From 8b5132b51d94133a9e4543eaa2ebf076469a09f4 Mon Sep 17 00:00:00 2001 From: James Toussaint <33313130+james-toussaint@users.noreply.github.com> Date: Thu, 23 Oct 2025 11:57:53 +0200 Subject: [PATCH 1/9] Add workflow to release upgradeable package --- .github/workflows/release-upgradeable.yml | 71 +++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 .github/workflows/release-upgradeable.yml diff --git a/.github/workflows/release-upgradeable.yml b/.github/workflows/release-upgradeable.yml new file mode 100644 index 00000000000..34c9c37258e --- /dev/null +++ b/.github/workflows/release-upgradeable.yml @@ -0,0 +1,71 @@ +name: Release Upgradeable + +on: + workflow_dispatch: {} + +jobs: + release-upgradeable: + environment: push-upgradeable + runs-on: ubuntu-latest + env: + VANILLA_REPO: OpenZeppelin/openzeppelin-contracts + UPGRADEABLE_REPO: james-toussaint/openzeppelin-contracts-upgradeable # TODO: Update repo before merging + steps: + - uses: actions/checkout@v5 + with: + repository: ${{ env.VANILLA_REPO }} + fetch-depth: 0 + ref: ${{ github.ref }} + - name: Get vanilla commit + run: | + echo "VANILLA_COMMIT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV + - uses: actions/checkout@v5 + with: + repository: ${{ env.UPGRADEABLE_REPO }} + fetch-depth: 0 + submodules: true + token: ${{ secrets.GH_TOKEN_UPGRADEABLE }} + ref: ${{ github.ref }} + - name: Run + run: | + if ! $(git log -1 --pretty=%B | grep -q "Transpile ${VANILLA_COMMIT}"); then + echo "Expected 'Transpile ${VANILLA_COMMIT}' but found '$(git log -1 --pretty=%B)'" + fi + VERSION="$(jq -r .version package.json)" + GIT_TAG="v${VERSION}" + NPM_TAG="tmp" + ADDITIONAL_OPTION_IF_PRERELEASE="--prerelease" + if [[ "${GIT_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + NPM_TAG="dev" + ADDITIONAL_OPTION_IF_PRERELEASE="" + elif [[ "${GIT_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rc.[0-9]+$ ]]; then + NPM_TAG="next" + fi + echo "ADDITIONAL_OPTION_IF_PRERELEASE=${ADDITIONAL_OPTION_IF_PRERELEASE}" >> $GITHUB_ENV + ### [START BLOCK] TODO: Remove block before merging + TIMESTAMPED_VERSION="${VERSION}-$(date +%s)" + OLD_GIT_TAG="${GIT_TAG}" + GIT_TAG="${GIT_TAG}-$(date +%s)" # incremental git tag for testing + sed -i'' -e 's/openzeppelin\/contracts-upgradeable/james-toussaint\/contracts-upgradeable/g' contracts/package.json # custom scope for testing + sed -i'' -e "s/${VERSION}/${TIMESTAMPED_VERSION}/g" contracts/package.json && head contracts/package.json # incremental npm package version for testing + ### [END BLOCK] + npm ci + bash scripts/git-user-config.sh + git tag -m {,}${GIT_TAG} + CI=true git push origin tag ${GIT_TAG} + cd contracts + # Intentionally escape $ to avoid interpolation and writing the token to disk + echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc + npm publish --tag ${NPM_TAG} + echo "GIT_TAG=${GIT_TAG}" >> $GITHUB_ENV + env: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + - name: Create Github Release Note + env: + GITHUB_TOKEN: ${{ secrets.GH_TOKEN_UPGRADEABLE }} + run: | + gh release create "${GIT_TAG}" \ + --repo="${UPGRADEABLE_REPO}" \ + --title="${GIT_TAG}" \ + --notes="$(gh release view ${OLD_GIT_TAG} --repo="${VANILLA_REPO}" --json body -q .body)" `#TODO: Update tag before merging` \ + ${ADDITIONAL_OPTION_IF_PRERELEASE} From a252b225fe7a23f3492e6369e703cbc87f249dc0 Mon Sep 17 00:00:00 2001 From: James Toussaint <33313130+james-toussaint@users.noreply.github.com> Date: Thu, 23 Oct 2025 13:33:33 +0200 Subject: [PATCH 2/9] Add quotes --- .github/workflows/release-upgradeable.yml | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/.github/workflows/release-upgradeable.yml b/.github/workflows/release-upgradeable.yml index 34c9c37258e..c597ca818a1 100644 --- a/.github/workflows/release-upgradeable.yml +++ b/.github/workflows/release-upgradeable.yml @@ -18,7 +18,7 @@ jobs: ref: ${{ github.ref }} - name: Get vanilla commit run: | - echo "VANILLA_COMMIT=$(git rev-parse --short HEAD)" >> $GITHUB_ENV + echo "VANILLA_COMMIT=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV" - uses: actions/checkout@v5 with: repository: ${{ env.UPGRADEABLE_REPO }} @@ -28,8 +28,9 @@ jobs: ref: ${{ github.ref }} - name: Run run: | - if ! $(git log -1 --pretty=%B | grep -q "Transpile ${VANILLA_COMMIT}"); then + if ! git log -1 --pretty=%B | grep -q "Transpile ${VANILLA_COMMIT}"; then echo "Expected 'Transpile ${VANILLA_COMMIT}' but found '$(git log -1 --pretty=%B)'" + exit 1 fi VERSION="$(jq -r .version package.json)" GIT_TAG="v${VERSION}" @@ -41,23 +42,23 @@ jobs: elif [[ "${GIT_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rc.[0-9]+$ ]]; then NPM_TAG="next" fi - echo "ADDITIONAL_OPTION_IF_PRERELEASE=${ADDITIONAL_OPTION_IF_PRERELEASE}" >> $GITHUB_ENV + echo "ADDITIONAL_OPTION_IF_PRERELEASE=${ADDITIONAL_OPTION_IF_PRERELEASE}" >> "$GITHUB_ENV" ### [START BLOCK] TODO: Remove block before merging TIMESTAMPED_VERSION="${VERSION}-$(date +%s)" - OLD_GIT_TAG="${GIT_TAG}" + echo "OLD_GIT_TAG=${GIT_TAG}" >> "$GITHUB_ENV" GIT_TAG="${GIT_TAG}-$(date +%s)" # incremental git tag for testing sed -i'' -e 's/openzeppelin\/contracts-upgradeable/james-toussaint\/contracts-upgradeable/g' contracts/package.json # custom scope for testing sed -i'' -e "s/${VERSION}/${TIMESTAMPED_VERSION}/g" contracts/package.json && head contracts/package.json # incremental npm package version for testing ### [END BLOCK] npm ci bash scripts/git-user-config.sh - git tag -m {,}${GIT_TAG} - CI=true git push origin tag ${GIT_TAG} - cd contracts + git tag -m {,}"${GIT_TAG}" + CI=true git push origin tag "${GIT_TAG}" + cd "contracts/" # Intentionally escape $ to avoid interpolation and writing the token to disk echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc - npm publish --tag ${NPM_TAG} - echo "GIT_TAG=${GIT_TAG}" >> $GITHUB_ENV + npm publish --tag "${NPM_TAG}" + echo "GIT_TAG=${GIT_TAG}" >> "$GITHUB_ENV" env: NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - name: Create Github Release Note @@ -68,4 +69,4 @@ jobs: --repo="${UPGRADEABLE_REPO}" \ --title="${GIT_TAG}" \ --notes="$(gh release view ${OLD_GIT_TAG} --repo="${VANILLA_REPO}" --json body -q .body)" `#TODO: Update tag before merging` \ - ${ADDITIONAL_OPTION_IF_PRERELEASE} + "${ADDITIONAL_OPTION_IF_PRERELEASE}" From 870e71482d602937b1d5ffe334f1ab9130652b1d Mon Sep 17 00:00:00 2001 From: James Toussaint <33313130+james-toussaint@users.noreply.github.com> Date: Thu, 23 Oct 2025 14:52:01 +0200 Subject: [PATCH 3/9] Fix notes spellcheck --- .github/workflows/release-upgradeable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-upgradeable.yml b/.github/workflows/release-upgradeable.yml index c597ca818a1..9377a311a4e 100644 --- a/.github/workflows/release-upgradeable.yml +++ b/.github/workflows/release-upgradeable.yml @@ -68,5 +68,5 @@ jobs: gh release create "${GIT_TAG}" \ --repo="${UPGRADEABLE_REPO}" \ --title="${GIT_TAG}" \ - --notes="$(gh release view ${OLD_GIT_TAG} --repo="${VANILLA_REPO}" --json body -q .body)" `#TODO: Update tag before merging` \ + --notes="$(gh release view "${OLD_GIT_TAG}" --repo="${VANILLA_REPO}" --json body -q .body)" `# TODO: Update tag before merging` \ "${ADDITIONAL_OPTION_IF_PRERELEASE}" From 649a6359ac2b587ef1a37e6917140045b06c3739 Mon Sep 17 00:00:00 2001 From: James Toussaint <33313130+james-toussaint@users.noreply.github.com> Date: Thu, 30 Oct 2025 09:59:34 +0100 Subject: [PATCH 4/9] Fetch version from contracts package.json MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Ernesto García --- .github/workflows/release-upgradeable.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-upgradeable.yml b/.github/workflows/release-upgradeable.yml index 9377a311a4e..4ba5248fba5 100644 --- a/.github/workflows/release-upgradeable.yml +++ b/.github/workflows/release-upgradeable.yml @@ -32,7 +32,7 @@ jobs: echo "Expected 'Transpile ${VANILLA_COMMIT}' but found '$(git log -1 --pretty=%B)'" exit 1 fi - VERSION="$(jq -r .version package.json)" + VERSION="$(jq -r .version contracts/package.json)" GIT_TAG="v${VERSION}" NPM_TAG="tmp" ADDITIONAL_OPTION_IF_PRERELEASE="--prerelease" From 0c2dab8eb420587ebe6ee9e0cf795e136063743b Mon Sep 17 00:00:00 2001 From: James Toussaint <33313130+james-toussaint@users.noreply.github.com> Date: Thu, 30 Oct 2025 10:48:51 +0100 Subject: [PATCH 5/9] Remote fetch-depth MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Ernesto García --- .github/workflows/release-upgradeable.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/release-upgradeable.yml b/.github/workflows/release-upgradeable.yml index 4ba5248fba5..76b46091ac4 100644 --- a/.github/workflows/release-upgradeable.yml +++ b/.github/workflows/release-upgradeable.yml @@ -14,7 +14,6 @@ jobs: - uses: actions/checkout@v5 with: repository: ${{ env.VANILLA_REPO }} - fetch-depth: 0 ref: ${{ github.ref }} - name: Get vanilla commit run: | @@ -22,7 +21,6 @@ jobs: - uses: actions/checkout@v5 with: repository: ${{ env.UPGRADEABLE_REPO }} - fetch-depth: 0 submodules: true token: ${{ secrets.GH_TOKEN_UPGRADEABLE }} ref: ${{ github.ref }} From 40a76efa67c61681100089190dba1159eb54eb41 Mon Sep 17 00:00:00 2001 From: James Toussaint <33313130+james-toussaint@users.noreply.github.com> Date: Thu, 30 Oct 2025 18:23:32 +0100 Subject: [PATCH 6/9] Split scripts and use trusted publisher --- .github/workflows/release-upgradeable.yml | 62 ++++++------------- .../workflow/github-release-upgradeable.sh | 7 +++ .../release/workflow/publish-upgradeable.sh | 33 ++++++++++ 3 files changed, 59 insertions(+), 43 deletions(-) create mode 100644 scripts/release/workflow/github-release-upgradeable.sh create mode 100644 scripts/release/workflow/publish-upgradeable.sh diff --git a/.github/workflows/release-upgradeable.yml b/.github/workflows/release-upgradeable.yml index 76b46091ac4..6449c8fd1d3 100644 --- a/.github/workflows/release-upgradeable.yml +++ b/.github/workflows/release-upgradeable.yml @@ -6,65 +6,41 @@ on: jobs: release-upgradeable: environment: push-upgradeable + permissions: + id-token: write # Required for OIDC + contents: read runs-on: ubuntu-latest env: VANILLA_REPO: OpenZeppelin/openzeppelin-contracts UPGRADEABLE_REPO: james-toussaint/openzeppelin-contracts-upgradeable # TODO: Update repo before merging steps: + - run: echo "UPGRADEABLE_DIR=${GITHUB_WORKSPACE}/upgradeable" >> "$GITHUB_ENV" - uses: actions/checkout@v5 with: repository: ${{ env.VANILLA_REPO }} ref: ${{ github.ref }} - - name: Get vanilla commit - run: | - echo "VANILLA_COMMIT=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV" + - id: vanilla + name: Get vanilla commit + run: echo "commit=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" + - uses: actions/checkout@v5 # TODO: Remove this before merging (used to get node 24.x from setup action) + - name: Set up environment + uses: ./.github/actions/setup - uses: actions/checkout@v5 with: repository: ${{ env.UPGRADEABLE_REPO }} submodules: true token: ${{ secrets.GH_TOKEN_UPGRADEABLE }} ref: ${{ github.ref }} - - name: Run - run: | - if ! git log -1 --pretty=%B | grep -q "Transpile ${VANILLA_COMMIT}"; then - echo "Expected 'Transpile ${VANILLA_COMMIT}' but found '$(git log -1 --pretty=%B)'" - exit 1 - fi - VERSION="$(jq -r .version contracts/package.json)" - GIT_TAG="v${VERSION}" - NPM_TAG="tmp" - ADDITIONAL_OPTION_IF_PRERELEASE="--prerelease" - if [[ "${GIT_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - NPM_TAG="dev" - ADDITIONAL_OPTION_IF_PRERELEASE="" - elif [[ "${GIT_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rc.[0-9]+$ ]]; then - NPM_TAG="next" - fi - echo "ADDITIONAL_OPTION_IF_PRERELEASE=${ADDITIONAL_OPTION_IF_PRERELEASE}" >> "$GITHUB_ENV" - ### [START BLOCK] TODO: Remove block before merging - TIMESTAMPED_VERSION="${VERSION}-$(date +%s)" - echo "OLD_GIT_TAG=${GIT_TAG}" >> "$GITHUB_ENV" - GIT_TAG="${GIT_TAG}-$(date +%s)" # incremental git tag for testing - sed -i'' -e 's/openzeppelin\/contracts-upgradeable/james-toussaint\/contracts-upgradeable/g' contracts/package.json # custom scope for testing - sed -i'' -e "s/${VERSION}/${TIMESTAMPED_VERSION}/g" contracts/package.json && head contracts/package.json # incremental npm package version for testing - ### [END BLOCK] - npm ci - bash scripts/git-user-config.sh - git tag -m {,}"${GIT_TAG}" - CI=true git push origin tag "${GIT_TAG}" - cd "contracts/" - # Intentionally escape $ to avoid interpolation and writing the token to disk - echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc - npm publish --tag "${NPM_TAG}" - echo "GIT_TAG=${GIT_TAG}" >> "$GITHUB_ENV" + path: upgradeable + - run: cd "${UPGRADEABLE_DIR}" && bash ${{ github.workspace }}/scripts/git-user-config.sh + - id: publish + name: Publish + run: bash scripts/release/workflow/publish-upgradeable.sh env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + VANILLA_COMMIT: ${{ steps.vanilla.outputs.commit }} - name: Create Github Release Note + run: bash scripts/release/workflow/github-release-upgradeable.sh env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN_UPGRADEABLE }} - run: | - gh release create "${GIT_TAG}" \ - --repo="${UPGRADEABLE_REPO}" \ - --title="${GIT_TAG}" \ - --notes="$(gh release view "${OLD_GIT_TAG}" --repo="${VANILLA_REPO}" --json body -q .body)" `# TODO: Update tag before merging` \ - "${ADDITIONAL_OPTION_IF_PRERELEASE}" + GIT_TAG: ${{ steps.publish.outputs.git_tag }} + ADDITIONAL_OPTION_IF_PRERELEASE: ${{ steps.publish.outputs.additional_option_if_prerelease }} diff --git a/scripts/release/workflow/github-release-upgradeable.sh b/scripts/release/workflow/github-release-upgradeable.sh new file mode 100644 index 00000000000..1f6af11bb52 --- /dev/null +++ b/scripts/release/workflow/github-release-upgradeable.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +gh release create "${GIT_TAG}" \ + --repo="${UPGRADEABLE_REPO}" \ + --title="${GIT_TAG}" \ + --notes="$(gh release view "${OLD_GIT_TAG}" --repo="${VANILLA_REPO}" --json body -q .body)" `# TODO: Update tag before merging` \ + "${ADDITIONAL_OPTION_IF_PRERELEASE}" diff --git a/scripts/release/workflow/publish-upgradeable.sh b/scripts/release/workflow/publish-upgradeable.sh new file mode 100644 index 00000000000..1022703f4db --- /dev/null +++ b/scripts/release/workflow/publish-upgradeable.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash + +cd $UPGRADEABLE_DIR + +if ! git log -1 --pretty=%B | grep -q "Transpile ${VANILLA_COMMIT}"; then + echo "Expected 'Transpile ${VANILLA_COMMIT}' but found '$(git log -1 --pretty=%B)'" + exit 1 +fi +VERSION="$(jq -r .version contracts/package.json)" +GIT_TAG="v${VERSION}" +NPM_TAG="tmp" +ADDITIONAL_OPTION_IF_PRERELEASE="--prerelease" +if [[ "${GIT_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + NPM_TAG="dev" + ADDITIONAL_OPTION_IF_PRERELEASE="" +elif [[ "${GIT_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rc.[0-9]+$ ]]; then + NPM_TAG="next" +fi +echo "additional_option_if_prerelease=${ADDITIONAL_OPTION_IF_PRERELEASE}" >> "$GITHUB_OUTPUT" +### [START BLOCK] TODO: Remove block before merging +TIMESTAMPED_VERSION="${VERSION}-$(date +%s)" +echo "OLD_GIT_TAG=${GIT_TAG}" >> "$GITHUB_ENV" +GIT_TAG="${GIT_TAG}-$(date +%s)" # incremental git tag for testing +sed -i'' -e 's/openzeppelin\/contracts-upgradeable/james-toussaint\/contracts-upgradeable/g' contracts/package.json # custom scope for testing +sed -i'' -e "s/${VERSION}/${TIMESTAMPED_VERSION}/g" contracts/package.json && head contracts/package.json # incremental npm package version for testing +### [END BLOCK] +sed -i'' -e 's/OpenZeppelin\/openzeppelin-contracts-upgradeable/james-toussaint\/openzeppelin-contracts/g' contracts/package.json # repository.url for provenance (TODO: Update and try keep upgradeable url) +git tag -m {,}"${GIT_TAG}" +CI=true git push origin tag "${GIT_TAG}" +npm ci +cd "contracts/" +npm publish --tag "${NPM_TAG}" +echo "git_tag=${GIT_TAG}" >> "$GITHUB_OUTPUT" From aa1b25a7238a62a1f6a2decd3e4be32362c27c54 Mon Sep 17 00:00:00 2001 From: James Toussaint <33313130+james-toussaint@users.noreply.github.com> Date: Fri, 31 Oct 2025 14:14:05 +0100 Subject: [PATCH 7/9] Check upgradeable separately --- .github/workflows/release-upgradeable.yml | 17 +++++++---- scripts/release/workflow/check-upgradeable.sh | 30 +++++++++++++++++++ .../workflow/github-release-upgradeable.sh | 7 +++++ .../release/workflow/publish-upgradeable.sh | 28 ++--------------- 4 files changed, 50 insertions(+), 32 deletions(-) create mode 100644 scripts/release/workflow/check-upgradeable.sh diff --git a/.github/workflows/release-upgradeable.yml b/.github/workflows/release-upgradeable.yml index 6449c8fd1d3..532ea04b11a 100644 --- a/.github/workflows/release-upgradeable.yml +++ b/.github/workflows/release-upgradeable.yml @@ -13,8 +13,8 @@ jobs: env: VANILLA_REPO: OpenZeppelin/openzeppelin-contracts UPGRADEABLE_REPO: james-toussaint/openzeppelin-contracts-upgradeable # TODO: Update repo before merging + GO_TO_UPGRADEABLE_DIR: cd ${GITHUB_WORKSPACE}/upgradeable steps: - - run: echo "UPGRADEABLE_DIR=${GITHUB_WORKSPACE}/upgradeable" >> "$GITHUB_ENV" - uses: actions/checkout@v5 with: repository: ${{ env.VANILLA_REPO }} @@ -22,7 +22,7 @@ jobs: - id: vanilla name: Get vanilla commit run: echo "commit=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" - - uses: actions/checkout@v5 # TODO: Remove this before merging (used to get node 24.x from setup action) + - uses: actions/checkout@v5 # TODO: Remove this before merging (used to get scripts added in this PR) - name: Set up environment uses: ./.github/actions/setup - uses: actions/checkout@v5 @@ -32,15 +32,20 @@ jobs: token: ${{ secrets.GH_TOKEN_UPGRADEABLE }} ref: ${{ github.ref }} path: upgradeable - - run: cd "${UPGRADEABLE_DIR}" && bash ${{ github.workspace }}/scripts/git-user-config.sh + - id: check-upgradeable + name: Check upgradeable + run: bash scripts/release/workflow/check-upgradeable.sh + env: + VANILLA_COMMIT: ${{ steps.vanilla.outputs.commit }} - id: publish name: Publish run: bash scripts/release/workflow/publish-upgradeable.sh env: - VANILLA_COMMIT: ${{ steps.vanilla.outputs.commit }} + NPM_TAG: ${{ steps.check-upgradeable.outputs.npm_tag }} - name: Create Github Release Note run: bash scripts/release/workflow/github-release-upgradeable.sh env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN_UPGRADEABLE }} - GIT_TAG: ${{ steps.publish.outputs.git_tag }} - ADDITIONAL_OPTION_IF_PRERELEASE: ${{ steps.publish.outputs.additional_option_if_prerelease }} + GIT_TAG: ${{ steps.check-upgradeable.outputs.git_tag }} + RELEASE_COMMIT: ${{ steps.check-upgradeable.outputs.release_commit }} + PRERELEASE: ${{ steps.check-upgradeable.outputs.prerelease }} diff --git a/scripts/release/workflow/check-upgradeable.sh b/scripts/release/workflow/check-upgradeable.sh new file mode 100644 index 00000000000..b1bf5587ac7 --- /dev/null +++ b/scripts/release/workflow/check-upgradeable.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +set -euo pipefail + +eval $GO_TO_UPGRADEABLE_DIR +echo "release_commit=$(git log -1 --pretty=%H)" >> "$GITHUB_OUTPUT" +if ! git log -1 --pretty=%B | grep -q "Transpile ${VANILLA_COMMIT}"; then + echo "Expected 'Transpile ${VANILLA_COMMIT}' but found '$(git log -1 --pretty=%B)'" + exit 1 +fi +VERSION="$(jq -r .version contracts/package.json)" +GIT_TAG="v${VERSION}" +NPM_TAG="tmp" +PRERELEASE="true" +if [[ "${GIT_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + NPM_TAG="dev" + PRERELEASE="false" +elif [[ "${GIT_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rc.[0-9]+$ ]]; then + NPM_TAG="next" +fi +echo "prerelease=${PRERELEASE}" >> "$GITHUB_OUTPUT" +echo "npm_tag=${NPM_TAG}" >> "$GITHUB_OUTPUT" +### [START BLOCK] TODO: Remove block before merging +TIMESTAMPED_VERSION="${VERSION}-$(date +%s)" +echo "OLD_GIT_TAG=${GIT_TAG}" >> "$GITHUB_ENV" +GIT_TAG="${GIT_TAG}-$(date +%s)" # incremental git tag for testing +sed -i'' -e 's/openzeppelin\/contracts-upgradeable/james-toussaint\/contracts-upgradeable/g' contracts/package.json # custom scope for testing +sed -i'' -e "s/${VERSION}/${TIMESTAMPED_VERSION}/g" contracts/package.json && head contracts/package.json # incremental npm package version for testing +### [END BLOCK] +echo "git_tag=${GIT_TAG}" >> "$GITHUB_OUTPUT" diff --git a/scripts/release/workflow/github-release-upgradeable.sh b/scripts/release/workflow/github-release-upgradeable.sh index 1f6af11bb52..7a296a661c8 100644 --- a/scripts/release/workflow/github-release-upgradeable.sh +++ b/scripts/release/workflow/github-release-upgradeable.sh @@ -1,7 +1,14 @@ #!/usr/bin/env bash +set -euo pipefail + +ADDITIONAL_OPTION_IF_PRERELEASE="" +if [ "$PRERELEASE" = "true" ]; then + ADDITIONAL_OPTION_IF_PRERELEASE="--prerelease" +fi gh release create "${GIT_TAG}" \ --repo="${UPGRADEABLE_REPO}" \ --title="${GIT_TAG}" \ + --target="${RELEASE_COMMIT}" \ --notes="$(gh release view "${OLD_GIT_TAG}" --repo="${VANILLA_REPO}" --json body -q .body)" `# TODO: Update tag before merging` \ "${ADDITIONAL_OPTION_IF_PRERELEASE}" diff --git a/scripts/release/workflow/publish-upgradeable.sh b/scripts/release/workflow/publish-upgradeable.sh index 1022703f4db..4dc45a28816 100644 --- a/scripts/release/workflow/publish-upgradeable.sh +++ b/scripts/release/workflow/publish-upgradeable.sh @@ -1,33 +1,9 @@ #!/usr/bin/env bash -cd $UPGRADEABLE_DIR +set -euo pipefail -if ! git log -1 --pretty=%B | grep -q "Transpile ${VANILLA_COMMIT}"; then - echo "Expected 'Transpile ${VANILLA_COMMIT}' but found '$(git log -1 --pretty=%B)'" - exit 1 -fi -VERSION="$(jq -r .version contracts/package.json)" -GIT_TAG="v${VERSION}" -NPM_TAG="tmp" -ADDITIONAL_OPTION_IF_PRERELEASE="--prerelease" -if [[ "${GIT_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - NPM_TAG="dev" - ADDITIONAL_OPTION_IF_PRERELEASE="" -elif [[ "${GIT_TAG}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rc.[0-9]+$ ]]; then - NPM_TAG="next" -fi -echo "additional_option_if_prerelease=${ADDITIONAL_OPTION_IF_PRERELEASE}" >> "$GITHUB_OUTPUT" -### [START BLOCK] TODO: Remove block before merging -TIMESTAMPED_VERSION="${VERSION}-$(date +%s)" -echo "OLD_GIT_TAG=${GIT_TAG}" >> "$GITHUB_ENV" -GIT_TAG="${GIT_TAG}-$(date +%s)" # incremental git tag for testing -sed -i'' -e 's/openzeppelin\/contracts-upgradeable/james-toussaint\/contracts-upgradeable/g' contracts/package.json # custom scope for testing -sed -i'' -e "s/${VERSION}/${TIMESTAMPED_VERSION}/g" contracts/package.json && head contracts/package.json # incremental npm package version for testing -### [END BLOCK] +eval $GO_TO_UPGRADEABLE_DIR sed -i'' -e 's/OpenZeppelin\/openzeppelin-contracts-upgradeable/james-toussaint\/openzeppelin-contracts/g' contracts/package.json # repository.url for provenance (TODO: Update and try keep upgradeable url) -git tag -m {,}"${GIT_TAG}" -CI=true git push origin tag "${GIT_TAG}" npm ci cd "contracts/" npm publish --tag "${NPM_TAG}" -echo "git_tag=${GIT_TAG}" >> "$GITHUB_OUTPUT" From b096f3bc81addff6b666fab65ce2d0cff59a8e0e Mon Sep 17 00:00:00 2001 From: James Toussaint <33313130+james-toussaint@users.noreply.github.com> Date: Fri, 31 Oct 2025 15:08:18 +0100 Subject: [PATCH 8/9] Use vanilla dir --- .github/workflows/release-upgradeable.yml | 27 ++++++++++--------- scripts/release/workflow/check-upgradeable.sh | 1 - .../release/workflow/publish-upgradeable.sh | 2 -- 3 files changed, 14 insertions(+), 16 deletions(-) diff --git a/.github/workflows/release-upgradeable.yml b/.github/workflows/release-upgradeable.yml index 532ea04b11a..f718efe5cbb 100644 --- a/.github/workflows/release-upgradeable.yml +++ b/.github/workflows/release-upgradeable.yml @@ -13,37 +13,38 @@ jobs: env: VANILLA_REPO: OpenZeppelin/openzeppelin-contracts UPGRADEABLE_REPO: james-toussaint/openzeppelin-contracts-upgradeable # TODO: Update repo before merging - GO_TO_UPGRADEABLE_DIR: cd ${GITHUB_WORKSPACE}/upgradeable steps: + - uses: actions/checkout@v5 + with: + repository: ${{ env.UPGRADEABLE_REPO }} + submodules: true + token: ${{ secrets.GH_TOKEN_UPGRADEABLE }} + ref: ${{ github.ref }} - uses: actions/checkout@v5 with: repository: ${{ env.VANILLA_REPO }} ref: ${{ github.ref }} + path: vanilla - id: vanilla name: Get vanilla commit - run: echo "commit=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" + run: cd vanilla && echo "commit=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" - uses: actions/checkout@v5 # TODO: Remove this before merging (used to get scripts added in this PR) - - name: Set up environment - uses: ./.github/actions/setup - - uses: actions/checkout@v5 with: - repository: ${{ env.UPGRADEABLE_REPO }} - submodules: true - token: ${{ secrets.GH_TOKEN_UPGRADEABLE }} - ref: ${{ github.ref }} - path: upgradeable + path: vanilla + - name: Set up environment + uses: ./vanilla/.github/actions/setup - id: check-upgradeable name: Check upgradeable - run: bash scripts/release/workflow/check-upgradeable.sh + run: bash vanilla/scripts/release/workflow/check-upgradeable.sh env: VANILLA_COMMIT: ${{ steps.vanilla.outputs.commit }} - id: publish name: Publish - run: bash scripts/release/workflow/publish-upgradeable.sh + run: bash vanilla/scripts/release/workflow/publish-upgradeable.sh env: NPM_TAG: ${{ steps.check-upgradeable.outputs.npm_tag }} - name: Create Github Release Note - run: bash scripts/release/workflow/github-release-upgradeable.sh + run: bash vanilla/scripts/release/workflow/github-release-upgradeable.sh env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN_UPGRADEABLE }} GIT_TAG: ${{ steps.check-upgradeable.outputs.git_tag }} diff --git a/scripts/release/workflow/check-upgradeable.sh b/scripts/release/workflow/check-upgradeable.sh index b1bf5587ac7..7abd7320151 100644 --- a/scripts/release/workflow/check-upgradeable.sh +++ b/scripts/release/workflow/check-upgradeable.sh @@ -2,7 +2,6 @@ set -euo pipefail -eval $GO_TO_UPGRADEABLE_DIR echo "release_commit=$(git log -1 --pretty=%H)" >> "$GITHUB_OUTPUT" if ! git log -1 --pretty=%B | grep -q "Transpile ${VANILLA_COMMIT}"; then echo "Expected 'Transpile ${VANILLA_COMMIT}' but found '$(git log -1 --pretty=%B)'" diff --git a/scripts/release/workflow/publish-upgradeable.sh b/scripts/release/workflow/publish-upgradeable.sh index 4dc45a28816..8d7c05f5c7a 100644 --- a/scripts/release/workflow/publish-upgradeable.sh +++ b/scripts/release/workflow/publish-upgradeable.sh @@ -2,8 +2,6 @@ set -euo pipefail -eval $GO_TO_UPGRADEABLE_DIR sed -i'' -e 's/OpenZeppelin\/openzeppelin-contracts-upgradeable/james-toussaint\/openzeppelin-contracts/g' contracts/package.json # repository.url for provenance (TODO: Update and try keep upgradeable url) -npm ci cd "contracts/" npm publish --tag "${NPM_TAG}" From 9581bae2d92bb77f5de284aedaf3e7a08831807f Mon Sep 17 00:00:00 2001 From: James Toussaint <33313130+james-toussaint@users.noreply.github.com> Date: Fri, 31 Oct 2025 17:44:11 +0100 Subject: [PATCH 9/9] Handle prerelease/release label --- scripts/release/workflow/github-release-upgradeable.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) mode change 100644 => 100755 scripts/release/workflow/github-release-upgradeable.sh diff --git a/scripts/release/workflow/github-release-upgradeable.sh b/scripts/release/workflow/github-release-upgradeable.sh old mode 100644 new mode 100755 index 7a296a661c8..591d232c709 --- a/scripts/release/workflow/github-release-upgradeable.sh +++ b/scripts/release/workflow/github-release-upgradeable.sh @@ -2,13 +2,9 @@ set -euo pipefail -ADDITIONAL_OPTION_IF_PRERELEASE="" -if [ "$PRERELEASE" = "true" ]; then - ADDITIONAL_OPTION_IF_PRERELEASE="--prerelease" -fi gh release create "${GIT_TAG}" \ --repo="${UPGRADEABLE_REPO}" \ --title="${GIT_TAG}" \ --target="${RELEASE_COMMIT}" \ --notes="$(gh release view "${OLD_GIT_TAG}" --repo="${VANILLA_REPO}" --json body -q .body)" `# TODO: Update tag before merging` \ - "${ADDITIONAL_OPTION_IF_PRERELEASE}" + --prerelease="${PRERELEASE}"