- auto-release.yml now only handles: debounce, CI wait, version bump, tag push
- release.yml handles all publishing in parallel: crates.io, npm, binaries
This makes auto-release faster (~4 min instead of ~8 min) and allows
publishing to run in parallel with binary builds.
Flow:
auto-release.yml: PR merge → debounce → bump → push tag
↓
release.yml: tag push → parallel jobs:
├── build binaries (matrix)
├── publish crates.io
└── publish npm (OIDC)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
The RELEASE_TOKEN doesn't have workflow scope to trigger workflow_dispatch
events. Instead, run the release steps directly in the auto-release workflow.
This also simplifies the release process by removing the need for two
separate workflows.
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- Fix label detection to only check PRs merged since last release tag
(was checking ALL merged PRs regardless of date)
- Change --field to -f for gh workflow run command
- Add better logging for debugging
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
The status API doesn't reflect GitHub Actions check runs properly.
Switch to the check-runs API which accurately reports CI status.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds a workflow that automatically triggers releases when PRs with
release labels are merged. Features:
- Debounces by waiting 2 minutes for more PRs to merge
- Aggregates all PRs since last release to determine bump type
(major > minor > patch)
- Waits for CI to pass on master before releasing
- Checks for running release workflows to avoid conflicts
- Triggers the existing create-release workflow
This allows multiple PRs to be merged in quick succession and have
them all included in a single release with the appropriate version bump.
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix: Remove dead json check from scale command
The scale command doesn't have a --json flag, so the check
for key == "json" in DynamicArgs::from_arg_matches was dead code.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: Update npm to v11.5+ for OIDC trusted publishing
npm OIDC trusted publishing requires npm 11.5+, but Node 22
ships with npm 10.x by default. This adds a step to update
npm before publishing.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
setup-node with registry-url creates an .npmrc expecting NODE_AUTH_TOKEN,
which conflicts with OIDC trusted publisher flow. Removing it lets npm
handle OIDC authentication directly.
* fix docker ci workflow
Revert 'only run publish workflow on changes to the master branch';
Add manual job trigger
* get docker tag from user inputs in manual ci runs
* add security audit for cargo
* test
* revert test
* update workflow name
* change repo name to railwayapp
---------
Co-authored-by: Jake Runzer <jakerunzer@gmail.com>
