From 232ee41993dd801b5da18af011ebeb06db0c2e68 Mon Sep 17 00:00:00 2001 From: Ryan Bas Date: Thu, 19 Mar 2026 12:50:57 -0600 Subject: [PATCH] chore: fix-publish-steps --- .github/actions/publish-beta/action.yml | 2 +- .github/actions/publish-release/action.yml | 2 +- .github/workflows/publish.yml | 15 ++++++++++++++- package.json | 2 +- 4 files changed, 17 insertions(+), 4 deletions(-) diff --git a/.github/actions/publish-beta/action.yml b/.github/actions/publish-beta/action.yml index 20c9e35be9..fc39d92eeb 100644 --- a/.github/actions/publish-beta/action.yml +++ b/.github/actions/publish-beta/action.yml @@ -10,7 +10,7 @@ runs: - name: Run Builds shell: bash - run: pnpm nx run-many -t build --no-agents + run: pnpm nx run-many -t build --no-agents --skip-nx-cache - name: Generate API Docs shell: bash diff --git a/.github/actions/publish-release/action.yml b/.github/actions/publish-release/action.yml index b98de062ea..93a5cae315 100644 --- a/.github/actions/publish-release/action.yml +++ b/.github/actions/publish-release/action.yml @@ -32,7 +32,7 @@ runs: - name: Run Builds shell: bash - run: pnpm nx run-many -t build --no-agents + run: pnpm nx run-many -t build --no-agents --skip-nx-cache - name: Generate API Docs shell: bash diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c752459b90..aa01c80d05 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -96,7 +96,17 @@ jobs: retention-days: 30 snapshot: - if: ${{ github.event_name == 'workflow_dispatch' }} + # Guard against publishing snapshots from the protected release branch. + # Both github.ref (the branch selected in the UI) and inputs.branch (the + # free-text checkout ref) must be checked, since they are independent values + # and the checkout step uses inputs.branch directly. + if: >- + ${{ + github.event_name == 'workflow_dispatch' && + github.ref != 'refs/heads/changeset-release/main' && + github.event.inputs.branch != 'changeset-release/main' && + github.event.inputs.branch != 'refs/heads/changeset-release/main' + }} name: Publish Snapshots permissions: contents: write @@ -123,6 +133,9 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + - name: Build all packages (skip cache) + run: pnpm nx run-many -t build --no-agents --skip-nx-cache + # The actual npm publish that must occur in the authorized file - name: Publish packages with dist-tag run: pnpm publish -r --tag ${{ inputs.dist_tag }} --no-git-checks --access ${{ inputs.access }} diff --git a/package.json b/package.json index 50662075de..4097261f32 100644 --- a/package.json +++ b/package.json @@ -15,7 +15,7 @@ "scripts": { "build": "nx affected --target=build", "changeset": "changeset", - "ci:release": "pnpm nx run-many -t build --no-agents && pnpm publish -r --no-git-checks && changeset tag", + "ci:release": "pnpm nx run-many -t build --no-agents --skip-nx-cache && pnpm publish -r --no-git-checks && changeset tag", "ci:version": "changeset version && pnpm install --no-frozen-lockfile && pnpm nx format:write --uncommitted", "circular-dep-check": "madge --circular .", "clean": "shx rm -rf ./{coverage,dist,docs,node_modules,tmp}/ ./{packages,e2e}/*/{dist,node_modules}/ ./e2e/node_modules/ && git clean -fX -e \"!.env*,nx-cloud.env\" -e \"!**/GEMINI.md\"",