Merge pull request #40 from NullVoxPopuli/update-release-plan

Update release-plan

.github/workflows/plan-release.yml

@@ -4,9 +4,10 @@ on:
     branches:
       - main
       - master
-  pull_request:
+  pull_request_target: # This workflow has permissions on the repo, do NOT run code from PRs in this workflow. See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
     types:
       - labeled
+      - unlabeled
 
 concurrency:
   group: plan-release # only the latest one of these should ever be running
@@ -36,12 +37,13 @@ jobs:
     needs: check-plan
     permissions:
       contents: write
+      issues: read
       pull-requests: write
     outputs:
       explanation: ${{ steps.explanation.outputs.text }}
     # only run on push event if plan wasn't updated (don't create a release plan when we're releasing)
     # only run on labeled event if the PR has already been merged
-    if: (github.event_name == 'push' && needs.check-plan.outputs.command != 'release') || (github.event_name == 'pull_request' && github.event.pull_request.merged == true)
+    if: (github.event_name == 'push' && needs.check-plan.outputs.command != 'release') || (github.event_name == 'pull_request_target' && github.event.pull_request.merged == true)
 
     steps:
       - uses: actions/checkout@v4
@@ -53,28 +55,23 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           node-version: 18
-
-      - uses: pnpm/action-setup@v3
-        with:
-          version: 8
+      - uses: pnpm/action-setup@v4
       - run: pnpm install --frozen-lockfile
-
       - name: "Generate Explanation and Prep Changelogs"
         id: explanation
         run: |
           set +e
-          
-          pnpm release-plan prepare 2> >(tee -a stderr.log >&2)
-          
+          pnpm release-plan prepare 2> >(tee -a release-plan-stderr.txt >&2)
 
           if [ $? -ne 0 ]; then
             echo 'text<<EOF' >> $GITHUB_OUTPUT
-            cat stderr.log >> $GITHUB_OUTPUT
+            cat release-plan-stderr.txt >> $GITHUB_OUTPUT
             echo 'EOF' >> $GITHUB_OUTPUT
           else
             echo 'text<<EOF' >> $GITHUB_OUTPUT
             jq .description .release-plan.json -r >> $GITHUB_OUTPUT
             echo 'EOF' >> $GITHUB_OUTPUT
+            rm release-plan-stderr.txt
           fi
         env:
           GITHUB_AUTH: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/publish.yml

@@ -49,14 +49,10 @@ jobs:
           node-version: 18
           # This creates an .npmrc that reads the NODE_AUTH_TOKEN environment variable
           registry-url: 'https://registry.npmjs.org'
-
-      - uses: pnpm/action-setup@v3
-        with:
-          version: 8
+      - uses: pnpm/action-setup@v4
       - run: pnpm install --frozen-lockfile
       - name: npm publish
         run: pnpm release-plan publish
-
         env:
           GITHUB_AUTH: ${{ secrets.GITHUB_TOKEN }}
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

RELEASE.md

@@ -4,24 +4,24 @@ Releases in this repo are mostly automated using [release-plan](https://github.c
 
 ## Preparation
 
-Since the majority of the actual release process is automated, the remaining tasks before releasing are:
+Since the majority of the actual release process is automated, the remaining tasks before releasing are: 
 
-- correctly labeling **all** pull requests that have been merged since the last release
-- updating pull request titles so they make sense to our users
+-  correctly labeling **all** pull requests that have been merged since the last release
+-  updating pull request titles so they make sense to our users
 
 Some great information on why this is important can be found at [keepachangelog.com](https://keepachangelog.com/en/1.1.0/), but the overall
 guiding principle here is that changelogs are for humans, not machines.
 
 When reviewing merged PR's the labels to be used are:
 
-- breaking - Used when the PR is considered a breaking change.
-- enhancement - Used when the PR adds a new feature or enhancement.
-- bug - Used when the PR fixes a bug included in a previous release.
-- documentation - Used when the PR adds or updates documentation.
-- internal - Internal changes or things that don't fit in any other category.
+* breaking - Used when the PR is considered a breaking change.
+* enhancement - Used when the PR adds a new feature or enhancement.
+* bug - Used when the PR fixes a bug included in a previous release.
+* documentation - Used when the PR adds or updates documentation.
+* internal - Internal changes or things that don't fit in any other category.
 
 **Note:** `release-plan` requires that **all** PRs are labeled. If a PR doesn't fit in a category it's fine to label it as `internal`
 
 ## Release
 
-Once the prep work is completed, the actual release is straight forward: you just need to merge the open [Plan Release](https://github.com/mansona/decorator-transforms/pulls?q=is%3Apr+is%3Aopen+%22Prepare+Release%22+in%3Atitle) PR
+Once the prep work is completed, the actual release is straight forward: you just need to merge the open [Plan Release](https://github.com/ef4/decorator-transforms/pulls?q=is%3Apr+is%3Aopen+%22Prepare+Release%22+in%3Atitle) PR

package.json

@@ -26,6 +26,13 @@
       "require": "./dist/globals.cjs"
     }
   },
+  "typesVersions": {
+    "*": {
+      "*": [
+        "dist/*"
+      ]
+    }
+  },
   "files": [
     "dist/*"
   ],
@@ -34,10 +41,10 @@
     "dev:browser": "vite",
     "lint": "tsc && prettier --check .",
     "lint:fix": "prettier --write .",
+    "prepare": "npm run build",
     "start": "tsup --dts --watch",
     "test": "node --experimental-vm-modules node_modules/qunit/bin/qunit.js --require @swc-node/register tests/*-test.ts",
-    "typecheck": "tsc",
-    "prepare": "npm run build"
+    "typecheck": "tsc"
   },
   "dependencies": {
     "@babel/plugin-syntax-decorators": "^7.23.3",
@@ -61,12 +68,5 @@
     "typescript": "^5.4.5",
     "vite": "^5.4.10"
   },
-  "typesVersions": {
-    "*": {
-      "*": [
-        "dist/*"
-      ]
-    }
-  },
   "packageManager": "[email protected]"
 }