@packtory/github-release-gate 0.0.1 → 0.0.3

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) [2023]
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/github-release-gate/cli-runner.js

@@ -0,0 +1,86 @@
+import { createGitHubReleaseGateApi } from "./github-api.js";
+import { applyPacktoryReleasePolicy } from "./release-policy.js";
+import { evaluateGitHubReleaseGate } from "./release-gate.js";
+import { createGitHubRepositoryContext, readGitHubReleaseGateRunnerConfig } from "./runner-config.js";
+function formatReleaseAnalysisFailure(error) {
+    if (error.type === 'partial') {
+        return error.failures
+            .map((failure) => {
+            return failure.message;
+        })
+            .join('\n');
+    }
+    return error.issues.join('\n');
+}
+function writeLogs(write, logs) {
+    for (const line of logs) {
+        write(line);
+    }
+}
+function buildGitHubOutput(mainHeadSha, decision) {
+    return [
+        `main_head_sha=${mainHeadSha}`,
+        `should_publish=${decision.shouldPublish}`,
+        `reason=${decision.reason}`
+    ].join('\n');
+}
+async function writeDecision(output, mainHeadSha, decision) {
+    writeLogs(output.stdoutWrite, decision.logs);
+    await output.fileManager.writeFile(output.githubOutputPath, `${buildGitHubOutput(mainHeadSha, decision)}\n`);
+}
+async function evaluatePacktoryPolicy(dependencies, config, now, timeGateDecision) {
+    const packtoryConfig = await dependencies.loadPacktoryConfig();
+    const releaseAnalysis = await dependencies.analyzeReleaseAgainstLatestPublished(packtoryConfig);
+    if (releaseAnalysis.result.isErr) {
+        throw new Error(formatReleaseAnalysisFailure(releaseAnalysis.result.error));
+    }
+    return applyPacktoryReleasePolicy({
+        baseDecision: timeGateDecision,
+        dependencyOnlyMinAgeDays: config.dependencyOnlyMinAgeDays,
+        now,
+        releaseAnalysis: releaseAnalysis.result.value
+    });
+}
+async function loadGitHubTimeGateDecision(dependencies, config) {
+    const githubApi = createGitHubReleaseGateApi(dependencies.fetch, createGitHubRepositoryContext(config));
+    const mainHeadSha = await githubApi.getMainBranchHeadSha();
+    const successfulMainCiRun = await githubApi.getLatestSuccessfulMainCiRun(config.ciWorkflowFile, mainHeadSha);
+    const pullRequestActivities = await githubApi.getOpenPullRequestActivities();
+    const now = dependencies.now();
+    return {
+        mainHeadSha,
+        now,
+        decision: evaluateGitHubReleaseGate({
+            ciWorkflowFile: config.ciWorkflowFile,
+            mainBranch: config.defaultBranch,
+            mainHeadSha,
+            maxLatencyHours: config.maxLatencyHours,
+            now,
+            pullRequestActivities,
+            quietPeriodMinutes: config.quietPeriodMinutes,
+            successfulMainCiRun
+        })
+    };
+}
+export async function runGitHubReleaseGate(dependencies) {
+    const config = readGitHubReleaseGateRunnerConfig(dependencies.getEnvironmentVariable);
+    const { decision: timeGateDecision, mainHeadSha, now } = await loadGitHubTimeGateDecision(dependencies, config);
+    if (!timeGateDecision.shouldPublish) {
+        await writeDecision({
+            fileManager: dependencies.fileManager,
+            githubOutputPath: config.githubOutputPath,
+            stdoutWrite: dependencies.stdoutWrite
+        }, mainHeadSha, timeGateDecision);
+        return;
+    }
+    const decision = await evaluatePacktoryPolicy(dependencies, config, now, {
+        ...timeGateDecision,
+        shouldPublish: true
+    });
+    await writeDecision({
+        fileManager: dependencies.fileManager,
+        githubOutputPath: config.githubOutputPath,
+        stdoutWrite: dependencies.stdoutWrite
+    }, mainHeadSha, decision);
+}
+//# sourceMappingURL=cli-runner.js.map

package/github-release-gate/cli-runner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-runner.js","sourceRoot":"","sources":["../../../../source/github-release-gate/cli-runner.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EAAE,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AACjE,OAAO,EAAkC,yBAAyB,EAAE,MAAM,mBAAmB,CAAC;AAC9F,OAAO,EAAE,6BAA6B,EAAE,iCAAiC,EAAE,MAAM,oBAAoB,CAAC;AActG,SAAS,4BAA4B,CACjC,KAAkF;IAElF,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO,KAAK,CAAC,QAAQ;aAChB,GAAG,CAAC,CAAC,OAAc,EAAE,EAAE;YACpB,OAAO,OAAO,CAAC,OAAO,CAAC;QAC3B,CAAC,CAAC;aACD,IAAI,CAAC,IAAI,CAAC,CAAC;IACpB,CAAC;IAED,OAAO,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,SAAS,CAAC,KAAmB,EAAE,IAAuB;IAC3D,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,CAAC;IAChB,CAAC;AACL,CAAC;AAED,SAAS,iBAAiB,CAAC,WAAmB,EAAE,QAAmC;IAC/E,OAAO;QACH,iBAAiB,WAAW,EAAE;QAC9B,kBAAkB,QAAQ,CAAC,aAAa,EAAE;QAC1C,UAAU,QAAQ,CAAC,MAAM,EAAE;KAC9B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,aAAa,CACxB,MAIC,EACD,WAAmB,EACnB,QAAmC;IAEnC,SAAS,CAAC,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,CAAC,gBAAgB,EAAE,GAAG,iBAAiB,CAAC,WAAW,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;AACjH,CAAC;AAED,KAAK,UAAU,sBAAsB,CACjC,YAGC,EACD,MAAsE,EACtE,GAAS,EACT,gBAA8E;IAE9E,MAAM,cAAc,GAAG,MAAM,YAAY,CAAC,kBAAkB,EAAE,CAAC;IAC/D,MAAM,eAAe,GAAG,MAAM,YAAY,CAAC,oCAAoC,CAAC,cAAc,CAAC,CAAC;IAChG,IAAI,eAAe,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IAChF,CAAC;IAED,OAAO,0BAA0B,CAAC;QAC9B,YAAY,EAAE,gBAAgB;QAC9B,wBAAwB,EAAE,MAAM,CAAC,wBAAwB;QACzD,GAAG;QACH,eAAe,EAAE,eAAe,CAAC,MAAM,CAAC,KAAK;KAChD,CAAC,CAAC;AACP,CAAC;AAED,KAAK,UAAU,0BAA0B,CACrC,YAAwE,EACxE,MAAsE;IAEtE,MAAM,SAAS,GAAG,0BAA0B,CAAC,YAAY,CAAC,KAAK,EAAE,6BAA6B,CAAC,MAAM,CAAC,CAAC,CAAC;IACxG,MAAM,WAAW,GAAG,MAAM,SAAS,CAAC,oBAAoB,EAAE,CAAC;IAC3D,MAAM,mBAAmB,GAAG,MAAM,SAAS,CAAC,4BAA4B,CAAC,MAAM,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IAC7G,MAAM,qBAAqB,GAAG,MAAM,SAAS,CAAC,4BAA4B,EAAE,CAAC;IAC7E,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,EAAE,CAAC;IAE/B,OAAO;QACH,WAAW;QACX,GAAG;QACH,QAAQ,EAAE,yBAAyB,CAAC;YAChC,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,UAAU,EAAE,MAAM,CAAC,aAAa;YAChC,WAAW;YACX,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,GAAG;YACH,qBAAqB;YACrB,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;YAC7C,mBAAmB;SACtB,CAAC;KACL,CAAC;AACN,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,YAAiD;IACxF,MAAM,MAAM,GAAG,iCAAiC,CAAC,YAAY,CAAC,sBAAsB,CAAC,CAAC;IACtF,MAAM,EAAE,QAAQ,EAAE,gBAAgB,EAAE,WAAW,EAAE,GAAG,EAAE,GAAG,MAAM,0BAA0B,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAEhH,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,CAAC;QAClC,MAAM,aAAa,CACf;YACI,WAAW,EAAE,YAAY,CAAC,WAAW;YACrC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,WAAW,EAAE,YAAY,CAAC,WAAW;SACxC,EACD,WAAW,EACX,gBAAgB,CACnB,CAAC;QACF,OAAO;IACX,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,sBAAsB,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG,EAAE;QACrE,GAAG,gBAAgB;QACnB,aAAa,EAAE,IAAI;KACtB,CAAC,CAAC;IAEH,MAAM,aAAa,CACf;QACI,WAAW,EAAE,YAAY,CAAC,WAAW;QACrC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;QACzC,WAAW,EAAE,YAAY,CAAC,WAAW;KACxC,EACD,WAAW,EACX,QAAQ,CACX,CAAC;AACN,CAAC"}

package/github-release-gate/github-api.js

@@ -0,0 +1,105 @@
+import { isDefined } from 'remeda';
+import { Octokit } from '@octokit/core';
+import { paginateRest } from '@octokit/plugin-paginate-rest';
+import { restEndpointMethods } from '@octokit/plugin-rest-endpoint-methods';
+import { selectPullRequestActivityAt } from "./release-gate.js";
+function parseTimestamp(timestamp) {
+    const date = new Date(timestamp);
+    if (Number.isNaN(date.getTime())) {
+        throw new TypeError(`Invalid timestamp: ${timestamp}`);
+    }
+    return date;
+}
+async function requestGitHub(request) {
+    try {
+        return await request;
+    }
+    catch (error) {
+        const requestUrl = String(Reflect.get(new Object(Reflect.get(new Object(error), 'request')), 'url'));
+        const status = String(Reflect.get(new Object(error), 'status'));
+        const parsedUrl = new URL(requestUrl);
+        throw new Error(`GitHub API request failed (${status}) for ${parsedUrl.pathname}${parsedUrl.search}`, {
+            cause: error
+        });
+    }
+}
+export function createGitHubReleaseGateApi(fetchImplementation, context) {
+    const GitHubRestClient = Octokit.plugin(restEndpointMethods, paginateRest);
+    const requestContext = {
+        headers: {
+            accept: 'application/vnd.github+json',
+            authorization: `Bearer ${context.token}`,
+            'user-agent': 'packtory-github-release-gate',
+            'x-github-api-version': '2022-11-28'
+        },
+        owner: context.owner,
+        repo: context.repo
+    };
+    const octokit = new GitHubRestClient({
+        baseUrl: context.apiBaseUrl,
+        request: {
+            fetch: fetchImplementation,
+            headers: requestContext.headers
+        }
+    });
+    return {
+        async getMainBranchHeadSha() {
+            const branch = await requestGitHub(octokit.rest.repos.getBranch({
+                ...requestContext,
+                branch: context.defaultBranch
+            }));
+            return branch.data.commit.sha;
+        },
+        async getLatestSuccessfulMainCiRun(ciWorkflowFile, headSha) {
+            const response = await requestGitHub(octokit.rest.actions.listWorkflowRuns({
+                ...requestContext,
+                workflow_id: ciWorkflowFile,
+                branch: context.defaultBranch,
+                event: 'push',
+                head_sha: headSha,
+                status: 'completed',
+                per_page: 100
+            }));
+            const matchingRun = response.data.workflow_runs.find((run) => {
+                return run.head_sha === headSha && run.conclusion === 'success' && run.event === 'push';
+            });
+            if (matchingRun === undefined) {
+                return undefined;
+            }
+            return {
+                htmlUrl: matchingRun.html_url,
+                updatedAt: parseTimestamp(matchingRun.updated_at)
+            };
+        },
+        async getOpenPullRequestActivities() {
+            const openPullRequests = await requestGitHub(octokit.paginate(octokit.rest.pulls.list, {
+                ...requestContext,
+                state: 'open',
+                base: context.defaultBranch,
+                per_page: 100
+            }));
+            return Promise.all(openPullRequests.map(async (pullRequest) => {
+                const timeline = await requestGitHub(octokit.paginate(octokit.rest.issues.listEventsForTimeline, {
+                    ...requestContext,
+                    issue_number: pullRequest.number,
+                    per_page: 100
+                }));
+                const timelineEvents = timeline
+                    .map((event) => {
+                    const timestamp = event.event === 'committed' ? event.committer?.date : (event.created_at ?? undefined);
+                    if (timestamp === undefined) {
+                        return undefined;
+                    }
+                    return { createdAt: parseTimestamp(timestamp), event: event.event };
+                })
+                    .filter(isDefined);
+                return {
+                    number: pullRequest.number,
+                    htmlUrl: pullRequest.html_url,
+                    activityAt: selectPullRequestActivityAt(parseTimestamp(pullRequest.created_at), timelineEvents)
+                };
+            }));
+        }
+    };
+}
+//# sourceMappingURL=github-api.js.map

package/github-release-gate/github-api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"github-api.js","sourceRoot":"","sources":["../../../../source/github-release-gate/github-api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACnC,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,uCAAuC,CAAC;AAC5E,OAAO,EACH,2BAA2B,EAI9B,MAAM,mBAAmB,CAAC;AA0C3B,SAAS,cAAc,CAAC,SAAiB;IACrC,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC;IAEjC,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,SAAS,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO,IAAI,CAAC;AAChB,CAAC;AAQD,KAAK,UAAU,aAAa,CAAI,OAAmB;IAC/C,IAAI,CAAC;QACD,OAAO,MAAM,OAAO,CAAC;IACzB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;QACrG,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;QAChE,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,8BAA8B,MAAM,SAAS,SAAS,CAAC,QAAQ,GAAG,SAAS,CAAC,MAAM,EAAE,EAAE;YAClG,KAAK,EAAE,KAAK;SACf,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,MAAM,UAAU,0BAA0B,CACtC,mBAA4C,EAC5C,OAAgC;IAEhC,MAAM,gBAAgB,GAAG,OAAO,CAAC,MAAM,CAAC,mBAAmB,EAAE,YAAY,CAAC,CAAC;IAC3E,MAAM,cAAc,GAA6B;QAC7C,OAAO,EAAE;YACL,MAAM,EAAE,6BAA6B;YACrC,aAAa,EAAE,UAAU,OAAO,CAAC,KAAK,EAAE;YACxC,YAAY,EAAE,8BAA8B;YAC5C,sBAAsB,EAAE,YAAY;SACvC;QACD,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,IAAI,EAAE,OAAO,CAAC,IAAI;KACrB,CAAC;IACF,MAAM,OAAO,GAAG,IAAI,gBAAgB,CAAC;QACjC,OAAO,EAAE,OAAO,CAAC,UAAU;QAC3B,OAAO,EAAE;YACL,KAAK,EAAE,mBAAmB;YAC1B,OAAO,EAAE,cAAc,CAAC,OAAO;SAClC;KACJ,CAAC,CAAC;IAEH,OAAO;QACH,KAAK,CAAC,oBAAoB;YACtB,MAAM,MAAM,GAAG,MAAM,aAAa,CAC9B,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;gBACzB,GAAG,cAAc;gBACjB,MAAM,EAAE,OAAO,CAAC,aAAa;aAChC,CAAC,CACL,CAAC;YAEF,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;QAClC,CAAC;QAED,KAAK,CAAC,4BAA4B,CAAC,cAAc,EAAE,OAAO;YACtD,MAAM,QAAQ,GAAG,MAAM,aAAa,CAChC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC;gBAClC,GAAG,cAAc;gBACjB,WAAW,EAAE,cAAc;gBAC3B,MAAM,EAAE,OAAO,CAAC,aAAa;gBAC7B,KAAK,EAAE,MAAM;gBACb,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,WAAW;gBACnB,QAAQ,EAAE,GAAG;aAChB,CAAC,CACL,CAAC;YACF,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;gBACzD,OAAO,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,IAAI,GAAG,CAAC,KAAK,KAAK,MAAM,CAAC;YAC5F,CAAC,CAAC,CAAC;YAEH,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC5B,OAAO,SAAS,CAAC;YACrB,CAAC;YAED,OAAO;gBACH,OAAO,EAAE,WAAW,CAAC,QAAQ;gBAC7B,SAAS,EAAE,cAAc,CAAC,WAAW,CAAC,UAAU,CAAC;aACpD,CAAC;QACN,CAAC;QAED,KAAK,CAAC,4BAA4B;YAC9B,MAAM,gBAAgB,GAAG,MAAM,aAAa,CACxC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE;gBACtC,GAAG,cAAc;gBACjB,KAAK,EAAE,MAAM;gBACb,IAAI,EAAE,OAAO,CAAC,aAAa;gBAC3B,QAAQ,EAAE,GAAG;aAChB,CAAC,CACL,CAAC;YAEF,OAAO,OAAO,CAAC,GAAG,CACd,gBAAgB,CAAC,GAAG,CAAC,KAAK,EAAE,WAAW,EAAE,EAAE;gBACvC,MAAM,QAAQ,GAAG,MAAM,aAAa,CAChC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,qBAAqB,EAAE;oBACxD,GAAG,cAAc;oBACjB,YAAY,EAAE,WAAW,CAAC,MAAM;oBAChC,QAAQ,EAAE,GAAG;iBAChB,CAAC,CACL,CAAC;gBACF,MAAM,cAAc,GAAG,QAAQ;qBAC1B,GAAG,CAAC,CAAC,KAAK,EAAwC,EAAE;oBACjD,MAAM,SAAS,GACX,KAAK,CAAC,KAAK,KAAK,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,IAAI,SAAS,CAAC,CAAC;oBAC1F,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;wBAC1B,OAAO,SAAS,CAAC;oBACrB,CAAC;oBACD,OAAO,EAAE,SAAS,EAAE,cAAc,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC;gBACxE,CAAC,CAAC;qBACD,MAAM,CAAC,SAAS,CAAC,CAAC;gBAEvB,OAAO;oBACH,MAAM,EAAE,WAAW,CAAC,MAAM;oBAC1B,OAAO,EAAE,WAAW,CAAC,QAAQ;oBAC7B,UAAU,EAAE,2BAA2B,CAAC,cAAc,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,cAAc,CAAC;iBAClG,CAAC;YACN,CAAC,CAAC,CACL,CAAC;QACN,CAAC;KACJ,CAAC;AACN,CAAC"}

package/github-release-gate/release-gate.js

@@ -0,0 +1,84 @@
+import { maxDate } from "packtory/common/max-date.js";
+const millisecondsPerMinute = 60_000;
+const millisecondsPerHour = 3_600_000;
+function createDecision(shouldPublish, reason, logs, decisionLog) {
+    return {
+        shouldPublish,
+        reason,
+        logs: [...logs, decisionLog]
+    };
+}
+function createMainCiSuccessLog(context) {
+    return `main CI success: ${context.mainHeadCiSuccessAt.toISOString()} (${context.mainHeadCiSuccessHtmlUrl})`;
+}
+function buildDecisionLogs(context) {
+    const logs = [
+        `main HEAD: ${context.input.mainHeadSha}`,
+        createMainCiSuccessLog(context),
+        `open PRs targeting ${context.input.mainBranch}: ${context.input.pullRequestActivities.length}`
+    ];
+    for (const pullRequestActivity of context.input.pullRequestActivities) {
+        const activityAt = pullRequestActivity.activityAt.toISOString();
+        logs.push(`PR #${pullRequestActivity.number} activity: ${activityAt} ${pullRequestActivity.htmlUrl}`);
+    }
+    logs.push(`last relevant activity: ${context.lastRelevantActivityAt.toISOString()}`, `quiet period elapsed: ${context.quietPeriodElapsed}`, `max latency elapsed: ${context.maxLatencyElapsed}`);
+    return logs;
+}
+function createMissingCiDecision(input) {
+    const missingCiLog = `Skipping publish: no successful ${input.ciWorkflowFile} push run found for ${input.mainBranch} ` +
+        `HEAD ${input.mainHeadSha}.`;
+    return createDecision(false, 'ci_not_green', [], missingCiLog);
+}
+function hasElapsed(now, since, elapsedMilliseconds) {
+    return now.getTime() - since.getTime() >= elapsedMilliseconds;
+}
+function getElapsedFlags(input, mainHeadCiSuccessAt, lastRelevantActivityAt) {
+    return {
+        quietPeriodElapsed: hasElapsed(input.now, lastRelevantActivityAt, input.quietPeriodMinutes * millisecondsPerMinute),
+        maxLatencyElapsed: hasElapsed(input.now, mainHeadCiSuccessAt, input.maxLatencyHours * millisecondsPerHour)
+    };
+}
+function isBranchActivityEvent(eventName) {
+    const activityEventName = String(eventName);
+    return (activityEventName === 'committed' ||
+        activityEventName === 'head_ref_deleted' ||
+        activityEventName === 'head_ref_force_pushed' ||
+        activityEventName === 'head_ref_restored');
+}
+function lastRelevantActivityAtFor(input, mainHeadCiSuccessAt) {
+    const otherActivityDates = [];
+    for (const pullRequestActivity of input.pullRequestActivities) {
+        otherActivityDates.push(pullRequestActivity.activityAt);
+    }
+    return maxDate(mainHeadCiSuccessAt, otherActivityDates);
+}
+export function selectPullRequestActivityAt(pullRequestCreatedAt, timelineEvents) {
+    const branchActivityDates = [];
+    for (const event of timelineEvents) {
+        if (isBranchActivityEvent(event.event)) {
+            branchActivityDates.push(event.createdAt);
+        }
+    }
+    return maxDate(pullRequestCreatedAt, branchActivityDates);
+}
+export function evaluateGitHubReleaseGate(input) {
+    if (input.successfulMainCiRun === undefined) {
+        return createMissingCiDecision(input);
+    }
+    const mainHeadCiSuccessAt = input.successfulMainCiRun.updatedAt;
+    const lastRelevantActivityAt = lastRelevantActivityAtFor(input, mainHeadCiSuccessAt);
+    const { quietPeriodElapsed, maxLatencyElapsed } = getElapsedFlags(input, mainHeadCiSuccessAt, lastRelevantActivityAt);
+    const logs = buildDecisionLogs({
+        input,
+        mainHeadCiSuccessAt,
+        mainHeadCiSuccessHtmlUrl: input.successfulMainCiRun.htmlUrl,
+        lastRelevantActivityAt,
+        quietPeriodElapsed,
+        maxLatencyElapsed
+    });
+    if (!quietPeriodElapsed && !maxLatencyElapsed) {
+        return createDecision(false, 'activity_not_stale', logs, 'Skipping publish: repository activity is not stale enough yet.');
+    }
+    return createDecision(true, quietPeriodElapsed ? 'quiet_period_elapsed' : 'max_latency_elapsed', logs, 'Publishing is allowed by the release gate.');
+}
+//# sourceMappingURL=release-gate.js.map

package/github-release-gate/release-gate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"release-gate.js","sourceRoot":"","sources":["../../../../source/github-release-gate/release-gate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AA2ChD,MAAM,qBAAqB,GAAG,MAAM,CAAC;AACrC,MAAM,mBAAmB,GAAG,SAAS,CAAC;AAWtC,SAAS,cAAc,CACnB,aAAsB,EACtB,MAA2C,EAC3C,IAAuB,EACvB,WAAmB;IAEnB,OAAO;QACH,aAAa;QACb,MAAM;QACN,IAAI,EAAE,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;KAC/B,CAAC;AACN,CAAC;AAED,SAAS,sBAAsB,CAAC,OAA2B;IACvD,OAAO,oBAAoB,OAAO,CAAC,mBAAmB,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,wBAAwB,GAAG,CAAC;AACjH,CAAC;AAED,SAAS,iBAAiB,CAAC,OAA2B;IAClD,MAAM,IAAI,GAAG;QACT,cAAc,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE;QACzC,sBAAsB,CAAC,OAAO,CAAC;QAC/B,sBAAsB,OAAO,CAAC,KAAK,CAAC,UAAU,KAAK,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,MAAM,EAAE;KAClG,CAAC;IAEF,KAAK,MAAM,mBAAmB,IAAI,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,CAAC;QACpE,MAAM,UAAU,GAAG,mBAAmB,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;QAChE,IAAI,CAAC,IAAI,CAAC,OAAO,mBAAmB,CAAC,MAAM,cAAc,UAAU,IAAI,mBAAmB,CAAC,OAAO,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED,IAAI,CAAC,IAAI,CACL,2BAA2B,OAAO,CAAC,sBAAsB,CAAC,WAAW,EAAE,EAAE,EACzE,yBAAyB,OAAO,CAAC,kBAAkB,EAAE,EACrD,wBAAwB,OAAO,CAAC,iBAAiB,EAAE,CACtD,CAAC;IAEF,OAAO,IAAI,CAAC;AAChB,CAAC;AAED,SAAS,uBAAuB,CAAC,KAA6B;IAC1D,MAAM,YAAY,GACd,mCAAmC,KAAK,CAAC,cAAc,uBAAuB,KAAK,CAAC,UAAU,GAAG;QACjG,QAAQ,KAAK,CAAC,WAAW,GAAG,CAAC;IAEjC,OAAO,cAAc,CAAC,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,YAAY,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,UAAU,CAAC,GAAS,EAAE,KAAW,EAAE,mBAA2B;IACnE,OAAO,GAAG,CAAC,OAAO,EAAE,GAAG,KAAK,CAAC,OAAO,EAAE,IAAI,mBAAmB,CAAC;AAClE,CAAC;AAED,SAAS,eAAe,CACpB,KAA6B,EAC7B,mBAAyB,EACzB,sBAA4B;IAK5B,OAAO;QACH,kBAAkB,EAAE,UAAU,CAC1B,KAAK,CAAC,GAAG,EACT,sBAAsB,EACtB,KAAK,CAAC,kBAAkB,GAAG,qBAAqB,CACnD;QACD,iBAAiB,EAAE,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,mBAAmB,EAAE,KAAK,CAAC,eAAe,GAAG,mBAAmB,CAAC;KAC7G,CAAC;AACN,CAAC;AAED,SAAS,qBAAqB,CAAC,SAA6B;IACxD,MAAM,iBAAiB,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;IAC5C,OAAO,CACH,iBAAiB,KAAK,WAAW;QACjC,iBAAiB,KAAK,kBAAkB;QACxC,iBAAiB,KAAK,uBAAuB;QAC7C,iBAAiB,KAAK,mBAAmB,CAC5C,CAAC;AACN,CAAC;AAED,SAAS,yBAAyB,CAAC,KAA6B,EAAE,mBAAyB;IACvF,MAAM,kBAAkB,GAAW,EAAE,CAAC;IAEtC,KAAK,MAAM,mBAAmB,IAAI,KAAK,CAAC,qBAAqB,EAAE,CAAC;QAC5D,kBAAkB,CAAC,IAAI,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO,OAAO,CAAC,mBAAmB,EAAE,kBAAkB,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,UAAU,2BAA2B,CACvC,oBAA0B,EAC1B,cAAmD;IAEnD,MAAM,mBAAmB,GAAW,EAAE,CAAC;IACvC,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;QACjC,IAAI,qBAAqB,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACrC,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC,oBAAoB,EAAE,mBAAmB,CAAC,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,KAA6B;IACnE,IAAI,KAAK,CAAC,mBAAmB,KAAK,SAAS,EAAE,CAAC;QAC1C,OAAO,uBAAuB,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC;IAED,MAAM,mBAAmB,GAAG,KAAK,CAAC,mBAAmB,CAAC,SAAS,CAAC;IAChE,MAAM,sBAAsB,GAAG,yBAAyB,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;IACrF,MAAM,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,GAAG,eAAe,CAC7D,KAAK,EACL,mBAAmB,EACnB,sBAAsB,CACzB,CAAC;IACF,MAAM,IAAI,GAAG,iBAAiB,CAAC;QAC3B,KAAK;QACL,mBAAmB;QACnB,wBAAwB,EAAE,KAAK,CAAC,mBAAmB,CAAC,OAAO;QAC3D,sBAAsB;QACtB,kBAAkB;QAClB,iBAAiB;KACpB,CAAC,CAAC;IAEH,IAAI,CAAC,kBAAkB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC5C,OAAO,cAAc,CACjB,KAAK,EACL,oBAAoB,EACpB,IAAI,EACJ,gEAAgE,CACnE,CAAC;IACN,CAAC;IAED,OAAO,cAAc,CACjB,IAAI,EACJ,kBAAkB,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,qBAAqB,EACnE,IAAI,EACJ,4CAA4C,CAC/C,CAAC;AACN,CAAC"}

package/github-release-gate/release-policy.js

@@ -0,0 +1,56 @@
+import { releaseAnalysisClassification } from "packtory/packtory/packtory-results.js";
+const millisecondsPerDay = 86_400_000;
+function formatPublishedAt(date) {
+    return date === undefined ? '(unknown)' : date.toISOString();
+}
+function buildReleaseAnalysisLogs(releaseAnalysis) {
+    const logs = [
+        `release classification: ${releaseAnalysis.classification}`,
+        `most recent published package timestamp: ${formatPublishedAt(releaseAnalysis.mostRecentPublishedAt)}`
+    ];
+    for (const analysis of releaseAnalysis.packageAnalyses) {
+        const packageLog = `package ${analysis.name}: ${analysis.classification}` +
+            ` latest=${analysis.latestPublishedVersion ?? '(unpublished)'}` +
+            ` publishedAt=${formatPublishedAt(analysis.latestPublishedAt)}`;
+        logs.push(packageLog);
+    }
+    return logs;
+}
+function minAgeElapsed(now, publishedAt, dependencyOnlyMinAgeDays) {
+    return now.getTime() - publishedAt.getTime() >= dependencyOnlyMinAgeDays * millisecondsPerDay;
+}
+function formatMinimumAgePendingLog(dependencyOnlyMinAgeDays) {
+    const intro = 'Skipping publish: dependency-only releases must age for at least';
+    return `${intro} ${dependencyOnlyMinAgeDays} day(s).`;
+}
+function formatMinimumAgeElapsedLog(dependencyOnlyMinAgeDays) {
+    const intro = 'Publishing is allowed because the dependency-only minimum age of';
+    return `${intro} ${dependencyOnlyMinAgeDays} day(s) has elapsed.`;
+}
+function createPolicyDecision(shouldPublish, reason, logs, policyLog) {
+    return {
+        shouldPublish,
+        reason,
+        logs: [...logs, policyLog]
+    };
+}
+export function applyPacktoryReleasePolicy(input) {
+    const logs = [...input.baseDecision.logs, ...buildReleaseAnalysisLogs(input.releaseAnalysis)];
+    if (input.releaseAnalysis.classification === releaseAnalysisClassification.unchanged) {
+        return createPolicyDecision(false, 'release_unchanged', logs, 'Skipping publish: the next Packtory release would be unchanged versus npm latest.');
+    }
+    if (input.releaseAnalysis.classification !== releaseAnalysisClassification.dependencyOnly) {
+        return {
+            ...input.baseDecision,
+            logs: [...logs, 'Publishing is allowed by the Packtory release policy.']
+        };
+    }
+    if (input.releaseAnalysis.mostRecentPublishedAt === undefined) {
+        return createPolicyDecision(true, 'dependency_only_published_at_unknown', logs, 'Publishing is allowed because this dependency-only release has no publishedAt baseline to delay from.');
+    }
+    if (!minAgeElapsed(input.now, input.releaseAnalysis.mostRecentPublishedAt, input.dependencyOnlyMinAgeDays)) {
+        return createPolicyDecision(false, 'dependency_only_min_age_not_elapsed', logs, formatMinimumAgePendingLog(input.dependencyOnlyMinAgeDays));
+    }
+    return createPolicyDecision(true, 'dependency_only_min_age_elapsed', logs, formatMinimumAgeElapsedLog(input.dependencyOnlyMinAgeDays));
+}
+//# sourceMappingURL=release-policy.js.map

package/github-release-gate/release-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"release-policy.js","sourceRoot":"","sources":["../../../../source/github-release-gate/release-policy.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,6BAA6B,EAAE,MAAM,iCAAiC,CAAC;AAoBhF,MAAM,kBAAkB,GAAG,UAAU,CAAC;AAEtC,SAAS,iBAAiB,CAAC,IAAsB;IAC7C,OAAO,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;AACjE,CAAC;AAED,SAAS,wBAAwB,CAAC,eAAgC;IAC9D,MAAM,IAAI,GAAG;QACT,2BAA2B,eAAe,CAAC,cAAc,EAAE;QAC3D,4CAA4C,iBAAiB,CAAC,eAAe,CAAC,qBAAqB,CAAC,EAAE;KACzG,CAAC;IAEF,KAAK,MAAM,QAAQ,IAAI,eAAe,CAAC,eAAe,EAAE,CAAC;QACrD,MAAM,UAAU,GACZ,WAAW,QAAQ,CAAC,IAAI,KAAK,QAAQ,CAAC,cAAc,EAAE;YACtD,WAAW,QAAQ,CAAC,sBAAsB,IAAI,eAAe,EAAE;YAC/D,gBAAgB,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACpE,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO,IAAI,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,GAAS,EAAE,WAAiB,EAAE,wBAAgC;IACjF,OAAO,GAAG,CAAC,OAAO,EAAE,GAAG,WAAW,CAAC,OAAO,EAAE,IAAI,wBAAwB,GAAG,kBAAkB,CAAC;AAClG,CAAC;AAED,SAAS,0BAA0B,CAAC,wBAAgC;IAChE,MAAM,KAAK,GAAG,kEAAkE,CAAC;IACjF,OAAO,GAAG,KAAK,IAAI,wBAAwB,UAAU,CAAC;AAC1D,CAAC;AAED,SAAS,0BAA0B,CAAC,wBAAgC;IAChE,MAAM,KAAK,GAAG,kEAAkE,CAAC;IACjF,OAAO,GAAG,KAAK,IAAI,wBAAwB,sBAAsB,CAAC;AACtE,CAAC;AAED,SAAS,oBAAoB,CACzB,aAAsB,EACtB,MAA4B,EAC5B,IAAuB,EACvB,SAAiB;IAEjB,OAAO;QACH,aAAa;QACb,MAAM;QACN,IAAI,EAAE,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;KAC7B,CAAC;AACN,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,KAAiC;IACxE,MAAM,IAAI,GAAG,CAAC,GAAG,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,GAAG,wBAAwB,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;IAE9F,IAAI,KAAK,CAAC,eAAe,CAAC,cAAc,KAAK,6BAA6B,CAAC,SAAS,EAAE,CAAC;QACnF,OAAO,oBAAoB,CACvB,KAAK,EACL,mBAAmB,EACnB,IAAI,EACJ,mFAAmF,CACtF,CAAC;IACN,CAAC;IAED,IAAI,KAAK,CAAC,eAAe,CAAC,cAAc,KAAK,6BAA6B,CAAC,cAAc,EAAE,CAAC;QACxF,OAAO;YACH,GAAG,KAAK,CAAC,YAAY;YACrB,IAAI,EAAE,CAAC,GAAG,IAAI,EAAE,uDAAuD,CAAC;SAC3E,CAAC;IACN,CAAC;IAED,IAAI,KAAK,CAAC,eAAe,CAAC,qBAAqB,KAAK,SAAS,EAAE,CAAC;QAC5D,OAAO,oBAAoB,CACvB,IAAI,EACJ,sCAAsC,EACtC,IAAI,EACJ,uGAAuG,CAC1G,CAAC;IACN,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,eAAe,CAAC,qBAAqB,EAAE,KAAK,CAAC,wBAAwB,CAAC,EAAE,CAAC;QACzG,OAAO,oBAAoB,CACvB,KAAK,EACL,qCAAqC,EACrC,IAAI,EACJ,0BAA0B,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAC7D,CAAC;IACN,CAAC;IAED,OAAO,oBAAoB,CACvB,IAAI,EACJ,iCAAiC,EACjC,IAAI,EACJ,0BAA0B,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAC7D,CAAC;AACN,CAAC"}

package/github-release-gate/runner-config.js

@@ -0,0 +1,58 @@
+const defaultDependencyOnlyMinAgeDays = 7;
+const defaultMaxLatencyHours = 24;
+const defaultQuietPeriodMinutes = 45;
+function defaultCiWorkflowFile() {
+    return 'ci.yml';
+}
+function defaultGitHubApiBaseUrl() {
+    return 'https://api.github.com';
+}
+function defaultMainBranch() {
+    return 'main';
+}
+function parseInteger(value, fallbackValue) {
+    return value === undefined ? fallbackValue : Number.parseInt(value, 10);
+}
+function getRequiredEnvironmentVariable(getEnvironmentVariable, variableName) {
+    const value = getEnvironmentVariable(variableName);
+    if (value === undefined) {
+        throw new Error(`Missing ${variableName} environment variable`);
+    }
+    return value;
+}
+export function readGitHubReleaseGateRunnerConfig(getEnvironmentVariable) {
+    return {
+        ciWorkflowFile: getEnvironmentVariable('CI_WORKFLOW_FILE') ?? defaultCiWorkflowFile(),
+        dependencyOnlyMinAgeDays: parseInteger(getEnvironmentVariable('DEPENDENCY_ONLY_MIN_AGE_DAYS'), defaultDependencyOnlyMinAgeDays),
+        defaultBranch: getEnvironmentVariable('DEFAULT_BRANCH') ?? defaultMainBranch(),
+        githubApiBaseUrl: getEnvironmentVariable('GITHUB_API_BASE_URL') ?? defaultGitHubApiBaseUrl(),
+        githubOutputPath: getRequiredEnvironmentVariable(getEnvironmentVariable, 'GITHUB_OUTPUT'),
+        maxLatencyHours: parseInteger(getEnvironmentVariable('MAX_LATENCY_HOURS'), defaultMaxLatencyHours),
+        quietPeriodMinutes: parseInteger(getEnvironmentVariable('QUIET_PERIOD_MINUTES'), defaultQuietPeriodMinutes),
+        repository: getRequiredEnvironmentVariable(getEnvironmentVariable, 'GITHUB_REPOSITORY'),
+        token: getRequiredEnvironmentVariable(getEnvironmentVariable, 'GITHUB_TOKEN')
+    };
+}
+function splitRepository(repository) {
+    const firstSlashIndex = repository.indexOf('/');
+    if (firstSlashIndex <= 0 ||
+        firstSlashIndex !== repository.lastIndexOf('/') ||
+        firstSlashIndex === repository.length - 1) {
+        throw new Error(`Invalid GITHUB_REPOSITORY value: ${repository}`);
+    }
+    return {
+        owner: repository.slice(0, firstSlashIndex),
+        repo: repository.slice(firstSlashIndex + 1)
+    };
+}
+export function createGitHubRepositoryContext(config) {
+    const repository = splitRepository(config.repository);
+    return {
+        apiBaseUrl: config.githubApiBaseUrl,
+        defaultBranch: config.defaultBranch,
+        owner: repository.owner,
+        repo: repository.repo,
+        token: config.token
+    };
+}
+//# sourceMappingURL=runner-config.js.map

package/github-release-gate/runner-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"runner-config.js","sourceRoot":"","sources":["../../../../source/github-release-gate/runner-config.ts"],"names":[],"mappings":"AAoBA,MAAM,+BAA+B,GAAG,CAAC,CAAC;AAC1C,MAAM,sBAAsB,GAAG,EAAE,CAAC;AAClC,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAErC,SAAS,qBAAqB;IAC1B,OAAO,QAAQ,CAAC;AACpB,CAAC;AAED,SAAS,uBAAuB;IAC5B,OAAO,wBAAwB,CAAC;AACpC,CAAC;AAED,SAAS,iBAAiB;IACtB,OAAO,MAAM,CAAC;AAClB,CAAC;AAED,SAAS,YAAY,CAAC,KAAyB,EAAE,aAAqB;IAClE,OAAO,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAC5E,CAAC;AAED,SAAS,8BAA8B,CACnC,sBAAoE,EACpE,YAAoB;IAEpB,MAAM,KAAK,GAAG,sBAAsB,CAAC,YAAY,CAAC,CAAC;IAEnD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,WAAW,YAAY,uBAAuB,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,KAAK,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,iCAAiC,CAC7C,sBAAoE;IAEpE,OAAO;QACH,cAAc,EAAE,sBAAsB,CAAC,kBAAkB,CAAC,IAAI,qBAAqB,EAAE;QACrF,wBAAwB,EAAE,YAAY,CAClC,sBAAsB,CAAC,8BAA8B,CAAC,EACtD,+BAA+B,CAClC;QACD,aAAa,EAAE,sBAAsB,CAAC,gBAAgB,CAAC,IAAI,iBAAiB,EAAE;QAC9E,gBAAgB,EAAE,sBAAsB,CAAC,qBAAqB,CAAC,IAAI,uBAAuB,EAAE;QAC5F,gBAAgB,EAAE,8BAA8B,CAAC,sBAAsB,EAAE,eAAe,CAAC;QACzF,eAAe,EAAE,YAAY,CAAC,sBAAsB,CAAC,mBAAmB,CAAC,EAAE,sBAAsB,CAAC;QAClG,kBAAkB,EAAE,YAAY,CAAC,sBAAsB,CAAC,sBAAsB,CAAC,EAAE,yBAAyB,CAAC;QAC3G,UAAU,EAAE,8BAA8B,CAAC,sBAAsB,EAAE,mBAAmB,CAAC;QACvF,KAAK,EAAE,8BAA8B,CAAC,sBAAsB,EAAE,cAAc,CAAC;KAChF,CAAC;AACN,CAAC;AAED,SAAS,eAAe,CAAC,UAAkB;IACvC,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAEhD,IACI,eAAe,IAAI,CAAC;QACpB,eAAe,KAAK,UAAU,CAAC,WAAW,CAAC,GAAG,CAAC;QAC/C,eAAe,KAAK,UAAU,CAAC,MAAM,GAAG,CAAC,EAC3C,CAAC;QACC,MAAM,IAAI,KAAK,CAAC,oCAAoC,UAAU,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,OAAO;QACH,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC;QAC3C,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC,eAAe,GAAG,CAAC,CAAC;KAC9C,CAAC;AACN,CAAC;AAED,MAAM,UAAU,6BAA6B,CACzC,MAA+C;IAE/C,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAEtD,OAAO;QACH,UAAU,EAAE,MAAM,CAAC,gBAAgB;QACnC,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,KAAK,EAAE,UAAU,CAAC,KAAK;QACvB,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,KAAK,EAAE,MAAM,CAAC,KAAK;KACtB,CAAC;AACN,CAAC"}

package/package.json

@@ -1,7 +1,46 @@
 {
-  "name": "@packtory/github-release-gate",
-  "version": "0.0.1",
-  "description": "Placeholder claiming the npm package name \"@packtory/github-release-gate\" so a trusted publisher can be configured. See https://github.com/npm/cli/issues/8544.",
-  "license": "MIT",
-  "deprecated": "Placeholder published as a workaround so a Trusted Publisher could be configured. See https://github.com/npm/cli/issues/8544."
-}
+    "author": "Mathias Schreck <schreck.mathias@gmail.com>",
+    "bin": {
+        "github-release-gate": "./packages/github-release-gate/github-release-gate.entry-point.js"
+    },
+    "contributors": [
+        "Christian Rackerseder <github@echooff.de>"
+    ],
+    "dependencies": {
+        "@octokit/core": "7.0.6",
+        "@octokit/plugin-paginate-rest": "14.0.0",
+        "@octokit/plugin-rest-endpoint-methods": "17.0.0",
+        "packtory": "0.0.30",
+        "remeda": "2.37.0"
+    },
+    "description": "GitHub Actions release gate that batches packtory publishes by waiting for repository activity to settle.",
+    "engines": {
+        "node": "^24 || ^26"
+    },
+    "exports": {
+        "./package.json": "./package.json"
+    },
+    "keywords": [
+        "bundler",
+        "bundling",
+        "modules",
+        "monorepo",
+        "npm",
+        "package",
+        "packaging",
+        "publish",
+        "publishing",
+        "versioning"
+    ],
+    "license": "MIT",
+    "name": "@packtory/github-release-gate",
+    "repository": {
+        "type": "git",
+        "url": "git+ssh://git@github.com/enormora/packtory.git"
+    },
+    "sideEffects": [
+        "./packages/github-release-gate/github-release-gate.entry-point.js"
+    ],
+    "type": "module",
+    "version": "0.0.3"
+}

package/packages/github-release-gate/github-release-gate.entry-point.js

@@ -0,0 +1,71 @@
+#!/usr/bin/env node
+var __rewriteRelativeImportExtension = (this && this.__rewriteRelativeImportExtension) || function (path, preserveJsx) {
+    if (typeof path === "string" && /^\.\.?\//.test(path)) {
+        return path.replace(/\.(tsx)$|((?:\.d)?)((?:\.[^./]+?)?)\.([cm]?)ts$/i, function (m, tsx, d, ext, cm) {
+            return tsx ? preserveJsx ? ".jsx" : ".js" : d && (!ext || !cm) ? m : (d + ext + "." + cm.toLowerCase() + "js");
+        });
+    }
+    return path;
+};
+import fs from 'node:fs';
+import path from 'node:path';
+import { hasProp, isPlainObject } from 'remeda';
+import { createFileManager } from "packtory/file-manager/file-manager.js";
+import { runGitHubReleaseGate } from "../../github-release-gate/cli-runner.js";
+function getEnvironmentVariable(variableName) {
+    const value = process.env[variableName];
+    return value === undefined || value.length === 0 ? undefined : value;
+}
+function isFunction(value) {
+    return typeof value === 'function';
+}
+function unwrapConfigModule(module) {
+    if (hasProp(module, 'config')) {
+        return module.config;
+    }
+    if (hasProp(module, 'buildConfig')) {
+        const { buildConfig } = module;
+        if (isFunction(buildConfig)) {
+            return buildConfig();
+        }
+        throw new Error('Named export of "buildConfig" config file is not a function');
+    }
+    throw new Error('Config file doesn’t have a named export "config" nor "buildConfig"');
+}
+async function loadPacktoryConfigFromCwd() {
+    const configFilePath = path.join(process.cwd(), 'packtory.config.js');
+    const module = await import(__rewriteRelativeImportExtension(configFilePath));
+    if (!isPlainObject(module)) {
+        throw new Error('Invalid config file');
+    }
+    return unwrapConfigModule(module);
+}
+function createDependencies() {
+    return {
+        analyzeReleaseAgainstLatestPublished: async (config) => {
+            const packtory = await import("packtory");
+            return packtory.analyzeReleaseAgainstLatestPublished(config);
+        },
+        fetch: globalThis.fetch,
+        fileManager: createFileManager({ hostFileSystem: fs.promises }),
+        getEnvironmentVariable,
+        loadPacktoryConfig: loadPacktoryConfigFromCwd,
+        now: () => {
+            return new Date();
+        },
+        stdoutWrite: (message) => {
+            process.stdout.write(`${message}\n`);
+        }
+    };
+}
+process.exitCode = await (async () => {
+    try {
+        await runGitHubReleaseGate(createDependencies());
+        return 0;
+    }
+    catch (error) {
+        process.stderr.write(`${error instanceof Error ? error.message : String(error)}\n`);
+        return 1;
+    }
+})();
+//# sourceMappingURL=github-release-gate.entry-point.js.map

package/packages/github-release-gate/github-release-gate.entry-point.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"github-release-gate.entry-point.js","sourceRoot":"","sources":["../../../../../source/packages/github-release-gate/github-release-gate.entry-point.ts"],"names":[],"mappings":";;;;;;;;;AAEA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAEvE,OAAO,EACH,oBAAoB,EAEvB,MAAM,yCAAyC,CAAC;AAEjD,SAAS,sBAAsB,CAAC,YAAoB;IAChD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACxC,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC;AACzE,CAAC;AAED,SAAS,UAAU,CAAC,KAAc;IAC9B,OAAO,OAAO,KAAK,KAAK,UAAU,CAAC;AACvC,CAAC;AAED,SAAS,kBAAkB,CAAC,MAA8C;IACtE,IAAI,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC;QAC5B,OAAO,MAAM,CAAC,MAAM,CAAC;IACzB,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,EAAE,aAAa,CAAC,EAAE,CAAC;QACjC,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,CAAC;QAC/B,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC1B,OAAO,WAAW,EAAE,CAAC;QACzB,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;IACnF,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;AAC1F,CAAC;AAED,KAAK,UAAU,yBAAyB;IACpC,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;IACtE,MAAM,MAAM,GAAY,MAAM,MAAM,kCAAC,cAAc,EAAC,CAAC;IAErD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,kBAAkB,CAAC,MAAM,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,kBAAkB;IACvB,OAAO;QACH,oCAAoC,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE;YACnD,MAAM,QAAQ,GAA8B,MAAM,MAAM,CAAC,qCAAqC,CAAC,CAAC;YAChG,OAAO,QAAQ,CAAC,oCAAoC,CAAC,MAAM,CAAC,CAAC;QACjE,CAAC;QACD,KAAK,EAAE,UAAU,CAAC,KAAK;QACvB,WAAW,EAAE,iBAAiB,CAAC,EAAE,cAAc,EAAE,EAAE,CAAC,QAAQ,EAAE,CAAC;QAC/D,sBAAsB;QACtB,kBAAkB,EAAE,yBAAyB;QAC7C,GAAG,EAAE,GAAG,EAAE;YACN,OAAO,IAAI,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,WAAW,EAAE,CAAC,OAAO,EAAE,EAAE;YACrB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,IAAI,CAAC,CAAC;QACzC,CAAC;KACJ,CAAC;AACN,CAAC;AAED,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE;IACjC,IAAI,CAAC;QACD,MAAM,oBAAoB,CAAC,kBAAkB,EAAE,CAAC,CAAC;QAEjD,OAAO,CAAC,CAAC;IACb,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACpF,OAAO,CAAC,CAAC;IACb,CAAC;AACL,CAAC,CAAC,EAAE,CAAC"}

package/readme.md

@@ -1,7 +1,119 @@
 # @packtory/github-release-gate
 
-This version is a placeholder published only to claim the npm name `@packtory/github-release-gate` so a Trusted Publisher
-can subsequently be configured for it. It contains no real package content and is published already
-deprecated.
+**GitHub Actions release gate for batching publishes without manual approval**
 
-Workaround context: https://github.com/npm/cli/issues/8544
+This package evaluates whether a repository is quiet enough to publish from `main`. It is designed for GitHub Actions workflows that want to batch human and bot changes without blocking forever on draft PRs, failing PRs, or long-lived PRs.
+
+## Motivation
+
+A publish workflow usually wants two things that pull in opposite directions:
+
+- avoid spamming releases when several changes land close together
+- avoid making a human change wait for a coarse scheduled release window
+
+Publishing on every successful merge solves the second problem, but creates too many releases during bursts of activity. That is especially visible with bot-driven update trains such as Renovate, but it can also happen with a sequence of human PRs landing within a short period.
+
+On the other hand, a simple scheduled release, such as "publish every hour" or "publish every night", solves the release-spam problem by batching everything together, but it also delays legitimate changes even when the repository has already become stable enough to publish.
+
+This tool aims to sit between those extremes. It tries to find a practical balance:
+
+- wait a little while after relevant repository activity so nearby changes can naturally batch together
+- do not wait forever if activity keeps happening
+- only allow publishing from a `main` commit that has already passed CI
+- slow-roll low-signal dependency-only releases without delaying substantive changes the same way
+
+The result is a release gate that is more selective than "publish on every merge", but much more responsive than a coarse scheduled release cadence.
+
+## Detailed Concept
+
+The gate has two layers:
+
+- a GitHub activity gate
+- a Packtory release-content policy
+
+The GitHub activity gate is based on two timing signals:
+
+- `quiet period`: how long the repository should stay quiet before a publish is allowed
+- `max latency`: how long a green `main` commit may wait before a publish is forced
+
+It then evaluates the current repository state using the following rules:
+
+- Require a successful CI run for the current `main` HEAD.
+- Treat pushes to open PR branches as release-relevant activity, including PRs from forks.
+- Delay publishing until activity has been stale for a configurable quiet period.
+- Force publication once a configurable maximum latency has elapsed since the current `main` HEAD first went green.
+- Once the GitHub gate opens, analyze the pending Packtory release against npm `latest`.
+- If the release is unchanged, skip publishing.
+- If the release is substantive or a first publish, publish immediately.
+- If the release is dependency-only, require an additional minimum age since the most recent published package version.
+
+More concretely:
+
+1. Resolve the current `main` HEAD SHA.
+2. Look up the latest successful CI run for that exact SHA.
+3. Inspect all open PRs targeting the default branch.
+4. For each PR, derive its latest relevant branch activity from the PR timeline.
+5. Compute the latest relevant activity timestamp across:
+    - the successful CI completion time for `main` HEAD
+    - all open PR branch activity timestamps
+6. Open the GitHub activity gate if either condition is true:
+    - the quiet period has elapsed since the latest relevant activity
+    - the max latency has elapsed since `main` HEAD first went green
+7. Run Packtory release analysis against npm `latest`.
+8. Apply the release-content policy:
+    - `unchanged`: skip
+    - `substantive`: publish
+    - `first-publish`: publish
+    - `dependency-only`: publish only after `DEPENDENCY_ONLY_MIN_AGE_DAYS`
+
+This means:
+
+- a burst of nearby merges tends to collapse into a single later publish
+- active PR pushes keep the gate closed for a while, so more changes can batch together
+- a repository that never fully settles will still publish eventually once max latency is reached
+- stale draft PRs, failing PRs, or intentionally long-lived PRs do not need special-case state handling, because the signal is branch activity, not PR labels or mergeability
+- dependency-only churn can be intentionally delayed without delaying substantive source releases by the same amount
+
+## Decision Outputs
+
+- `should_publish=true|false`
+- `reason=ci_not_green|activity_not_stale|quiet_period_elapsed|max_latency_elapsed|release_unchanged|dependency_only_min_age_not_elapsed|dependency_only_min_age_elapsed|dependency_only_published_at_unknown`
+- `main_head_sha=<sha>`
+
+When run inside GitHub Actions, the tool writes these values to `$GITHUB_OUTPUT`.
+
+## Installation
+
+```bash
+npm install -D @packtory/github-release-gate
+```
+
+The package ships a `github-release-gate` executable that writes its decision to `$GITHUB_OUTPUT` when invoked from a GitHub Actions step.
+
+## Usage in a Workflow
+
+```yaml
+- name: Install release gate
+  run: npm install -D --ignore-scripts @packtory/github-release-gate
+- name: Evaluate GitHub release gate
+  id: release-gate
+  run: npx github-release-gate
+  env:
+      CI_WORKFLOW_FILE: ci.yml
+      DEFAULT_BRANCH: main
+      DEPENDENCY_ONLY_MIN_AGE_DAYS: '7'
+      GITHUB_TOKEN: ${{ github.token }}
+      MAX_LATENCY_HOURS: '24'
+      QUIET_PERIOD_MINUTES: '45'
+```
+
+## Environment Variables
+
+- `GITHUB_TOKEN` and `GITHUB_REPOSITORY` are required.
+- `GITHUB_OUTPUT` is required when used as a GitHub Actions step.
+- `CI_WORKFLOW_FILE` defaults to `ci.yml`.
+- `DEFAULT_BRANCH` defaults to `main`.
+- `GITHUB_API_BASE_URL` defaults to `https://api.github.com`.
+- `DEPENDENCY_ONLY_MIN_AGE_DAYS` defaults to `7`.
+- `QUIET_PERIOD_MINUTES` defaults to `45`.
+- `MAX_LATENCY_HOURS` defaults to `24`.

package/sbom.cdx.json

@@ -0,0 +1,118 @@
+{
+    "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+    "bomFormat": "CycloneDX",
+    "specVersion": "1.6",
+    "version": 1,
+    "metadata": {
+        "tools": {
+            "components": [
+                {
+                    "type": "application",
+                    "name": "packtory",
+                    "version": "0.0.29"
+                }
+            ]
+        },
+        "component": {
+            "type": "library",
+            "name": "@packtory/github-release-gate",
+            "version": "0.0.3",
+            "bom-ref": "pkg:npm/@packtory/github-release-gate@0.0.3",
+            "purl": "pkg:npm/@packtory/github-release-gate@0.0.3"
+        }
+    },
+    "components": [
+        {
+            "type": "library",
+            "name": "@octokit/core",
+            "version": "7.0.6",
+            "bom-ref": "pkg:npm/@octokit/core@7.0.6",
+            "scope": "required",
+            "licenses": [
+                {
+                    "expression": "MIT"
+                }
+            ],
+            "purl": "pkg:npm/@octokit/core@7.0.6"
+        },
+        {
+            "type": "library",
+            "name": "@octokit/plugin-paginate-rest",
+            "version": "14.0.0",
+            "bom-ref": "pkg:npm/@octokit/plugin-paginate-rest@14.0.0",
+            "scope": "required",
+            "licenses": [
+                {
+                    "expression": "MIT"
+                }
+            ],
+            "purl": "pkg:npm/@octokit/plugin-paginate-rest@14.0.0"
+        },
+        {
+            "type": "library",
+            "name": "@octokit/plugin-rest-endpoint-methods",
+            "version": "17.0.0",
+            "bom-ref": "pkg:npm/@octokit/plugin-rest-endpoint-methods@17.0.0",
+            "scope": "required",
+            "licenses": [
+                {
+                    "expression": "MIT"
+                }
+            ],
+            "purl": "pkg:npm/@octokit/plugin-rest-endpoint-methods@17.0.0"
+        },
+        {
+            "type": "library",
+            "name": "packtory",
+            "version": "0.0.30",
+            "bom-ref": "pkg:npm/packtory@0.0.30",
+            "scope": "required",
+            "licenses": [
+                {
+                    "expression": "MIT"
+                }
+            ],
+            "purl": "pkg:npm/packtory@0.0.30"
+        },
+        {
+            "type": "library",
+            "name": "remeda",
+            "version": "2.37.0",
+            "bom-ref": "pkg:npm/remeda@2.37.0",
+            "scope": "required",
+            "licenses": [
+                {
+                    "expression": "MIT"
+                }
+            ],
+            "purl": "pkg:npm/remeda@2.37.0"
+        }
+    ],
+    "dependencies": [
+        {
+            "ref": "pkg:npm/@octokit/core@7.0.6"
+        },
+        {
+            "ref": "pkg:npm/@octokit/plugin-paginate-rest@14.0.0"
+        },
+        {
+            "ref": "pkg:npm/@octokit/plugin-rest-endpoint-methods@17.0.0"
+        },
+        {
+            "ref": "pkg:npm/@packtory/github-release-gate@0.0.3",
+            "dependsOn": [
+                "pkg:npm/@octokit/core@7.0.6",
+                "pkg:npm/@octokit/plugin-paginate-rest@14.0.0",
+                "pkg:npm/@octokit/plugin-rest-endpoint-methods@17.0.0",
+                "pkg:npm/packtory@0.0.30",
+                "pkg:npm/remeda@2.37.0"
+            ]
+        },
+        {
+            "ref": "pkg:npm/packtory@0.0.30"
+        },
+        {
+            "ref": "pkg:npm/remeda@2.37.0"
+        }
+    ]
+}