 @@ on: description: 'Git ref to checkout (branch, tag, or commit SHA)' required: true type: string + run_unit_tests: + description: 'Run unit tests job' + required: false + type: boolean + default: true + run_integration_tests: + description: 'Run integration tests job' + required: false + type: boolean + default: true + run_browser_tests: + description: 'Run browser tests job' + required: false + type: boolean + default: true jobs: build-and-lint: @@ -65,6 +80,7 @@ jobs: - run: npm run lint unit: + if: ${{ !(github.event_name == 'workflow_call' && inputs.run_unit_tests == false) }} runs-on: ubuntu-latest timeout-minutes: 10 @@ -108,6 +124,7 @@ jobs: - run: npm test integration: + if: ${{ !(github.event_name == 'workflow_call' && inputs.run_integration_tests == false) }} runs-on: ubuntu-latest timeout-minutes: 10 @@ -162,6 +179,7 @@ jobs: run: docker stop rippled-service browser: + if: ${{ !(github.event_name == 'workflow_call' && inputs.run_browser_tests == false) }} runs-on: ubuntu-latest timeout-minutes: 10 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f6f89a2ecf..9a4f0f75a8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -100,7 +100,7 @@ jobs: NPM_DIST_TAG="${NPM_DIST_TAG}-experimental" fi - if [ "$IS_BETA" != "true" ] && [[ ! "${RELEASE_BRANCH,,}" =~ ^release[-/] ]]; then + if [ "$IS_BETA" != "true" ] && [[ ! "${RELEASE_BRANCH}" =~ ^[Rr][Ee][Ll][Ee][Aa][Ss][Ee][-/] ]]; then echo "❌ Release branch '$RELEASE_BRANCH' must start with 'release-' or 'release/' for stable releases." >&2 exit 1 fi @@ -178,6 +178,7 @@ jobs: uses: ./.github/workflows/faucet_test.yml with: git_ref: ${{ needs.get_version.outputs.release_branch }} + run_faucet_tests: ${{ needs.get_version.outputs.is_beta != 'true' }} secrets: inherit run_tests: @@ -186,11 +187,14 @@ jobs: uses: ./.github/workflows/nodejs.yml with: git_ref: ${{ needs.get_version.outputs.release_branch }} + run_unit_tests: true + run_integration_tests: ${{ needs.get_version.outputs.is_beta != 'true' }} + run_browser_tests: ${{ needs.get_version.outputs.is_beta != 'true' }} secrets: inherit pre_release: runs-on: ubuntu-latest - if: ${{ always() && needs.get_version.result == 'success' && (needs.run_faucet_test.result == 'success' || needs.get_version.outputs.is_beta == 'true') && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} + if: ${{ always() && needs.get_version.result == 'success' && (needs.run_faucet_test.result == 'success' || needs.run_faucet_test.result == 'skipped') && needs.run_tests.result == 'success' }} needs: [get_version, run_faucet_test, run_tests] name: Pre Release Pipeline for ${{ needs.get_version.outputs.package_version }} permissions: @@ -358,7 +362,7 @@ jobs: ask_for_dev_team_review: runs-on: ubuntu-latest - if: ${{ always() && needs.pre_release.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} + if: ${{ always() && needs.pre_release.result == 'success' && needs.run_tests.result == 'success' && (needs.run_faucet_test.result == 'success' || needs.run_faucet_test.result == 'skipped') }} needs: [get_version, run_faucet_test, run_tests, pre_release] permissions: pull-requests: write @@ -493,7 +497,7 @@ jobs: first_review: runs-on: ubuntu-latest - if: ${{ always() && needs.ask_for_dev_team_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} + if: ${{ always() && needs.ask_for_dev_team_review.result == 'success' && needs.run_tests.result == 'success' && (needs.run_faucet_test.result == 'success' || needs.run_faucet_test.result == 'skipped') }} needs: [ get_version, @@ -512,7 +516,7 @@ jobs: ask_for_sec_team_review: runs-on: ubuntu-latest - if: ${{ always() && needs.first_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} + if: ${{ always() && needs.first_review.result == 'success' && needs.run_tests.result == 'success' && (needs.run_faucet_test.result == 'success' || needs.run_faucet_test.result == 'skipped') }} needs: [ get_version, @@ -552,7 +556,7 @@ jobs: permissions: id-token: write contents: write - if: ${{ always() && needs.ask_for_sec_team_review.result == 'success' && (needs.run_tests.result == 'success' || needs.get_version.outputs.is_beta == 'true') }} + if: ${{ always() && needs.ask_for_sec_team_review.result == 'success' && needs.run_tests.result == 'success' && (needs.run_faucet_test.result == 'success' || needs.run_faucet_test.result == 'skipped') }} needs: [ get_version, diff --git a/RELEASE.md b/RELEASE.md index 385fcb46ab..f0a9e50947 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -11,7 +11,7 @@ You can manually trigger the release workflow from the [GitHub Actions UI](https ### **Before triggering a release** **Stable release ** -1. Create a release branch. A qualified branch name should start with "release-" or "release/", case-insensitive. e.g: `release/xrpl@4.3.8`, `release-xrpl-4.3.8`, `Release/xrpl@4.3.8`. +1. Create a release branch. A qualified branch name should start with "release-" or "release/", **case-insensitive**. e.g: `release/xrpl@4.3.8`, `release-xrpl-4.3.8`, `Release/xrpl@4.3.8`. 2. Raise a PR from the release branch to main branch 3. Update the **`version`** field in `packages//package.json` to the intended release version. ```json @@ -20,8 +20,7 @@ You can manually trigger the release workflow from the [GitHub Actions UI](https "version": "x.y.z" } ``` -4. Set `npm distribution tag` to `latest`. -5. Run npm i to update the package-lock with the updated versions and commit the lock file to the release branch +4. Run npm i to refresh package-lock.json and commit it. **Beta release ** 1. Create a release branch. There is no restriction for branch name. @@ -32,28 +31,27 @@ You can manually trigger the release workflow from the [GitHub Actions UI](https "version": "x.y.z-.a" } ``` -3. Provide a non-`latest` `npm distribution tag` and not starting with `v` + digit or a digit. The workflow will automatically append `-experimental`, as `-experimental`. -4. Run `npm i` to refresh `package-lock.json` and commit it. +3. Run `npm i` to refresh `package-lock.json` and commit it. ### **Triggering a Release** 1. Go to **GitHub → Actions → Release Pipeline → Run workflow** (must be triggered from `main`). -2. Fill in these fields: - - **release_branch_name** → Name of the release branch to run against. - - **package_name** → The folder name under `packages/`, e.g., `xrpl` or `ripple-address-codec`. - - **npmjs_dist_tag** → The npm distribution tag to publish under. Defaults to `latest`. - - Examples: - - `latest` → Standard production release - - `beta` → Pre-release for testing - - `rc` → Release candidate -➡️ Example: +2. Triggering the workflow with following requied inputs: -| Field | Example | -|---------------------|-----------------------| -| release_branch_name | release/xrpl@4.3.8 | -| package_name | xrpl | -| npmjs_dist_tag | latest | + - **Stable release** + - `release_branch_name`: e.g., `release/xrpl@4.3.8` or `release-xrpl-4.3.8` (must start with `release-`/`release/`, **case-insensitive**). + - `package_name`: e.g., `xrpl`. + - `npmjs_dist_tag`: `latest`. + + Example: `release_branch_name=release/xrpl@4.3.8`, `package_name=xrpl`, `npmjs_dist_tag=latest`. + + - **Beta release** (publishes as `-experimental`) + - `release_branch_name`: e.g., `feature/xrpl-beta` (no naming restriction). + - `package_name`: e.g., `xrpl`. + - `npmjs_dist_tag`: a non-`latest` tag like `beta` or `rc` (must match `[a-z][a-z0-9._-]{0,127}` and not start with `v` + digit or a digit). + + Example: `release_branch_name=feature/xrpl-beta`, `package_name=xrpl`, `npmjs_dist_tag=feature-a` (will be published as `feature-a-experimental`, `-experimental` will be automatically appended by the workflow). ### **Reviewing the release details and scan result** @@ -67,14 +65,14 @@ You can manually trigger the release workflow from the [GitHub Actions UI](https ### 1. **Get Package Version** - Extracts the version from `packages//package.json`. -- No manual version input is required. +- Validate inputs. --- ### 2. **Run Tests** - Triggers the `faucet_test.yml` and `nodejs.yml` workflows to run unit, integration, and faucet tests against the specified Git ref. - Ensures the code at the given Git ref passes all tests. -- Tests are allowed to fail for beta releases. +- Integration tests and faucet tests will be skipped for beta release. ---