Merge pull request #4 from jescalada/1517-gitlabflow-workflow-fixes

ci: gitlabflow workflow fixes

Author: jescalada

.github/release-branch-drafter.yml

@@ -0,0 +1,33 @@
+name: Release Drafter (Release Branches)
+
+on:
+  push:
+    branches:
+      - 'release/**'
+  pull_request:
+    # needed so autolabeler runs on PRs from forks before merge,
+    # for when PR is finally merged into a release branch.
+    types: [opened, reopened, synchronize]
+
+permissions:
+  contents: read
+
+jobs:
+  update_release_draft:
+    permissions:
+      contents: write # needed to create/update the draft release
+      pull-requests: write # needed for the autolabeler
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0
+        with:
+          egress-policy: audit
+
+      - uses: release-drafter/release-drafter@v6
+        with:
+          # Target the branch that triggered this run
+          # Ex: "release/2.1" becomes the commitish for the draft
+          commitish: ${{ github.ref_name }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/release-drafter.yml

@@ -1,4 +1,3 @@
----
 name-template: 'Version $RESOLVED_VERSION'
 tag-template: 'v$RESOLVED_VERSION'
 change-template: '- $TITLE @$AUTHOR (#$NUMBER)'
@@ -9,7 +8,7 @@ template: |
 
   ---
 
-  *Full Changelog**: https://github.com/finos/git-proxy/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION
+  **Full Changelog**: https://github.com/finos/git-proxy/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION
 
 categories:
   - title: '🚀 Features'
@@ -44,10 +43,7 @@ version-resolver:
 autolabeler:
   - label: 'automation'
     title:
-      - '/^(ci|perf|refactor|test).*/i'
-  - label: 'enhancement'
-    title:
-      - '/^(style).*/i'
+      - '/^(ci|perf|refactor|test|style).*/i'
   - label: 'documentation'
     title:
       - '/^(docs).*/i'

.github/workflows/npm.yml

@@ -2,6 +2,17 @@ name: Publish to NPM
 on:
   release:
     types: [published]
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: 'Dry run only (no actual publish)'
+        required: false
+        default: 'true'
+        type: choice
+        options:
+          - 'true'
+          - 'false'
+
 permissions:
   contents: read
   id-token: write
@@ -16,21 +27,52 @@ jobs:
           egress-policy: audit
 
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      # Setup .npmrc file to publish to npm
       - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
         with:
           node-version: '24'
           registry-url: 'https://registry.npmjs.org'
       - run: npm ci
       - run: npm run build
 
-      - name: Check if pre-release and publish to NPM
+      - name: Determine dist-tag and publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          DRY_RUN: ${{ github.event_name == 'workflow_dispatch' && inputs.dry_run || 'false' }}
         run: |
+          set -euo pipefail
           VERSION=$(node -p "require('./package.json').version")
+          PKG_NAME=$(node -p "require('./package.json').name")
+          echo "Publishing $PKG_NAME@$VERSION"
+
+          # Build the publish command flags.
+          PUBLISH_FLAGS=(--access=public)
+          if [[ "$DRY_RUN" == "true" ]]; then
+            PUBLISH_FLAGS+=(--dry-run)
+            echo "DRY RUN — nothing will actually be published."
+          fi
+
+          # Pre-releases (ex: 2.1.0-rc.1) get tagged as 'rc'
           if [[ "$VERSION" == *"-"* ]]; then
-            echo "Publishing pre-release: $VERSION"
-            npm publish --access=public --tag rc
+            echo "Pre-release detected, publishing under 'rc' tag"
+            npm publish "${PUBLISH_FLAGS[@]}" --tag rc
+            exit 0
+          fi
+
+          # Look up current 'latest' on NPM. If never published before,
+          # defaults to 0.0.0 so any release (0.1.0, 1.0.0, etc.) becomes latest
+          CURRENT_LATEST=$(npm view "$PKG_NAME" version 2>/dev/null || echo "0.0.0")
+          echo "Current 'latest' on npm: $CURRENT_LATEST"
+
+          # If this version is strictly greater than the current 'latest',
+          # it becomes latest
+          if npx --yes semver "$VERSION" -r ">$CURRENT_LATEST" >/dev/null 2>&1; then
+            echo "Publishing as 'latest'"
+            npm publish "${PUBLISH_FLAGS[@]}"
           else
-            echo "Publishing stable release: $VERSION"
-            npm publish --access=public
+            # Otherwise, this is a maintenance release on an older line
+            # Tag as v<major>.<minor> so users can pin to it
+            MAJOR_MINOR=$(echo "$VERSION" | cut -d. -f1,2)
+            DIST_TAG="v${MAJOR_MINOR}"
+            echo "Maintenance release detected, publishing under '$DIST_TAG' tag"
+            npm publish "${PUBLISH_FLAGS[@]}" --tag "$DIST_TAG"
           fi

experimental/li-cli/package.json

@@ -1,5 +1,5 @@
 {
-  "name": "@finos/git-proxy-li-cli",
+  "name": "@jescalada/git-proxy-li-cli",
   "version": "0.0.1",
   "author": "git-proxy contributors",
   "license": "Apache-2.0",

experimental/license-inventory/package.json

@@ -1,5 +1,5 @@
 {
-  "name": "@finos/git-proxy-license-inventory",
+  "name": "@jescalada/git-proxy-license-inventory",
   "version": "0.0.2",
   "author": "git-proxy contributors",
   "license": "Apache-2.0",