ci: 🎡 use semantic-release (node) [release:patch]

.github/workflows/release.yml

@@ -0,0 +1,58 @@
+name: Release
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+jobs:
+  build:
+    uses: ./.github/workflows/wheels.yml
+
+  release:
+    name: Publish package
+    runs-on: ubuntu-22.04
+    concurrency: release
+    if: github.repository == 'darvid/python-hyperscan'
+    permissions:
+      id-token: write
+      pull-requests: write
+      contents: write
+    env:
+      RELEASE_PR_BRANCH: create-pull-request/patch
+    steps:
+      - name: Checkout python-hyperscan
+        uses: actions/checkout@v4
+        with:
+          ref: main
+          fetch-depth: 0
+
+      - uses: chainguard-dev/actions/setup-gitsign@main
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+
+      - name: Download artifacts
+        uses: actions/download-artifact@v4
+        if: github.event_name == 'workflow_dispatch'
+
+      - name: Prepare dist
+        if: github.event_name == 'workflow_dispatch'
+        run: |
+          mkdir dist
+          mv --backup=numbered ./wheel-*/*.whl -t dist/
+          mv --backup=numbered ./sdist/*.tar.gz -t dist/
+          ls -ahl dist/
+          rm -rf dist/*~
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.12
+
+      - name: Release
+        env:
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
+          PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
+        run: npx semantic-release

.github/workflows/wheels.yml

@@ -2,7 +2,9 @@ name: Build
 on:
   push:
     branches:
-      - main
+      - "**"
+      - "!main"
+  workflow_call:
   workflow_dispatch:
 
 concurrency:
@@ -13,15 +15,24 @@ jobs:
   build_environment:
     name: ${{ matrix.os }} build environment
     runs-on: ${{ matrix.os }}
+    if: github.repository == 'darvid/python-hyperscan'
     env:
       PCRE_VERSION: "8.45"
 
-    outputs:
-      build-deps-cache-key: ${{ steps.build-deps-cache-key.outputs.value }}
     strategy:
       fail-fast: true
       matrix:
-        os: [ubuntu-22.04, macos-12-xl, flyci-macos-large-latest-m1]
+        include:
+          - os: ubuntu-22.04
+            platform_id: manylinux_x86_64
+          - os: ubuntu-22.04
+            platform_id: musllinux_x86_64
+          - os: ubicloud-standard-2-arm
+            platform_id: manylinux_aarch64
+          - os: macos-12-xl
+            platform_id: macosx_x86_64
+          - os: flyci-macos-large-latest-m1
+            platform_id: macosx_arm64
 
     steps:
       - name: Checkout python-hyperscan
@@ -40,7 +51,7 @@ jobs:
         if: contains(matrix.os, 'macos')
         uses: actions/cache/restore@v4
         with:
-          key: build-deps-${{ runner.os }}-${{ matrix.os }}
+          key: build-deps-${{ matrix.os }}-${{ matrix.platform_id }}
           path: |
             /opt/vectorscan
             /opt/pcre
@@ -59,11 +70,6 @@ jobs:
             /opt/vectorscan
             /opt/pcre
 
-      - name: Capture build dependencies cache key
-        id: build-deps-cache-key
-        run: |
-          echo "value=${{ contains(matrix.os, 'macos') && steps.build-deps-macos.outputs.cache-primary-key || '' }}" >> $GITHUB_OUTPUT
-
   build_wheels:
     name: ${{ matrix.python_id }}-${{ matrix.platform_id }} wheel
     runs-on: ${{ matrix.os }}
@@ -253,7 +259,7 @@ jobs:
         if: contains(matrix.os, 'macos')
         uses: actions/cache/restore@v4
         with:
-          key: ${{ needs.build_environment.outputs.build-deps-cache-key }}
+          key: build-deps-${{ matrix.os }}-${{ matrix.platform_id }}
           path: |
             /opt/vectorscan
             /opt/pcre
@@ -345,83 +351,3 @@ jobs:
           name: sdist
           path: |
             dist/*.tar.gz
-
-  release:
-    name: Publish package
-    runs-on: ubuntu-22.04
-    concurrency: release
-    if: github.repository == 'darvid/python-hyperscan'
-    needs: [build_wheels, build_sdist]
-    permissions:
-      id-token: write
-      pull-requests: write
-      contents: write
-    env:
-      RELEASE_PR_BRANCH: create-pull-request/patch
-    steps:
-      - name: Checkout python-hyperscan
-        uses: actions/checkout@v4
-        with:
-          ref: main
-          fetch-depth: 0
-
-      - uses: chainguard-dev/actions/setup-gitsign@main
-
-      - name: Check if release needed
-        id: release
-        uses: python-semantic-release/[email protected]
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          root_options: "-vv --noop"
-          # python-semantic-release displays what it would have
-          # committed if commit is true and noop is set
-          commit: "true"
-
-      - name: Download artifacts
-        uses: actions/download-artifact@v4
-        if: github.event_name == 'workflow_dispatch' || steps.release.outputs.released == 'true'
-
-      - name: Prepare dist
-        if: github.event_name == 'workflow_dispatch' || steps.release.outputs.released == 'true'
-        run: |
-          mkdir dist
-          mv --backup=numbered ./wheel-*/*.whl -t dist/
-          mv --backup=numbered ./sdist/*.tar.gz -t dist/
-          ls -ahl dist/
-          rm -rf dist/*~
-
-      - name: Create release branch
-        if: steps.release.outputs.released == 'true'
-        run: |
-          # use the same default branch name that create-pull-request uses
-          git checkout -b ${RELEASE_PR_BRANCH}
-          git branch --set-upstream-to=${RELEASE_PR_BRANCH}
-
-      - name: Semantic release
-        uses: python-semantic-release/[email protected]
-        if: steps.release.outputs.released == 'true'
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          root_options: "-vv"
-
-      - name: Create PR
-        uses: peter-evans/[email protected]
-        if: steps.release.outputs.released == 'true'
-        with:
-          base: main
-          assignees: ${{ github.repository_owner }}
-          title: "Release ${{ steps.release.outputs.version }}"
-
-      - name: Publish package distributions to GitHub Releases
-        if: github.event_name == 'workflow_dispatch' || steps.release.outputs.released == 'true'
-        uses: python-semantic-release/upload-to-gh-release@main
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          tag: ${{ steps.release.outputs.tag }}
-
-      - name: Publish package distributions to PyPI
-        if: github.event_name == 'workflow_dispatch' || steps.release.outputs.released == 'true'
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          skip-existing: true
-          verbose: true

.gitignore

@@ -1,3 +1,6 @@
+pnpm-lock.yaml
+node_modules/
+
 .envrc
 
 *.whl

.releaserc

@@ -0,0 +1,38 @@
+{
+  "branches": [
+    "main",
+    "next"
+  ],
+  "plugins": [
+    [
+      "@semantic-release/commit-analyzer",
+      {
+        "preset": "conventionalcommits",
+        "releaseRules": [
+          {
+            "message": "*[release:minor]*",
+            "release": "minor"
+          },
+          {
+            "message": "*[release:patch]*",
+            "release": "patch"
+          }
+        ]
+      }
+    ],
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    "@semantic-release/github",
+    "semantic-release-pypi",
+    [
+      "@semantic-release/git",
+      {
+        "assets": [
+          "pyproject.toml",
+          "src/hyperscan/_version.py"
+        ],
+        "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+      }
+    ]
+  ]
+}

package.json

@@ -0,0 +1,9 @@
+{
+  "devDependencies": {
+    "@semantic-release/git": "^10.0.1",
+    "@semantic-release/github": "^9.2.6",
+    "conventional-changelog-conventionalcommits": "^7.0.2",
+    "semantic-release": "^22.0.5",
+    "semantic-release-pypi": "^3.0.0-beta.2"
+  }
+}