Publishing

Overview

We use a combination of tools from lerna and pnpm to handle publishing these packages. All publications run from the main branch, and do not rely on CI. This assumes that our main branch is always in a deployable state.

Github Path

The normal path to publishing the packages in this monorepo is:

1. Once a week (as defined as Github Action in .github/workflows/publish.yml) the main branch will publish packages to the next tag as a pre-release. Pre-release versions have alpha in their patch ranges, ie: v1.2.3-alpha.0. Publishing is handled automatically by Github Actions.
2. When you want to release a stable release, Github will publish a new patch version, publishing the mainline latest-tag that Grouparoo customers use. This is done by running the Github Action manually from the web:

Both methods of publishing will also create a new Github release and generate release notes from our Pull Requests. This is done by the lerna-changelog package. Only Pull Requests with labels will be included. Release Notes can be viewed at github.com/grouparoo/grouparoo/releases.

If you want to make a change larger than a semver patch bump, you will first need to to update the version in lerna.json.

Local Publishing Path

You can also publish packages locally via the /bin/publish script in the monorepo. This is the same script that CI uses. You need to provide a release type, e.g.: ./bin/publish alpha.

1. Be sure you have no working changes in your git branch (git reset --hard origin/main)
2. Ensure you are logged into NPM as a user who has publish rights to the @grouparoo organization on NPM. Check with npm whoami
3. Ensure you have the GITHUB_AUTH environment variable set. This is a Github PAT token which is needed to automatically publish our release notes for the new version. You can include this as part of the publish command in-line.
4. Run GITHUB_AUTH=xxx ./bin/publish alpha from the root of the monorepo.
   • This will also run npm prepare in all packages, building the javascript releases as needed
   • You may be asked for your NPM 2FA code before the process completes.
   • Release notes will be automatically created by learna changelog

What Can Go Wrong?

• If CI doesn't pass, no packages will be published
• There may be problems publishing to NPM (rare HTTP timeouts). If this happens you will need to publish individual packages that had trouble. You can do this by pulling the latest commit Lerna has made with the updated version numbers (git pull) and cd-ing into the package folder and running npm publish --tag alpha or npm publish --tag latest. DO NOT FORGET THE --tag flag!

Notes

• There is a ~5 min delay upon publishing a new NPM package to seeing it in the CLI and npmjs.com website. Just wait!
• If your NPM account requires 2FA (which it should!) Lerna will ask you for a code in the CLI as part of the publish process. Watch out for the prompt, as it is time-sensitive.

Future Work

• Using either semantic-release or tags from our Pull Requests, we can determine if the next version to publish is a breaking-change or not, and determine if the next version number should be a major/minor/patch change.
• Automatically publish mainline releases.

CI Notes

CI uses a few secrets for authentication:

• GITHUB_AUTH - a Github PAT token. This is stored as an environment variable within Github.
• NPM_TOKEN - a NPM access token. This is stored as an environment variable within Github.