This repository was archived by the owner on Feb 24, 2026. It is now read-only.
feat: split end-user exposure from live CI execution policy #8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release-node | ||
|
Check failure on line 1 in .github/workflows/release-node.yaml
|
||
| on: | ||
| push: | ||
| tags: | ||
| - "npm-v*" | ||
| workflow_dispatch: | ||
| inputs: | ||
| version_tag: | ||
| description: "Node tag (npm-vX.Y.Z)" | ||
| required: true | ||
| type: string | ||
| permissions: | ||
| contents: write | ||
| id-token: write | ||
| jobs: | ||
| publish: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| - name: Setup Python | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: "3.12" | ||
| - name: Install python package | ||
| run: | | ||
| python -m pip install --upgrade pip | ||
| python -m pip install -e . | ||
| - name: Validate operation-id mappings | ||
| run: | | ||
| python3 scripts/check_operation_id_mappings.py | ||
| - name: Run CLI smoke gate | ||
| run: | | ||
| bash scripts/release_readiness.sh --skip-tests --skip-node | ||
| - name: Run live 71-op release gate | ||
| if: ${{ secrets.AGENTICFLOW_PUBLIC_API_KEY != '' }} | ||
| env: | ||
| AGENTICFLOW_PUBLIC_API_KEY: ${{ secrets.AGENTICFLOW_PUBLIC_API_KEY }} | ||
| NEXT_PUBLIC_BASE_API_URL: ${{ secrets.AGENTICFLOW_BASE_URL }} | ||
| run: | | ||
| bash scripts/release_readiness.sh --skip-tests --skip-node --live-ops-gate | ||
| - name: Setup Node | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: "22" | ||
| registry-url: "https://registry.npmjs.org" | ||
| - name: Validate tag and sync package version | ||
| id: meta | ||
| shell: bash | ||
| run: | | ||
| set -euo pipefail | ||
| if [[ "${GITHUB_EVENT_NAME}" == "workflow_dispatch" ]]; then | ||
| TAG="${{ inputs.version_tag }}" | ||
| else | ||
| TAG="${GITHUB_REF_NAME}" | ||
| fi | ||
| if [[ ! "${TAG}" =~ ^npm-v([0-9]+\.[0-9]+\.[0-9]+)$ ]]; then | ||
| echo "Expected npm-vX.Y.Z, got: ${TAG}" >&2 | ||
| exit 1 | ||
| fi | ||
| VERSION="${BASH_REMATCH[1]}" | ||
| npm version "${VERSION}" --no-git-tag-version | ||
| echo "tag=${TAG}" >> "$GITHUB_OUTPUT" | ||
| echo "version=${VERSION}" >> "$GITHUB_OUTPUT" | ||
| - name: Ensure npm supports trusted publishing | ||
| run: | | ||
| npm i -g npm@11.5.1 | ||
| npm --version | ||
| - name: Pack npm artifact | ||
| run: | | ||
| npm pack | ||
| - name: Publish to npm (Trusted Publishing) | ||
| run: | | ||
| npm publish --access public | ||
