npm - bulk-release - Versions diffs - 2.18.0 → 2.18.2 - Mend

bulk-release 2.18.0 → 2.18.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CHANGELOG.md +10 -0
package/README.md +1 -1
package/package.json +1 -1
package/src/main/js/api/git.js +3 -0
package/src/main/js/processor/release.js +16 -1
package/src/main/js/steps/contextify.js +122 -18
package/src/main/js/steps/publish.js +4 -6

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,13 @@
+## [2.18.2](https://github.com/semrel-extra/zx-bulk-release/compare/v2.18.1...v2.18.2) (2026-04-05)
+### Fixes & improvements
+* fix: enhance recovery ([2bb5c4d](https://github.com/semrel-extra/zx-bulk-release/commit/2bb5c4dbd9ccf9a54ecc26065f5693517b815472))
+## [2.18.1](https://github.com/semrel-extra/zx-bulk-release/compare/v2.18.0...v2.18.1) (2026-04-05)
+### Fixes & improvements
+* fix: enhance rollback ([3338298](https://github.com/semrel-extra/zx-bulk-release/commit/3338298a0f7685b809e7ac1daae43c6d02a19557))
 ## [2.18.0](https://github.com/semrel-extra/zx-bulk-release/compare/v2.17.0...v2.18.0) (2026-04-05)
 ### Features

package/README.md CHANGED Viewed

@@ -50,7 +50,7 @@ GH_TOKEN=ghtoken GH_USER=username NPM_TOKEN=npmtoken npx zx-bulk-release [opts]
 | `--dry-run` / `--no-publish` | Disable any publish logic                                                                                                 |                  |
 | `--report`                   | Persist release state to file                                                                                             |                  |
 | `--snapshot`                 | Disable any publishing steps except of `npm` and `publishCmd` (if defined), then  push packages to the `snapshot` channel |                  |
-| `--recover`                  | Remove orphan git tags (tag pushed but npm publish failed) and retry release                                               |                  |
+| `--recover`                  | Remove orphan git tags (tag exists but npm publish failed) and exit. Re-run without this flag to release.                  |                  |
 | `--debug`                    | Enable [zx](https://github.com/google/zx#verbose) verbose mode                                                            |                  |
 | `--version` / `-v`           | Print own version                                                                                                         |                  |

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "bulk-release",
   "alias": "bulk-release",
-  "version": "2.18.0",
+  "version": "2.18.2",
   "description": "zx-based alternative for multi-semantic-release",
   "type": "module",
   "exports": {

package/src/main/js/api/git.js CHANGED Viewed

@@ -115,6 +115,9 @@ export const pushTag = async ({cwd, tag, gitCommitterName, gitCommitterEmail}) =
     git push origin ${tag}`
 }
+export const fetchTags = async (cwd) =>
+  $({cwd})`git fetch --tags`
 export const deleteRemoteTag = async ({cwd, tag}) => {
   log()(`rolling back remote tag '${tag}'`)
   await $({cwd, nothrow: true})`git push origin :refs/tags/${tag}`

package/src/main/js/processor/release.js CHANGED Viewed

@@ -5,7 +5,8 @@ import {queuefy} from 'queuefy'
 import {topo, traverseQueue} from './deps.js'
 import {createReport} from '../log.js'
 import {exec} from './exec.js'
-import {contextify} from '../steps/contextify.js'
+import {contextify, recover} from '../steps/contextify.js'
+import {fetchTags} from '../api/git.js'
 import {analyze} from '../steps/analyze.js'
 import {build} from '../steps/build.js'
 import {publish} from '../steps/publish.js'
@@ -28,6 +29,20 @@ export const run = async ({cwd = process.cwd(), env, flags = {}} = {}) => within
     .log()('queue:', queue)
     .log()('graphs', graphs)
+  // --recover: standalone mode — clean orphan tags and exit.
+  // Run the full pipeline again after this to rebuild and publish affected packages.
+  if (flags.recover) {
+    await fetchTags(cwd)
+    let recovered = 0
+    for (const name of queue) {
+      const pkg = packages[name]
+      await contextify(pkg, context)
+      if (await recover(pkg)) recovered++
+    }
+    report.log()(`recover: cleaned ${recovered} orphan tag(s)`)
+    return
+  }
   try {
     await traverseQueue({queue, prev, async cb(name) {
       report.setStatus('analyzing', name)

package/src/main/js/steps/contextify.js CHANGED Viewed

@@ -1,19 +1,14 @@
 import {getPkgConfig} from '../config.js'
-import {getLatest} from '../processor/meta.js'
-import {getRoot, getSha, deleteRemoteTag} from '../api/git.js'
+import {getLatest, getArtifactPath} from '../processor/meta.js'
+import {getRoot, getSha, getRepo, deleteRemoteTag, fetchRepo, pushCommit} from '../api/git.js'
 import {fetchManifest} from '../api/npm.js'
 import {log} from '../log.js'
-import {$} from 'zx-extra'
+import {$, fs, path, fetch} from 'zx-extra'
 // Inspired by https://docs.github.com/en/actions/learn-github-actions/contexts
 export const contextify = async (pkg, {packages, root, flags, env}) => {
   pkg.config = await getPkgConfig([pkg.absPath, root.absPath], env)
   pkg.latest = await getLatest(pkg)
-  if (flags.recover && pkg.latest.tag) {
-    await recover(pkg)
-  }
   pkg.context = {
     git: {
       sha: await getSha(pkg.absPath),
@@ -25,24 +20,133 @@ export const contextify = async (pkg, {packages, root, flags, env}) => {
   }
 }
-// Verify that the latest tagged version actually exists on npm.
-// If not (tag was pushed but npm publish failed), delete the orphan tag
-// so the next analyze phase can re-detect changes and retry the release.
-const recover = async (pkg) => {
+// Rollback a release that failed mid-publish (called inline from publish.js).
+// Unlike `recover`, this uses the current release tag (pkg.context.git.tag)
+// and skips the npm existence check — we already know the release failed.
+export const rollbackRelease = async (pkg) => {
+  const tag = pkg.context.git.tag
+  if (!tag) return
+  const cwd = pkg.context.git.root
+  const {ghBasicAuth: basicAuth, ghToken, gitCommitterName, gitCommitterEmail} = pkg.config
+  const {repoName} = await getRepo(cwd, {basicAuth})
+  log({pkg})(`rollback: cleaning up failed release for tag '${tag}'`)
+  // 1. Delete GitHub release
+  if (ghToken) {
+    try {
+      const res = await fetch(`https://api.github.com/repos/${repoName}/releases/tags/${tag}`, {
+        headers: {Authorization: `token ${ghToken}`, 'X-GitHub-Api-Version': '2022-11-28'}
+      })
+      if (res.ok) {
+        const {id} = await res.json()
+        await fetch(`https://api.github.com/repos/${repoName}/releases/${id}`, {
+          method: 'DELETE',
+          headers: {Authorization: `token ${ghToken}`, 'X-GitHub-Api-Version': '2022-11-28'}
+        })
+        log({pkg})(`rollback: deleted gh release for '${tag}'`)
+      }
+    } catch (e) {
+      log({pkg, level: 'warn'})('rollback: failed to delete gh release', e)
+    }
+  }
+  // 2. Remove meta entry from meta branch
+  try {
+    const metaBranch = 'meta'
+    const metaCwd = await fetchRepo({cwd, branch: metaBranch, basicAuth})
+    const artifactPath = getArtifactPath(tag)
+    const candidates = [
+      path.resolve(metaCwd, `${artifactPath}.json`),
+      path.resolve(metaCwd, artifactPath)
+    ]
+    let removed = false
+    for (const p of candidates) {
+      if (fs.existsSync(p)) {
+        await fs.remove(p)
+        removed = true
+      }
+    }
+    if (removed) {
+      await pushCommit({cwd, branch: metaBranch, msg: `chore: rollback ${pkg.name} ${pkg.version}`, gitCommitterName, gitCommitterEmail, basicAuth})
+      log({pkg})(`rollback: removed meta for '${tag}'`)
+    }
+  } catch (e) {
+    log({pkg, level: 'warn'})('rollback: failed to clean meta branch', e)
+  }
+  // 3. Delete git tag
+  await deleteRemoteTag({cwd, tag})
+}
+// Rollback a partially failed release: delete orphan tag, meta, changelog, gh release.
+export const recover = async (pkg) => {
   const needsNpm = !pkg.manifest.private && pkg.config.npmPublish !== false
-  if (!needsNpm) return
+  if (!needsNpm) return false
   const {tag} = pkg.latest
+  if (!tag) return false
   const manifest = await fetchManifest({
     name: pkg.name,
     version: tag.version,
     config: pkg.config,
   }, {nothrow: true})
-  if (!manifest) {
-    const cwd = await getRoot(pkg.absPath)
-    log({pkg})(`recover: tag '${tag.ref}' exists but ${pkg.name}@${tag.version} not found on npm, removing orphan tag`)
-    await deleteRemoteTag({cwd, tag: tag.ref})
-    pkg.latest = await getLatest(pkg)
+  if (manifest) return false
+  const cwd = await getRoot(pkg.absPath)
+  const {ghBasicAuth: basicAuth, ghToken, gitCommitterName, gitCommitterEmail} = pkg.config
+  const {repoName} = await getRepo(cwd, {basicAuth})
+  log({pkg})(`recover: tag '${tag.ref}' exists but ${pkg.name}@${tag.version} not found on npm, rolling back failed release`)
+  // 1. Delete GitHub release (also removes attached meta assets)
+  if (ghToken) {
+    try {
+      const res = await fetch(`https://api.github.com/repos/${repoName}/releases/tags/${tag.ref}`, {
+        headers: {Authorization: `token ${ghToken}`, 'X-GitHub-Api-Version': '2022-11-28'}
+      })
+      if (res.ok) {
+        const {id} = await res.json()
+        await fetch(`https://api.github.com/repos/${repoName}/releases/${id}`, {
+          method: 'DELETE',
+          headers: {Authorization: `token ${ghToken}`, 'X-GitHub-Api-Version': '2022-11-28'}
+        })
+        log({pkg})(`recover: deleted gh release for '${tag.ref}'`)
+      }
+    } catch (e) {
+      log({pkg, level: 'warn'})('recover: failed to delete gh release', e)
+    }
+  }
+  // 2. Remove meta entry from meta branch
+  try {
+    const metaBranch = 'meta'
+    const metaCwd = await fetchRepo({cwd, branch: metaBranch, basicAuth})
+    const artifactPath = getArtifactPath(tag.ref)
+    const candidates = [
+      path.resolve(metaCwd, `${artifactPath}.json`),
+      path.resolve(metaCwd, artifactPath)
+    ]
+    let removed = false
+    for (const p of candidates) {
+      if (fs.existsSync(p)) {
+        await fs.remove(p)
+        removed = true
+      }
+    }
+    if (removed) {
+      await pushCommit({cwd, branch: metaBranch, msg: `chore: recover ${pkg.name} ${tag.version}`, gitCommitterName, gitCommitterEmail, basicAuth})
+      log({pkg})(`recover: removed meta for '${tag.ref}'`)
+    }
+  } catch (e) {
+    log({pkg, level: 'warn'})('recover: failed to clean meta branch', e)
   }
+  // 3. Delete orphan git tag
+  await deleteRemoteTag({cwd, tag: tag.ref})
+  return true
 }

package/src/main/js/steps/publish.js CHANGED Viewed

@@ -5,7 +5,7 @@ import {npmPersist, npmPublish} from '../api/npm.js'
 import {prepareMeta, pushMeta, pushReleaseTag} from '../processor/meta.js'
 import {pushChangelog} from '../api/changelog.js'
 import {ghPages, ghRelease} from '../api/gh.js'
-import {deleteRemoteTag} from '../api/git.js'
+import {rollbackRelease} from './contextify.js'
 export const publish = memoizeBy(async (pkg, run = exec) => within(async () => {
   $.scope = pkg.name
@@ -34,13 +34,11 @@ export const publish = memoizeBy(async (pkg, run = exec) => within(async () => {
         run(pkg, 'publishCmd')
       ])
     } catch (e) {
-      // Rollback the tag only for npm-published packages so the next run can retry.
+      // Rollback the entire failed release for npm-published packages.
       // Git-tag-only packages (private or npmPublish: false) keep their tag — it IS the release.
       const needsNpm = !pkg.manifest.private && pkg.config.npmPublish !== false
-      const cwd = pkg.context.git.root
-      const tag = pkg.context.git.tag
-      if (tag && needsNpm) {
-        await deleteRemoteTag({cwd, tag})
+      if (needsNpm) {
+        await rollbackRelease(pkg)
       }
       throw e
     }