ci: automate the v-next release process using changesets

.changeset/config.json

@@ -7,10 +7,40 @@
   "baseBranch": "v-next",
   "updateInternalDependencies": "patch",
   "ignore": [
+    "@nomicfoundation/config",
     "@nomicfoundation/example-project",
     "@nomicfoundation/template-package",
     "template-*"
   ],
+  "fixed": [
+    [
+      "hardhat",
+      "@nomicfoundation/hardhat-errors",
+      "@nomicfoundation/hardhat-ethers-chai-matchers",
+      "@nomicfoundation/hardhat-ignition",
+      "@nomicfoundation/ignition-core",
+      "@nomicfoundation/hardhat-ignition-ethers",
+      "@nomicfoundation/ignition-ui",
+      "@nomicfoundation/hardhat-ignition-viem",
+      "@nomicfoundation/hardhat-keystore",
+      "@nomicfoundation/hardhat-mocha",
+      "@nomicfoundation/hardhat-network-helpers",
+      "@nomicfoundation/hardhat-node-test-reporter",
+      "@nomicfoundation/hardhat-node-test-runner",
+      "@nomicfoundation/hardhat-test-utils",
+      "@nomicfoundation/hardhat-typechain",
+      "@nomicfoundation/hardhat-utils",
+      "@nomicfoundation/hardhat-toolbox-mocha-ethers",
+      "@nomicfoundation/hardhat-viem",
+      "@nomicfoundation/hardhat-zod-utils"
+    ],
+    [
+      "@nomicfoundation/hardhat-toolbox-viem"
+    ],
+    [
+      "@nomicfoundation/hardhat-ethers"
+    ]
+  ],
   "___experimentalUnsafeOptions_WILL_CHANGE_IN_PATCH": {
     "onlyUpdatePeerDependentsWhenOutOfRange": true
   }

.github/actions/setup-env/action.yml

@@ -25,12 +25,13 @@ runs:
     - uses: pnpm/action-setup@v4
       with:
         version: ${{ inputs.pnpm-version }}
-    - uses: actions/setup-node@v4
-      id: setup-node
+    - id: setup-node
+      uses: actions/setup-node@v4
       with:
         node-version: ${{ inputs.node-version }}
         cache: ${{ inputs.cache-save == 'true' && 'pnpm' || '' }}
         cache-dependency-path: "**/pnpm-lock.yaml"
+        registry-url: https://registry.npmjs.org
     - id: pnpm
       if: inputs.cache-save == 'false'
       run: pnpm store path --silent | xargs -I {} -0 echo "path={}" | tee -a $GITHUB_OUTPUT

.github/workflows/check-changeset-added.yml

@@ -20,49 +20,19 @@ jobs:
   check-if-changeset:
     name: Check that PR has a changeset
     runs-on: ubuntu-latest
-    # don't run this check in the changesets PR
-    if: github.head_ref != 'changeset-release/main'
     steps:
-      - uses: actions/github-script@v7
-        with:
-          script: |
-            const isMergeGroup = context.eventName === "merge_group";
+      - name: Checkout the repository
+        uses: actions/checkout@v4
 
-            // Merge group context
-            if (isMergeGroup) {
-              console.log("Ignore changeset check for merge group.");
-              return;
-            }
+      # We need to fetch the base ref because the pull request check inspects the diff between the head and the base ref
+      - run: git fetch origin "$GITHUB_BASE_REF":"$GITHUB_BASE_REF"
 
-            // Single PR context
-            const pullNumber = context.issue.number;
+      - name: Check if merge group is valid
+        if: github.event_name == 'merge_group'
+        run: node scripts/validate-merge-group.mjs
 
-            const { data: files } = await github.rest.pulls.listFiles({
-              ...context.issue,
-              pull_number: pullNumber
-            });
-            const changeset = files.find(
-              file => file.status === "added" && file.filename.startsWith(".changeset/")
-            );
-            if (changeset !== undefined) {
-              console.log("Changeset found:", changeset.filename);
-              return;
-            }
-
-            console.log("No changeset found");
-
-
-            const { data: pull } = await github.rest.pulls.get({
-              ...context.issue,
-              pull_number: pullNumber
-            });
-            const noChangesetNeededLabel = pull.labels
-              .some(l => l.name === "no changeset needed");
-            if (noChangesetNeededLabel) {
-              console.log('The PR is labeled as "no changeset needed"');
-              return;
-            }
-
-            console.log('The PR is not labeled as "no changeset needed"');
-
-            process.exit(1);
+      - name: Check if PR has a changeset
+        if: github.event_name == 'pull_request'
+        env:
+          GITHUB_EVENT_PULL_REQUEST_LABELS: ${{ toJson(github.event.pull_request.labels) }}
+        run: node scripts/validate-pull-request.mjs

.github/workflows/release.yml

@@ -1,30 +1,89 @@
 name: Release
 
 on:
+  workflow_dispatch:
   push:
     branches:
-      - main
+      - v-next
+
+defaults:
+  run:
+    shell: bash
 
 jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
     permissions:
-      contents: write
-      pull-requests: write
+      contents: write # This allows us to push to the repository and create GitHub releases
+      pull-requests: write # This allows us to create pull requests
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v4
         with:
           # This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits
           fetch-depth: 0
+          # NOTE: If we use default GITHUB_TOKEN to create the release PR, the checks on the release PR will not be triggered automatically
+          token: ${{ secrets.RELEASE_GITHUB_TOKEN || github.token }}
 
-      - uses: ./.github/actions/setup-env
+      - name: Set up the environment
+        uses: ./.github/actions/setup-env
 
       - name: Install Dependencies
         run: pnpm install --frozen-lockfile --prefer-offline
 
-      - name: Create Release Pull Request
+      - name: Create release Pull Request
+        id: pr
+        env:
+          # NOTE: If we use the default GITHUB_TOKEN to create the release PR, the checks on the release PR will not be triggered automatically
+          GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN || github.token }}
         uses: changesets/action@v1
+        with:
+          version: node scripts/version-alpha.mjs
+
+      - name: Check if release needs to be published
+        id: before
+        if: steps.pr.outputs.hasChangesets == 'false'
+        run: node scripts/check-release.mjs
+
+      - name: Build All Packages
+        if: steps.before.outputs.released == 'false'
+        run: pnpm run --recursive -no-bail --filter './v-next/**' --if-present build
+
+      - name: Publish All Packages (dry-run)
+        if: steps.before.outputs.released == 'false'
+        run: pnpm publish --filter "./v-next/**" -r --no-git-checks --tag next --access public --dry-run
+
+      - name: Publish All Packages
+        id: publish
+        if: steps.before.outputs.released == 'false'
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}
+          NPM_CONFIG_PROVENANCE: true
+        run: pnpm publish --filter "./v-next/**" -r --no-git-checks --tag next --access public
+
+      - name: Check if release was published
+        id: after
+        if: steps.before.outputs.released == 'false'
+        run: node scripts/check-release.mjs
+
+      - name: Prepare GitHub release
+        id: release
+        if: steps.before.outputs.released == 'false' && steps.after.outputs.released == 'true'
+        run: node scripts/prepare-github-release.mjs
+
+      - name: Create GitHub Release
+        if: steps.before.outputs.released == 'false' && steps.after.outputs.released == 'true'
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
+        uses: galargh/action-gh-release@571276229e7c9e6ea18f99bad24122a4c3ec813f # https://github.com/galargh/action-gh-release/pull/1
+        with:
+          # We want the GitHub releases to be verified and published by a human because they are automatically pulled into the website
+          draft: true
+          tag_name: hardhat@${{ steps.release.outputs.version }}
+          generate_release_notes: false
+          target_commitish: ${{ github.sha }}
+          make_latest: ${{ steps.release.outputs.latest == 'true' }}
+          prerelease: ${{ steps.release.outputs.prerelease == 'true' }}
+          body: ${{ steps.release.outputs.body }}
+          token: ${{ github.token }}

scripts/check-release.mjs

@@ -0,0 +1,24 @@
+// @ts-check
+
+import { appendFile } from "node:fs/promises";
+
+import { readPackage, isPackageReleasedToNpm } from "./lib/packages.mjs";
+
+/**
+ * The function checks whether the version of hardhat from its' package.json is available in the NPM registry
+ * It appends this information to the GITHUB_OUTPUT file (this is an env variable available in the GitHub Actions environment)
+ */
+async function checkRelease() {
+  if (process.env.GITHUB_OUTPUT === undefined) {
+    throw new Error("GITHUB_OUTPUT is not defined");
+  }
+
+  const hardhat = await readPackage("hardhat");
+  const released = await isPackageReleasedToNpm(hardhat.name, hardhat.version);
+
+  console.log(`released: ${released}`);
+
+  await appendFile(process.env.GITHUB_OUTPUT, `released=${released}\n`);
+}
+
+await checkRelease();

scripts/lib/changesets.mjs

@@ -0,0 +1,71 @@
+// @ts-check
+
+import { exec as execSync } from "node:child_process";
+import { readdir, readFile } from "node:fs/promises";
+import path from "node:path";
+import { promisify } from "node:util";
+
+const exec = promisify(execSync);
+
+const changesetDir = ".changeset";
+
+/**
+ * Read all the changesets that have not yet been applied
+ * based on the pre.json file.
+ */
+export async function readAllNewChangsets() {
+  const allChangesetNames = (await readdir(changesetDir))
+    .filter((file) => file.endsWith(".md"))
+    .map((file) => file.slice(0, -3));
+
+  const alreadyAppliedChangesetNames = JSON.parse(
+    (await readFile(path.join(changesetDir, "pre.json"))).toString()
+  );
+
+  const newChangesetNames = allChangesetNames.filter(
+    (name) => !alreadyAppliedChangesetNames.changesets.includes(name)
+  );
+
+  const changesets = [];
+
+  for (const newChangeSetName of newChangesetNames) {
+    const changesetFilePath = path.join(changesetDir, `${newChangeSetName}.md`);
+
+    const changesetContent = await readFile(changesetFilePath, "utf-8");
+
+    const { content, frontMatter } = parseFrontMatter(changesetContent);
+    const commitHash = await getAddingCommit(changesetFilePath);
+
+    changesets.push({
+      frontMatter,
+      content,
+      path: changesetFilePath,
+      commitHash,
+    });
+  }
+
+  return changesets;
+}
+
+function parseFrontMatter(markdown) {
+  const match = markdown.match(/^---\n([\s\S]*?)\n---\n([\s\S]*)$/);
+  if (!match) {
+    return { frontMatter: null, content: markdown };
+  }
+
+  return {
+    frontMatter: match[1],
+    content: match[2],
+  };
+}
+
+async function getAddingCommit(filePath) {
+  try {
+    const { stdout } = await exec(
+      `git log --diff-filter=A --follow --format=%h -- "${filePath}"`
+    );
+    return stdout.trim() || null;
+  } catch {
+    return null;
+  }
+}

scripts/lib/packages.mjs

@@ -0,0 +1,35 @@
+// @ts-check
+
+import { readdir, readFile } from "node:fs/promises";
+
+const packagesDir = "v-next";
+
+/**
+ * Read all the package.json files of the packages that we release to npm.
+ */
+export async function readAllReleasablePackages() {
+  const allPackageNames = (await readdir(packagesDir))
+    .filter(file => !['config', 'example-project', 'template-package', 'hardhat-test-utils'].includes(file));
+
+  return Promise.all(allPackageNames.map(readPackage));
+}
+
+export async function readPackage(name) {
+  return JSON.parse(await readFile(`./v-next/${name}/package.json`, 'utf-8'));
+}
+
+export async function getLatestPackageVersionFromNpm(name) {
+  const url = `https://registry.npmjs.org/${name}/latest`;
+  const response = await fetch(url);
+  if (response.status !== 200) {
+    throw new Error(`Failed to fetch ${url}: ${response.statusText}`);
+  }
+  const json = await response.json();
+  return json.version;
+}
+
+export async function isPackageReleasedToNpm(name, version) {
+  const url = `https://registry.npmjs.org/${name}/${version}`;
+  const response = await fetch(url);
+  return response.status === 200;
+}