Merge branch 'glimmerjs:main' into patch-8

.eslintrc.cjs

@@ -28,6 +28,7 @@ module.exports = {
     'import/parsers': {
       '@typescript-eslint/parser': ['.js', '.cjs', '.mjs', '.mts', '.ts', '.d.ts'],
     },
+    'import/core-modules': ['@glimmer/debug'],
     'import/resolver': {
       typescript: {},
     },

.github/workflows/ci.yml

@@ -24,9 +24,11 @@ jobs:
     steps:
       - uses: wyvox/action@v1
         with:
+          pnpm-args: '--ignore-scripts'
           node-version: 20.1.0
           repo-token: ${{ secrets.GITHUB_TOKEN }}
       - run: pnpm turbo build
+      - run: node ./bin/build-verify.mjs
 
   lint:
     name: Linting
@@ -37,6 +39,7 @@ jobs:
     steps:
       - uses: wyvox/action@v1
         with:
+          pnpm-args: '--ignore-scripts'
           node-version: 20.1.0
           repo-token: ${{ secrets.GITHUB_TOKEN }}
       - run: pnpm lint

.github/workflows/perf.yml

@@ -2,9 +2,11 @@ name: PerformanceCheck
 
 on:
   workflow_dispatch:
-  push:
-    branches:
-      - main
+  # Don't run on every merge to main, because many merges
+  # may not even be vm related, but infra, or GH Actions
+  # push:
+  #   branches:
+  #     - main
   pull_request:
     branches: [main]
 
@@ -28,24 +30,34 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+
+      - uses: marceloprado/[email protected]
+        id: did-change
+        with:
+          paths: packages/
+
       - uses: wyvox/action-setup-pnpm@v3
+        if: steps.did-change.outputs.changed == 'true'
         with:
           node-version: '20.1.0'
 
       - name: RUN
+        if: steps.did-change.outputs.changed == 'true'
         run: pnpm run benchmark:setup
 
       - name: Remove unused artifacts
+        if: steps.did-change.outputs.changed == 'true'
         run: rm -rf ./tracerbench-results/traces && rm -rf ./tracerbench-results/traces.zip
 
       - name: Upload Tracerbench Artifacts
-        if: failure() || success()
+        if: steps.did-change.outputs.changed == 'true' && (failure() || success())
         uses: actions/upload-artifact@v3
         with:
           name: Trace Artifacts
           path: tracerbench-results
 
       - name: Write message
+        if: steps.did-change.outputs.changed == 'true'
         uses: mshick/add-pr-comment@v2
         with:
           message-path: "tracerbench-results/msg.txt"

.github/workflows/plan-release.yml

@@ -0,0 +1,90 @@
+name: Release Plan Review
+on:
+  push:
+    branches:
+      - main
+      - master
+  pull_request_target: # This workflow has permissions on the repo, do NOT run code from PRs in this workflow. See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+    types:
+      - labeled
+      - unlabeled
+
+concurrency:
+  group: plan-release # only the latest one of these should ever be running
+  cancel-in-progress: true
+
+jobs:
+  check-plan:
+    name: "Check Release Plan"
+    runs-on: ubuntu-latest
+    outputs:
+      command: ${{ steps.check-release.outputs.command }}
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: 'main'
+      # This will only cause the `check-plan` job to have a "command" of `release`
+      # when the .release-plan.json file was changed on the last commit.
+      - id: check-release
+        run: if git diff --name-only HEAD HEAD~1 | grep -w -q ".release-plan.json"; then echo "command=release"; fi >> $GITHUB_OUTPUT
+
+  prepare_release_notes:
+    name: Prepare Release Notes
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    needs: check-plan
+    permissions:
+      contents: write
+      issues: read
+      pull-requests: write
+    outputs:
+      explanation: ${{ steps.explanation.outputs.text }}
+    # only run on push event if plan wasn't updated (don't create a release plan when we're releasing)
+    # only run on labeled event if the PR has already been merged
+    if: (github.event_name == 'push' && needs.check-plan.outputs.command != 'release') || (github.event_name == 'pull_request_target' && github.event.pull_request.merged == true)
+
+    steps:
+      - uses: actions/checkout@v4
+        # We need to download lots of history so that
+        # github-changelog can discover what's changed since the last release
+        with:
+          fetch-depth: 0
+          ref: 'main'
+      - uses: wyvox/action-setup-pnpm@v3
+        with:
+          args: '--ignore-scripts'
+          node-version: 20.1.0
+
+      - name: "Generate Explanation and Prep Changelogs"
+        id: explanation
+        run: |
+          set +e
+          pnpm release-plan prepare 2> >(tee -a release-plan-stderr.txt >&2)
+
+          if [ $? -ne 0 ]; then
+            echo 'text<<EOF' >> $GITHUB_OUTPUT
+            cat release-plan-stderr.txt >> $GITHUB_OUTPUT
+            echo 'EOF' >> $GITHUB_OUTPUT
+          else
+            echo 'text<<EOF' >> $GITHUB_OUTPUT
+            jq .description .release-plan.json -r >> $GITHUB_OUTPUT
+            echo 'EOF' >> $GITHUB_OUTPUT
+            rm release-plan-stderr.txt
+          fi
+        env:
+          GITHUB_AUTH: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: peter-evans/create-pull-request@v6
+        with:
+          commit-message: "Prepare Release using 'release-plan'"
+          labels: "internal"
+          branch: release-preview
+          title: Prepare Release
+          body: |
+            This PR is a preview of the release that [release-plan](https://github.com/embroider-build/release-plan) has prepared. To release you should just merge this PR 👍
+
+            -----------------------------------------
+
+            ${{ steps.explanation.outputs.text }}

.github/workflows/publish.yml

@@ -0,0 +1,65 @@
+# For every push to the master branch, this checks if the release-plan was
+# updated and if it was it will publish stable npm packages based on the
+# release plan
+
+name: Publish Stable
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - master
+
+concurrency:
+  group: publish-${{ github.head_ref || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  check-plan:
+    name: "Check Release Plan"
+    runs-on: ubuntu-latest
+    outputs:
+      command: ${{ steps.check-release.outputs.command }}
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: 'main'
+      # This will only cause the `check-plan` job to have a result of `success`
+      # when the .release-plan.json file was changed on the last commit. This
+      # plus the fact that this action only runs on main will be enough of a guard
+      - id: check-release
+        run: if git diff --name-only HEAD HEAD~1 | grep -w -q ".release-plan.json"; then echo "command=release"; fi >> $GITHUB_OUTPUT
+
+  publish:
+    name: "NPM Publish"
+    runs-on: ubuntu-latest
+    needs: check-plan
+    if: needs.check-plan.outputs.command == 'release'
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: 'Setup local TurboRepo server'
+        uses: felixmosh/turborepo-gh-artifacts@v2
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: wyvox/action-setup-pnpm@v3
+        with:
+          args: '--ignore-scripts'
+          node-version: 20.1.0
+          # This creates an .npmrc that reads the NODE_AUTH_TOKEN environment variable
+          node-registry-url: 'https://registry.npmjs.org'
+
+      - run: pnpm turbo build --force --no-cache
+      - name: npm publish
+        run: pnpm release-plan publish
+        env:
+          GITHUB_AUTH: ${{ secrets.GITHUB_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.npmrc

@@ -1,3 +1,4 @@
+use-node-version=20.9.0
 ignore-workspace-root-check=true
 auto-install-peers=true
 strict-peer-dependencies=true