From 86682b778763d0e2993736395155ed5e02caf964 Mon Sep 17 00:00:00 2001 From: harishsundar-okta Date: Wed, 10 Dec 2025 18:07:41 +0530 Subject: [PATCH 1/6] feat: enable auto-merge and allow actions to create prs version bump --- .github/workflows/publish-public-npm.yml | 135 +++++++++++++++++++++++ 1 file changed, 135 insertions(+) diff --git a/.github/workflows/publish-public-npm.yml b/.github/workflows/publish-public-npm.yml index 95612d1f..1b5c2846 100644 --- a/.github/workflows/publish-public-npm.yml +++ b/.github/workflows/publish-public-npm.yml @@ -45,6 +45,7 @@ on: permissions: contents: write id-token: write + pull-requests: write jobs: publish: @@ -53,6 +54,7 @@ jobs: permissions: contents: write id-token: write + pull-requests: write steps: - name: Checkout repository @@ -373,6 +375,139 @@ jobs: prerelease: ${{ env.REACT_TAG != 'latest' }} draft: false + - name: Create PR to update package versions + id: create-version-pr + if: | + github.event.inputs.dry_run != 'true' && + (steps.publish-core.outputs.published == 'true' || steps.publish-react.outputs.published == 'true') + run: | + echo "Creating PR to update package.json versions..." + + # Configure git with GitHub Actions bot (creates the PR) + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + # Create a new branch + BRANCH_NAME="chore/update-package-versions-$(date +%s)" + git checkout -b "$BRANCH_NAME" + + # Update package.json files with published versions + if [ "${{ steps.publish-core.outputs.published }}" = "true" ]; then + cd packages/core + node -e " + const pkg = require('./package.json'); + pkg.version = '${{ steps.publish-core.outputs.version }}'; + require('fs').writeFileSync('./package.json', JSON.stringify(pkg, null, 2) + '\n'); + " + git add package.json + cd ../.. + fi + + if [ "${{ steps.publish-react.outputs.published }}" = "true" ]; then + cd packages/react + node -e " + const pkg = require('./package.json'); + pkg.version = '${{ steps.publish-react.outputs.version }}'; + if (pkg.dependencies && pkg.dependencies['@auth0/universal-components-core']) { + pkg.dependencies['@auth0/universal-components-core'] = '${{ steps.publish-core.outputs.version }}'; + } + require('fs').writeFileSync('./package.json', JSON.stringify(pkg, null, 2) + '\n'); + " + git add package.json + cd ../.. + fi + + # Check if there are changes to commit + if ! git diff --staged --quiet; then + # Commit and push changes + COMMIT_MSG="chore: update package versions after npm publish + + - @auth0/universal-components-core: ${{ steps.publish-core.outputs.version }} + - @auth0/universal-components-react: ${{ steps.publish-react.outputs.version }} + + Published to npm with tags: + - Core: ${{ env.CORE_TAG }} + - React: ${{ env.REACT_TAG }}" + + git commit -m "$COMMIT_MSG" + git push origin "$BRANCH_NAME" + + # Create PR using GitHub CLI + PR_BODY="## Summary + + Updates package.json versions to match the packages published to npm. + + ## Changes + + " + + if [ "${{ steps.publish-core.outputs.published }}" = "true" ]; then + PR_BODY="${PR_BODY}- \`@auth0/universal-components-core\`: \`${{ steps.publish-core.outputs.version }}\` (tag: \`${{ env.CORE_TAG }}\`) + " + fi + + if [ "${{ steps.publish-react.outputs.published }}" = "true" ]; then + PR_BODY="${PR_BODY}- \`@auth0/universal-components-react\`: \`${{ steps.publish-react.outputs.version }}\` (tag: \`${{ env.REACT_TAG }}\`) + " + fi + + PR_BODY="${PR_BODY} + ## Published Packages + + " + + if [ "${{ steps.publish-core.outputs.published }}" = "true" ]; then + PR_BODY="${PR_BODY}- [View @auth0/universal-components-core on npm](https://www.npmjs.com/package/@auth0/universal-components-core/v/${{ steps.publish-core.outputs.version }}) + " + fi + + if [ "${{ steps.publish-react.outputs.published }}" = "true" ]; then + PR_BODY="${PR_BODY}- [View @auth0/universal-components-react on npm](https://www.npmjs.com/package/@auth0/universal-components-react/v/${{ steps.publish-react.outputs.version }}) + " + fi + + PR_BODY="${PR_BODY} + --- + *Auto-generated by publish workflow: [\`${{ github.run_id }}\`](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})*" + + # Create PR + PR_URL=$(gh pr create \ + --title "chore: update package versions after npm publish" \ + --body "$PR_BODY" \ + --base main \ + --head "$BRANCH_NAME") + + echo "Created PR: $PR_URL" + + # Extract PR number + PR_NUMBER=$(echo "$PR_URL" | grep -oE '[0-9]+$') + + echo "PR #$PR_NUMBER created by github-actions[bot]" + echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT + echo "pr_url=$PR_URL" >> $GITHUB_OUTPUT + else + echo "No version changes to commit" + fi + + - name: Approve and auto-merge PR + id: approve-pr + if: | + github.event.inputs.dry_run != 'true' && + steps.create-version-pr.outputs.pr_number != '' + env: + GH_TOKEN: ${{ secrets.SVC_PAT }} + run: | + PR_NUMBER="${{ steps.create-version-pr.outputs.pr_number }}" + echo "Approving PR #$PR_NUMBER using service account..." + + # Auto-approve PR using service account token + gh pr review "$PR_NUMBER" --approve --body "✅ Auto-approved by service account after successful npm publish" + + # Enable auto-merge + gh pr merge "$PR_NUMBER" --auto --squash --delete-branch + + echo "PR #$PR_NUMBER approved and set to auto-merge" + - name: Restore package.json files if: always() run: | From 9830e8fbe94b81caf53a9cd5bd9702ddff154b4d Mon Sep 17 00:00:00 2001 From: harishsundar-okta Date: Wed, 10 Dec 2025 18:11:25 +0530 Subject: [PATCH 2/6] feat: auto-approve and merge version bump prs after npm publish --- .github/workflows/publish-public-npm.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish-public-npm.yml b/.github/workflows/publish-public-npm.yml index 1b5c2846..83941ed1 100644 --- a/.github/workflows/publish-public-npm.yml +++ b/.github/workflows/publish-public-npm.yml @@ -489,7 +489,7 @@ jobs: echo "No version changes to commit" fi - - name: Approve and auto-merge PR + - name: Approve and merge PR id: approve-pr if: | github.event.inputs.dry_run != 'true' && @@ -498,15 +498,15 @@ jobs: GH_TOKEN: ${{ secrets.SVC_PAT }} run: | PR_NUMBER="${{ steps.create-version-pr.outputs.pr_number }}" - echo "Approving PR #$PR_NUMBER using service account..." + echo "Approving and merging PR #$PR_NUMBER using service account..." # Auto-approve PR using service account token gh pr review "$PR_NUMBER" --approve --body "✅ Auto-approved by service account after successful npm publish" - # Enable auto-merge - gh pr merge "$PR_NUMBER" --auto --squash --delete-branch + # Merge PR immediately + gh pr merge "$PR_NUMBER" --squash --delete-branch - echo "PR #$PR_NUMBER approved and set to auto-merge" + echo "PR #$PR_NUMBER approved and merged" - name: Restore package.json files if: always() From cfae99257285d3defd928a3d688466443637a915 Mon Sep 17 00:00:00 2001 From: harishsundar-okta Date: Wed, 10 Dec 2025 18:18:37 +0530 Subject: [PATCH 3/6] feat: add gh_token for pr creation step --- .github/workflows/publish-public-npm.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish-public-npm.yml b/.github/workflows/publish-public-npm.yml index 83941ed1..a9ef7221 100644 --- a/.github/workflows/publish-public-npm.yml +++ b/.github/workflows/publish-public-npm.yml @@ -78,7 +78,9 @@ jobs: run: pnpm install --frozen-lockfile - name: Build packages - run: pnpm run build + run: | + pnpm --filter @auth0/universal-components-core build + pnpm --filter @auth0/universal-components-react build - name: Detect versions and npm tags id: detect @@ -380,6 +382,8 @@ jobs: if: | github.event.inputs.dry_run != 'true' && (steps.publish-core.outputs.published == 'true' || steps.publish-react.outputs.published == 'true') + env: + GH_TOKEN: ${{ github.token }} run: | echo "Creating PR to update package.json versions..." From ef98421aaee2492bf0acaad49bcd81018a9e938c Mon Sep 17 00:00:00 2001 From: harishsundar-okta Date: Wed, 10 Dec 2025 18:23:31 +0530 Subject: [PATCH 4/6] feat: add version-only pr mode to publish workflow --- .github/workflows/publish-public-npm.yml | 171 ++++++++++++++++------- 1 file changed, 121 insertions(+), 50 deletions(-) diff --git a/.github/workflows/publish-public-npm.yml b/.github/workflows/publish-public-npm.yml index a9ef7221..0b62d808 100644 --- a/.github/workflows/publish-public-npm.yml +++ b/.github/workflows/publish-public-npm.yml @@ -36,6 +36,11 @@ on: required: false type: boolean default: true + create_version_pr_only: + description: "Skip publish and only create version bump PR" + required: false + type: boolean + default: false skip_slack_notification: description: "Skip Slack notification" required: false @@ -215,7 +220,8 @@ jobs: - name: Publish Core package to public npm id: publish-core if: | - (env.PACKAGES_INPUT == 'both' || env.PACKAGES_INPUT == 'core') + (env.PACKAGES_INPUT == 'both' || env.PACKAGES_INPUT == 'core') && + github.event.inputs.create_version_pr_only != 'true' working-directory: ./packages/core env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} @@ -241,7 +247,8 @@ jobs: - name: Publish React package to public npm id: publish-react if: | - (env.PACKAGES_INPUT == 'both' || env.PACKAGES_INPUT == 'react') + (env.PACKAGES_INPUT == 'both' || env.PACKAGES_INPUT == 'react') && + github.event.inputs.create_version_pr_only != 'true' working-directory: ./packages/react env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} @@ -381,7 +388,9 @@ jobs: id: create-version-pr if: | github.event.inputs.dry_run != 'true' && - (steps.publish-core.outputs.published == 'true' || steps.publish-react.outputs.published == 'true') + (steps.publish-core.outputs.published == 'true' || + steps.publish-react.outputs.published == 'true' || + github.event.inputs.create_version_pr_only == 'true') env: GH_TOKEN: ${{ github.token }} run: | @@ -395,36 +404,71 @@ jobs: BRANCH_NAME="chore/update-package-versions-$(date +%s)" git checkout -b "$BRANCH_NAME" - # Update package.json files with published versions - if [ "${{ steps.publish-core.outputs.published }}" = "true" ]; then - cd packages/core - node -e " - const pkg = require('./package.json'); - pkg.version = '${{ steps.publish-core.outputs.version }}'; - require('fs').writeFileSync('./package.json', JSON.stringify(pkg, null, 2) + '\n'); - " - git add package.json - cd ../.. - fi - - if [ "${{ steps.publish-react.outputs.published }}" = "true" ]; then - cd packages/react - node -e " - const pkg = require('./package.json'); - pkg.version = '${{ steps.publish-react.outputs.version }}'; - if (pkg.dependencies && pkg.dependencies['@auth0/universal-components-core']) { - pkg.dependencies['@auth0/universal-components-core'] = '${{ steps.publish-core.outputs.version }}'; - } - require('fs').writeFileSync('./package.json', JSON.stringify(pkg, null, 2) + '\n'); - " - git add package.json - cd ../.. + # Update package.json files with target versions + if [ "${{ github.event.inputs.create_version_pr_only }}" = "true" ]; then + # PR-only mode: use input versions directly + if [ "$PACKAGES_INPUT" = "both" ] || [ "$PACKAGES_INPUT" = "core" ]; then + cd packages/core + node -e " + const pkg = require('./package.json'); + pkg.version = process.env.CORE_VER; + require('fs').writeFileSync('./package.json', JSON.stringify(pkg, null, 2) + '\n'); + " + git add package.json + cd ../.. + fi + + if [ "$PACKAGES_INPUT" = "both" ] || [ "$PACKAGES_INPUT" = "react" ]; then + cd packages/react + node -e " + const pkg = require('./package.json'); + pkg.version = process.env.REACT_VER; + if (pkg.dependencies && pkg.dependencies['@auth0/universal-components-core']) { + pkg.dependencies['@auth0/universal-components-core'] = process.env.CORE_VER; + } + require('fs').writeFileSync('./package.json', JSON.stringify(pkg, null, 2) + '\n'); + " + git add package.json + cd ../.. + fi + else + # Normal mode: use published versions + if [ "${{ steps.publish-core.outputs.published }}" = "true" ]; then + cd packages/core + node -e " + const pkg = require('./package.json'); + pkg.version = '${{ steps.publish-core.outputs.version }}'; + require('fs').writeFileSync('./package.json', JSON.stringify(pkg, null, 2) + '\n'); + " + git add package.json + cd ../.. + fi + + if [ "${{ steps.publish-react.outputs.published }}" = "true" ]; then + cd packages/react + node -e " + const pkg = require('./package.json'); + pkg.version = '${{ steps.publish-react.outputs.version }}'; + if (pkg.dependencies && pkg.dependencies['@auth0/universal-components-core']) { + pkg.dependencies['@auth0/universal-components-core'] = '${{ steps.publish-core.outputs.version }}'; + } + require('fs').writeFileSync('./package.json', JSON.stringify(pkg, null, 2) + '\n'); + " + git add package.json + cd ../.. + fi fi # Check if there are changes to commit if ! git diff --staged --quiet; then # Commit and push changes - COMMIT_MSG="chore: update package versions after npm publish + if [ "${{ github.event.inputs.create_version_pr_only }}" = "true" ]; then + COMMIT_MSG="chore: bump package versions + + - @auth0/universal-components-core: $CORE_VER + - @auth0/universal-components-react: $REACT_VER" + else + COMMIT_MSG="chore: update package versions after npm publish - @auth0/universal-components-core: ${{ steps.publish-core.outputs.version }} - @auth0/universal-components-react: ${{ steps.publish-react.outputs.version }} @@ -432,51 +476,78 @@ jobs: Published to npm with tags: - Core: ${{ env.CORE_TAG }} - React: ${{ env.REACT_TAG }}" + fi git commit -m "$COMMIT_MSG" git push origin "$BRANCH_NAME" # Create PR using GitHub CLI - PR_BODY="## Summary + if [ "${{ github.event.inputs.create_version_pr_only }}" = "true" ]; then + PR_TITLE="chore: bump package versions" + PR_BODY="## Summary + + Bumps package.json versions for upcoming release. + + ## Changes + + " + + if [ "$PACKAGES_INPUT" = "both" ] || [ "$PACKAGES_INPUT" = "core" ]; then + PR_BODY="${PR_BODY}- \`@auth0/universal-components-core\`: \`$CORE_VER\` + " + fi + + if [ "$PACKAGES_INPUT" = "both" ] || [ "$PACKAGES_INPUT" = "react" ]; then + PR_BODY="${PR_BODY}- \`@auth0/universal-components-react\`: \`$REACT_VER\` + " + fi + + PR_BODY="${PR_BODY} + --- + *Auto-generated by publish workflow (version bump only): [\`${{ github.run_id }}\`](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})*" + else + PR_TITLE="chore: update package versions after npm publish" + PR_BODY="## Summary Updates package.json versions to match the packages published to npm. ## Changes " - - if [ "${{ steps.publish-core.outputs.published }}" = "true" ]; then - PR_BODY="${PR_BODY}- \`@auth0/universal-components-core\`: \`${{ steps.publish-core.outputs.version }}\` (tag: \`${{ env.CORE_TAG }}\`) + + if [ "${{ steps.publish-core.outputs.published }}" = "true" ]; then + PR_BODY="${PR_BODY}- \`@auth0/universal-components-core\`: \`${{ steps.publish-core.outputs.version }}\` (tag: \`${{ env.CORE_TAG }}\`) " - fi - - if [ "${{ steps.publish-react.outputs.published }}" = "true" ]; then - PR_BODY="${PR_BODY}- \`@auth0/universal-components-react\`: \`${{ steps.publish-react.outputs.version }}\` (tag: \`${{ env.REACT_TAG }}\`) + fi + + if [ "${{ steps.publish-react.outputs.published }}" = "true" ]; then + PR_BODY="${PR_BODY}- \`@auth0/universal-components-react\`: \`${{ steps.publish-react.outputs.version }}\` (tag: \`${{ env.REACT_TAG }}\`) " - fi - - PR_BODY="${PR_BODY} + fi + + PR_BODY="${PR_BODY} ## Published Packages " - - if [ "${{ steps.publish-core.outputs.published }}" = "true" ]; then - PR_BODY="${PR_BODY}- [View @auth0/universal-components-core on npm](https://www.npmjs.com/package/@auth0/universal-components-core/v/${{ steps.publish-core.outputs.version }}) + + if [ "${{ steps.publish-core.outputs.published }}" = "true" ]; then + PR_BODY="${PR_BODY}- [View @auth0/universal-components-core on npm](https://www.npmjs.com/package/@auth0/universal-components-core/v/${{ steps.publish-core.outputs.version }}) " - fi - - if [ "${{ steps.publish-react.outputs.published }}" = "true" ]; then - PR_BODY="${PR_BODY}- [View @auth0/universal-components-react on npm](https://www.npmjs.com/package/@auth0/universal-components-react/v/${{ steps.publish-react.outputs.version }}) + fi + + if [ "${{ steps.publish-react.outputs.published }}" = "true" ]; then + PR_BODY="${PR_BODY}- [View @auth0/universal-components-react on npm](https://www.npmjs.com/package/@auth0/universal-components-react/v/${{ steps.publish-react.outputs.version }}) " - fi - - PR_BODY="${PR_BODY} + fi + + PR_BODY="${PR_BODY} --- *Auto-generated by publish workflow: [\`${{ github.run_id }}\`](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})*" + fi # Create PR PR_URL=$(gh pr create \ - --title "chore: update package versions after npm publish" \ + --title "$PR_TITLE" \ --body "$PR_BODY" \ --base main \ --head "$BRANCH_NAME") From db836bd8f484583959854e1a4e3cb2ca92edf491 Mon Sep 17 00:00:00 2001 From: harishsundar-okta Date: Wed, 10 Dec 2025 18:28:42 +0530 Subject: [PATCH 5/6] fix: updated the skip logic --- .github/workflows/publish-public-npm.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish-public-npm.yml b/.github/workflows/publish-public-npm.yml index 0b62d808..16165801 100644 --- a/.github/workflows/publish-public-npm.yml +++ b/.github/workflows/publish-public-npm.yml @@ -387,10 +387,10 @@ jobs: - name: Create PR to update package versions id: create-version-pr if: | - github.event.inputs.dry_run != 'true' && - (steps.publish-core.outputs.published == 'true' || - steps.publish-react.outputs.published == 'true' || - github.event.inputs.create_version_pr_only == 'true') + (github.event.inputs.dry_run != 'true' && + (steps.publish-core.outputs.published == 'true' || + steps.publish-react.outputs.published == 'true')) || + github.event.inputs.create_version_pr_only == 'true' env: GH_TOKEN: ${{ github.token }} run: | From 347b6686962803389af053f05024e799ef5e954b Mon Sep 17 00:00:00 2001 From: harishsundar-okta Date: Wed, 10 Dec 2025 18:35:47 +0530 Subject: [PATCH 6/6] fix: update pr auto merge logic --- .github/workflows/publish-public-npm.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-public-npm.yml b/.github/workflows/publish-public-npm.yml index 16165801..dd6bece9 100644 --- a/.github/workflows/publish-public-npm.yml +++ b/.github/workflows/publish-public-npm.yml @@ -567,8 +567,8 @@ jobs: - name: Approve and merge PR id: approve-pr if: | - github.event.inputs.dry_run != 'true' && - steps.create-version-pr.outputs.pr_number != '' + steps.create-version-pr.outputs.pr_number != '' && + (github.event.inputs.dry_run != 'true' || github.event.inputs.create_version_pr_only == 'true') env: GH_TOKEN: ${{ secrets.SVC_PAT }} run: |