@bensandee/tooling 0.29.0 → 0.31.0

package/README.md

@@ -62,7 +62,7 @@ The generated `ci:check` script defaults to `pnpm check --skip 'docker:*'` since
 
 | Command                          | Description                                                                                                                     |
 | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- |
-| `tooling release:changesets`     | Changesets version/publish for Forgejo CI. Flag: `--dry-run`. Env: `FORGEJO_SERVER_URL`, `FORGEJO_REPOSITORY`, `FORGEJO_TOKEN`. |
+| `tooling release:changesets`     | Changesets version/publish for Forgejo CI. Flag: `--dry-run`. Env: `FORGEJO_SERVER_URL`, `FORGEJO_REPOSITORY`, `RELEASE_TOKEN`. |
 | `tooling release:simple`         | Streamlined release using commit-and-tag-version.                                                                               |
 | `tooling release:trigger`        | Trigger a release workflow.                                                                                                     |
 | `tooling forgejo:create-release` | Create a Forgejo release from a tag.                                                                                            |
@@ -77,7 +77,7 @@ The generated `ci:check` script defaults to `pnpm check --skip 'docker:*'` since
 
 Docker packages are discovered automatically. Any package with a `Dockerfile` or `docker/Dockerfile` is a Docker package. Image names are derived as `{root-package-name}-{package-name}`, build context defaults to `.` (project root). For single-package repos, `Dockerfile` or `docker/Dockerfile` at the project root is checked.
 
-When Docker packages are present, `repo:sync` generates a deploy workflow (`.forgejo/workflows/publish.yml` or `.github/workflows/publish.yml`) triggered on version tags (`v*.*.*`) that runs `pnpm exec tooling docker:publish`.
+When Docker packages are present, `repo:sync` generates a publish workflow (`.forgejo/workflows/publish.yml` or `.github/workflows/publish.yml`) triggered via `workflow_dispatch` for manual runs. For the `simple` release strategy, docker publishing is also added as a step in the release workflow so it runs automatically after each release.
 
 #### Overrides
 

package/dist/bin.mjs

@@ -1172,9 +1172,7 @@ function computeNodeVersionYaml(ctx) {
 function deployWorkflow(ci, nodeVersionYaml) {
 	return `${workflowSchemaComment(ci)}name: Publish
 on:
-  push:
-    tags:
-      - "v[0-9]+.[0-9]+.[0-9]+"
+  workflow_dispatch:
 
 jobs:
   publish:
@@ -1579,7 +1577,7 @@ function getAddedDevDepNames(config) {
 	const deps = { ...ROOT_DEV_DEPS };
 	if (config.structure !== "monorepo") Object.assign(deps, PER_PACKAGE_DEV_DEPS);
 	deps["@bensandee/config"] = "0.9.1";
-	deps["@bensandee/tooling"] = "0.29.0";
+	deps["@bensandee/tooling"] = "0.31.0";
 	if (config.formatter === "oxfmt") deps["oxfmt"] = {
 		"@changesets/cli": "2.30.0",
 		"@release-it/bumper": "7.0.5",
@@ -1634,7 +1632,7 @@ async function generatePackageJson(ctx) {
 	const devDeps = { ...ROOT_DEV_DEPS };
 	if (!isMonorepo) Object.assign(devDeps, PER_PACKAGE_DEV_DEPS);
 	devDeps["@bensandee/config"] = isWorkspacePackage(ctx, "@bensandee/config") ? "workspace:*" : "0.9.1";
-	devDeps["@bensandee/tooling"] = isWorkspacePackage(ctx, "@bensandee/tooling") ? "workspace:*" : "0.29.0";
+	devDeps["@bensandee/tooling"] = isWorkspacePackage(ctx, "@bensandee/tooling") ? "workspace:*" : "0.31.0";
 	if (ctx.config.useEslintPlugin) devDeps["@bensandee/eslint-plugin"] = isWorkspacePackage(ctx, "@bensandee/eslint-plugin") ? "workspace:*" : "0.9.2";
 	if (ctx.config.formatter === "oxfmt") devDeps["oxfmt"] = {
 		"@changesets/cli": "2.30.0",
@@ -2779,7 +2777,7 @@ function releaseItWorkflow(ci, nodeVersionYaml, publishesNpm) {
 permissions:
   contents: write
 ` : "";
-	const tokenEnv = isGitHub ? `GITHUB_TOKEN: \${{ github.token }}` : `FORGEJO_TOKEN: \${{ secrets.FORGEJO_TOKEN }}`;
+	const tokenEnv = isGitHub ? `GITHUB_TOKEN: \${{ github.token }}` : `RELEASE_TOKEN: \${{ secrets.RELEASE_TOKEN }}`;
 	const npmEnv = publishesNpm ? `\n          NODE_AUTH_TOKEN: \${{ secrets.NPM_TOKEN }}` : "";
 	return `${workflowSchemaComment(ci)}name: Release
 on:
@@ -2795,7 +2793,18 @@ ${commonSteps(nodeVersionYaml, publishesNpm)}
           ${tokenEnv}${npmEnv}
 `;
 }
-function commitAndTagVersionWorkflow(ci, nodeVersionYaml, publishesNpm) {
+function dockerPublishStep() {
+	return `
+      - name: Publish Docker images
+        if: success()
+        env:
+          DOCKER_REGISTRY_HOST: ${actionsExpr("vars.DOCKER_REGISTRY_HOST")}
+          DOCKER_REGISTRY_NAMESPACE: ${actionsExpr("vars.DOCKER_REGISTRY_NAMESPACE")}
+          DOCKER_USERNAME: ${actionsExpr("secrets.DOCKER_USERNAME")}
+          DOCKER_PASSWORD: ${actionsExpr("secrets.DOCKER_PASSWORD")}
+        run: pnpm exec bst docker:publish`;
+}
+function commitAndTagVersionWorkflow(ci, nodeVersionYaml, publishesNpm, hasDocker) {
 	const isGitHub = ci === "github";
 	const permissions = isGitHub ? `
 permissions:
@@ -2815,8 +2824,9 @@ permissions:
         env:
           FORGEJO_SERVER_URL: \${{ github.server_url }}
           FORGEJO_REPOSITORY: \${{ github.repository }}
-          FORGEJO_TOKEN: \${{ secrets.FORGEJO_TOKEN }}
+          RELEASE_TOKEN: \${{ secrets.RELEASE_TOKEN }}
         run: pnpm exec bst release:simple`;
+	const dockerStep = hasDocker ? dockerPublishStep() : "";
 	return `${workflowSchemaComment(ci)}name: Release
 on:
   workflow_dispatch:
@@ -2825,7 +2835,7 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-${commonSteps(nodeVersionYaml, publishesNpm)}${gitConfigStep}${releaseStep}
+${commonSteps(nodeVersionYaml, publishesNpm)}${gitConfigStep}${releaseStep}${dockerStep}
 `;
 }
 /** Build the required release step for the check job (changesets). */
@@ -2853,14 +2863,14 @@ function changesetsReleaseStep(ci, publishesNpm) {
 			env: {
 				FORGEJO_SERVER_URL: actionsExpr("github.server_url"),
 				FORGEJO_REPOSITORY: actionsExpr("github.repository"),
-				FORGEJO_TOKEN: actionsExpr("secrets.FORGEJO_TOKEN"),
+				RELEASE_TOKEN: actionsExpr("secrets.RELEASE_TOKEN"),
 				...publishesNpm && { NODE_AUTH_TOKEN: actionsExpr("secrets.NPM_TOKEN") }
 			},
 			run: "pnpm exec bst release:changesets"
 		}
 	};
 }
-function requiredReleaseSteps(strategy, nodeVersionYaml, publishesNpm) {
+function requiredReleaseSteps(strategy, nodeVersionYaml, publishesNpm, hasDocker) {
 	const isNodeVersionFile = nodeVersionYaml.startsWith("node-version-file");
 	const steps = [
 		{
@@ -2902,6 +2912,13 @@ function requiredReleaseSteps(strategy, nodeVersionYaml, publishesNpm) {
 				match: { run: "release:simple" },
 				step: { run: "pnpm exec bst release:simple" }
 			});
+			if (hasDocker) steps.push({
+				match: { run: "docker:publish" },
+				step: {
+					name: "Publish Docker images",
+					run: "pnpm exec bst docker:publish"
+				}
+			});
 			break;
 		case "changesets":
 			steps.push({
@@ -2912,10 +2929,10 @@ function requiredReleaseSteps(strategy, nodeVersionYaml, publishesNpm) {
 	}
 	return steps;
 }
-function buildWorkflow(strategy, ci, nodeVersionYaml, publishesNpm) {
+function buildWorkflow(strategy, ci, nodeVersionYaml, publishesNpm, hasDocker) {
 	switch (strategy) {
 		case "release-it": return releaseItWorkflow(ci, nodeVersionYaml, publishesNpm);
-		case "simple": return commitAndTagVersionWorkflow(ci, nodeVersionYaml, publishesNpm);
+		case "simple": return commitAndTagVersionWorkflow(ci, nodeVersionYaml, publishesNpm, hasDocker);
 		default: return null;
 	}
 }
@@ -2965,7 +2982,8 @@ async function generateReleaseCi(ctx) {
 	const isGitHub = ctx.config.ci === "github";
 	const workflowPath = isGitHub ? ".github/workflows/release.yml" : ".forgejo/workflows/release.yml";
 	const nodeVersionYaml = computeNodeVersionYaml(ctx);
-	const content = buildWorkflow(ctx.config.releaseStrategy, ctx.config.ci, nodeVersionYaml, publishesNpm);
+	const hasDocker = hasDockerPackages(ctx);
+	const content = buildWorkflow(ctx.config.releaseStrategy, ctx.config.ci, nodeVersionYaml, publishesNpm, hasDocker);
 	if (!content) return {
 		filePath,
 		action: "skipped",
@@ -2990,7 +3008,7 @@ async function generateReleaseCi(ctx) {
 					description: "Release workflow already up to date"
 				};
 			}
-			const merged = mergeWorkflowSteps(existing, "release", requiredReleaseSteps(ctx.config.releaseStrategy, nodeVersionYaml, publishesNpm));
+			const merged = mergeWorkflowSteps(existing, "release", requiredReleaseSteps(ctx.config.releaseStrategy, nodeVersionYaml, publishesNpm, hasDocker));
 			const withComment = ensureSchemaComment(merged.content, ctx.config.ci);
 			if (!merged.changed) {
 				if (withComment !== raw) {
@@ -3319,7 +3337,7 @@ function generateMigratePrompt(results, config, detected) {
 	const timestamp = (/* @__PURE__ */ new Date()).toISOString();
 	sections.push("# Migration Prompt");
 	sections.push("");
-	sections.push(`_Generated by \`@bensandee/tooling@0.29.0 repo:sync\` on ${timestamp}_`);
+	sections.push(`_Generated by \`@bensandee/tooling@0.31.0 repo:sync\` on ${timestamp}_`);
 	sections.push("");
 	sections.push("The following prompt was generated by `@bensandee/tooling repo:sync`. Paste it into Claude Code or another AI assistant to finish migrating this repository.");
 	sections.push("");
@@ -4181,16 +4199,17 @@ const RepositorySchema = z.union([z.string(), z.object({ url: z.string() })]);
 * Resolve the hosting platform and connection details.
 *
 * Priority:
-* 1. Environment variables (FORGEJO_SERVER_URL, FORGEJO_REPOSITORY, FORGEJO_TOKEN)
+* 1. Environment variables (FORGEJO_SERVER_URL, FORGEJO_REPOSITORY, RELEASE_TOKEN)
 * 2. `repository` field in package.json (server URL and owner/repo parsed from the URL)
 *
-* For Forgejo, FORGEJO_TOKEN is always required (either from env or explicitly).
+* For Forgejo, a token is always required. Accepts RELEASE_TOKEN (preferred) or
+* FORGEJO_TOKEN (legacy, but conflicts with Forgejo Actions' internal auth).
 * If the repository URL hostname is `github.com`, returns `{ type: "github" }`.
 */
 function resolveConnection(cwd) {
 	const serverUrl = process.env["FORGEJO_SERVER_URL"];
 	const repository = process.env["FORGEJO_REPOSITORY"];
-	const token = process.env["FORGEJO_TOKEN"];
+	const token = process.env["RELEASE_TOKEN"] ?? process.env["FORGEJO_TOKEN"];
 	if (serverUrl && repository && token) return {
 		type: "forgejo",
 		conn: {
@@ -4203,13 +4222,13 @@ function resolveConnection(cwd) {
 	if (parsed === null) {
 		if (serverUrl) {
 			if (!repository) throw new FatalError("FORGEJO_REPOSITORY environment variable is required");
-			if (!token) throw new FatalError("FORGEJO_TOKEN environment variable is required");
+			if (!token) throw new FatalError("RELEASE_TOKEN environment variable is required");
 		}
 		return { type: "github" };
 	}
 	if (parsed.hostname === "github.com") return { type: "github" };
 	const resolvedToken = token;
-	if (!resolvedToken) throw new FatalError("FORGEJO_TOKEN environment variable is required (server URL and repository were resolved from package.json)");
+	if (!resolvedToken) throw new FatalError("RELEASE_TOKEN environment variable is required (server URL and repository were resolved from package.json)");
 	return {
 		type: "forgejo",
 		conn: {
@@ -4247,6 +4266,18 @@ function parseGitUrl(urlStr) {
 		return null;
 	}
 }
+/**
+* Configure the git remote origin to use a Forgejo token for push auth.
+*
+* This is necessary because `actions/checkout` configures git with the automatic
+* GITHUB_TOKEN, which may not have push permissions. Using RELEASE_TOKEN ensures
+* pushes use the explicitly provided token.
+*/
+function configureGitAuth(executor, conn, cwd) {
+	const host = conn.serverUrl.replace(/^https?:\/\//, "");
+	const authUrl = `https://x-access-token:${conn.token}@${host}/${conn.repository}`;
+	executor.exec(`git remote set-url origin ${authUrl}`, { cwd });
+}
 //#endregion
 //#region src/commands/release-changesets.ts
 const releaseForgejoCommand = defineCommand({
@@ -4297,6 +4328,7 @@ async function runRelease(config, executor) {
 	}
 	executor.exec("git config user.name \"forgejo-actions[bot]\"", { cwd: config.cwd });
 	executor.exec("git config user.email \"forgejo-actions[bot]@noreply.localhost\"", { cwd: config.cwd });
+	configureGitAuth(executor, config, config.cwd);
 	const changesetFiles = executor.listChangesetFiles(config.cwd);
 	debug(config, `Changeset files found: ${changesetFiles.length > 0 ? changesetFiles.join(", ") : "(none)"}`);
 	if (changesetFiles.length > 0) {
@@ -4470,6 +4502,10 @@ async function runSimpleRelease(executor, config) {
 	}
 	let pushed = false;
 	if (!config.noPush) {
+		if (config.platform?.type === "forgejo") {
+			configureGitAuth(executor, config.platform.conn, config.cwd);
+			debug(config, "Configured git remote with RELEASE_TOKEN auth");
+		}
 		const branch = executor.exec("git rev-parse --abbrev-ref HEAD", { cwd: config.cwd }).stdout.trim() || "main";
 		debug(config, `Pushing to origin/${branch}`);
 		const pushResult = executor.exec(`git push --follow-tags origin ${branch}`, { cwd: config.cwd });
@@ -5109,7 +5145,7 @@ const dockerCheckCommand = defineCommand({
 const main = defineCommand({
 	meta: {
 		name: "bst",
-		version: "0.29.0",
+		version: "0.31.0",
 		description: "Bootstrap and maintain standardized TypeScript project tooling"
 	},
 	subCommands: {
@@ -5125,7 +5161,7 @@ const main = defineCommand({
 		"docker:check": dockerCheckCommand
 	}
 });
-console.log(`@bensandee/tooling v0.29.0`);
+console.log(`@bensandee/tooling v0.31.0`);
 async function run() {
 	await runMain(main);
 	process.exit(process.exitCode ?? 0);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bensandee/tooling",
-  "version": "0.29.0",
+  "version": "0.31.0",
   "description": "CLI tool to bootstrap and maintain standardized TypeScript project tooling",
   "bin": {
     "bst": "./dist/bin.mjs"