name: Next Publish # Manual pre-release. Click "Run workflow" in the Actions tab to stamp a # version and publish @next to npm. Optional approval gate via the `next` # GitHub Environment (configure reviewers in repo Settings -> Environments). on: workflow_dispatch: inputs: ref: description: 'Branch or SHA to publish as @next' required: false default: 'next' concurrency: group: next-publish-${{ github.event.inputs.ref }} cancel-in-progress: false permissions: contents: read packages: write jobs: next-publish: name: Next Publish runs-on: ubuntu-latest environment: next outputs: next-version: ${{ steps.stamp.outputs.version }} steps: - uses: actions/checkout@v6 with: ref: ${{ github.event.inputs.ref }} token: ${{ secrets.RELEASE_PAT }} fetch-depth: 0 - name: Mark workspace safe for git run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - uses: actions/setup-node@v6 with: node-version: 24 registry-url: https://registry.npmjs.org cache: 'npm' - name: Install dependencies run: npm ci - name: Install web host dependencies run: npm --prefix web ci - name: Cache Next.js build uses: actions/cache@v4 with: path: web/.next/cache key: nextjs-${{ runner.os }}-${{ hashFiles('web/package-lock.json') }}-${{ hashFiles('web/app/**', 'web/components/**', 'web/lib/**', 'web/hooks/**') }} restore-keys: | nextjs-${{ runner.os }}-${{ hashFiles('web/package-lock.json') }}- nextjs-${{ runner.os }}- - name: Build core run: npm run build:core - name: Build web host run: npm run build:web-host - name: Stamp next version and sync platform packages id: stamp env: VERSION_CHANNEL: next run: | npm run pipeline:version-stamp npm run sync-platform-versions echo "version=$(node -e 'process.stdout.write(require("./package.json").version)')" >> "$GITHUB_OUTPUT" - name: Smoke test run: | chmod +x dist/loader.js export SF_SMOKE_BINARY="$(pwd)/dist/loader.js" npm run test:smoke - name: Publish @next env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} run: | VERSION=$(node -e 'process.stdout.write(require("./package.json").version)') if npm view "singularity-forge@${VERSION}" version 2>/dev/null; then echo "Version ${VERSION} already published — moving @next tag" npm dist-tag add "singularity-forge@${VERSION}" next else npm publish --tag next fi next-verify: name: Next Verify (installed package) needs: next-publish runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 with: ref: ${{ github.event.inputs.ref }} - uses: actions/setup-node@v6 with: node-version: 24 registry-url: https://registry.npmjs.org cache: 'npm' - name: Install published singularity-forge@next globally (with registry propagation retry) env: NEXT_VERSION: ${{ needs.next-publish.outputs.next-version }} run: | for i in 1 2 3 4 5 6; do npm install -g "singularity-forge@${NEXT_VERSION}" && exit 0 echo "Attempt $i failed — waiting 10s for npm registry propagation..." sleep 10 done echo "::error::Failed to install singularity-forge@${NEXT_VERSION} after 6 attempts. The @next tag may point at a broken artifact — deprecate it with: npm deprecate singularity-forge@${NEXT_VERSION} 'broken build'" exit 1 - name: Run smoke tests (against installed binary) env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} run: | export SF_SMOKE_BINARY=$(which sf) npm run test:smoke - name: Install repo dependencies (for regression harness) run: npm ci - name: Run live regression tests (against installed binary) run: | export SF_SMOKE_BINARY=$(which sf) npm run test:live-regression - name: Warn on verify failure if: failure() env: NEXT_VERSION: ${{ needs.next-publish.outputs.next-version }} run: | echo "::error::Post-publish verification failed for singularity-forge@${NEXT_VERSION}. The @next tag still points at this version on npm." echo "::error::Recommended actions: (1) investigate the failing step above, (2) deprecate the broken version with 'npm deprecate singularity-forge@${NEXT_VERSION} \"broken build; see Actions run\"', (3) cut a fix and re-run Next Publish." exit 1