start using release-plan

.github/workflows/ci-build.yml

@@ -5,10 +5,6 @@ on:
     branches:
       - master
       - main
-      - release*
-      - 'v*'
-    tags:
-      - '*'
   pull_request:
   schedule:
     - cron: '0 3 * * *' # daily, at 3am
@@ -83,39 +79,3 @@ jobs:
       - name: test
         run: pnpm ember try:one ${{ matrix.ember-try-scenario }} --skip-cleanup
         working-directory: ./test-app/
-
-  publish:
-    name: Publish to npm
-    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Install node
-        uses: volta-cli/action@v4
-        with:
-          node-version: 16.x
-          registry-url: 'https://registry.npmjs.org'
-
-      - uses: actions/cache@v3
-        id: npm-cache
-        with:
-          path: '**/node_modules'
-          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-npm-
-
-      - name: install dependencies
-        if: steps.npm-cache.outputs.cache-hit != 'true'
-        run: npm ci
-
-      - name: auto-dist-tag
-        run: npx auto-dist-tag --write
-        working-directory: './addon/'
-
-      - name: publish to npm
-        run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH }}
-        working-directory: './addon/'

.github/workflows/plan-release.yml

@@ -0,0 +1,61 @@
+name: Plan Release
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - master
+  pull_request_target: # This workflow has permissions on the repo, do NOT run code from PRs in this workflow. See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+    types:
+      - labeled
+      - unlabeled
+
+concurrency:
+  group: plan-release # only the latest one of these should ever be running
+  cancel-in-progress: true
+
+jobs:
+  should-run-release-plan-prepare:
+    name: Should we run release-plan prepare?
+    runs-on: ubuntu-latest
+    outputs:
+      should-prepare: ${{ steps.should-prepare.outputs.should-prepare }}
+    steps:
+      - uses: release-plan/actions/should-prepare-release@v1
+        with:
+          ref: 'main'
+        id: should-prepare
+
+  create-prepare-release-pr:
+    name: Create Prepare Release PR
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    needs: should-run-release-plan-prepare
+    permissions:
+      contents: write
+      issues: read
+      pull-requests: write
+    if: needs.should-run-release-plan-prepare.outputs.should-prepare == 'true'
+    steps:
+      - uses: release-plan/actions/prepare@v1
+        name: Run release-plan prepare
+        with:
+          ref: 'main'
+        env:
+          GITHUB_AUTH: ${{ secrets.GITHUB_TOKEN }}
+        id: explanation
+
+      - uses: peter-evans/create-pull-request@v8
+        name: Create Prepare Release PR
+        with:
+          commit-message: "Prepare Release ${{ steps.explanation.outputs.new-version}} using 'release-plan'"
+          labels: "internal"
+          sign-commits: true
+          branch: release-preview
+          title: Prepare Release ${{ steps.explanation.outputs.new-version }}
+          body: |
+            This PR is a preview of the release that [release-plan](https://github.com/embroider-build/release-plan) has prepared. To release you should just merge this PR 👍
+
+            -----------------------------------------
+
+            ${{ steps.explanation.outputs.text }}

.github/workflows/publish.yml

@@ -0,0 +1,41 @@
+# For every push to the primary branch with .release-plan.json modified,
+# runs release-plan.
+
+name: Publish Stable
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - master
+    paths:
+      - '.release-plan.json'
+
+concurrency:
+  group: publish-${{ github.head_ref || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  publish:
+    name: "NPM Publish"
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+      attestations: write
+
+    steps:
+      - uses: actions/checkout@v6
+      - uses: pnpm/action-setup@v4
+      - uses: actions/setup-node@v6
+        with:
+          node-version: 22
+          registry-url: 'https://registry.npmjs.org'
+          cache: pnpm
+      - run: npm install -g npm@latest # ensure that the globally installed npm is new enough to support OIDC
+      - run: pnpm install --frozen-lockfile
+      - name: Publish to NPM
+        run: NPM_CONFIG_PROVENANCE=true pnpm release-plan publish
+        env:
+          GITHUB_AUTH: ${{ secrets.GITHUB_TOKEN }}

CHANGELOG.md

@@ -1,3 +1,5 @@
+# Changelog
+
 
 
 

RELEASE.md

@@ -1,67 +1,27 @@
-# Release
-
-Releases are mostly automated using
-[release-it](https://github.com/release-it/release-it/) and
-[lerna-changelog](https://github.com/lerna/lerna-changelog/).
+# Release Process
 
+Releases in this repo are mostly automated using [release-plan](https://github.com/embroider-build/release-plan/). Once you label all your PRs correctly (see below) you will have an automatically generated PR that updates your CHANGELOG.md file and a `.release-plan.json` that is used to prepare the release once the PR is merged.
 
 ## Preparation
 
-Since the majority of the actual release process is automated, the primary
-remaining task prior to releasing is confirming that all pull requests that
-have been merged since the last release have been labeled with the appropriate
-`lerna-changelog` labels and the titles have been updated to ensure they
-represent something that would make sense to our users. Some great information
-on why this is important can be found at
-[keepachangelog.com](https://keepachangelog.com/en/1.0.0/), but the overall
+Since the majority of the actual release process is automated, the remaining tasks before releasing are:
+
+- correctly labeling **all** pull requests that have been merged since the last release
+- updating pull request titles so they make sense to our users
+
+Some great information on why this is important can be found at [keepachangelog.com](https://keepachangelog.com/en/1.1.0/), but the overall
 guiding principle here is that changelogs are for humans, not machines.
 
 When reviewing merged PR's the labels to be used are:
 
-* breaking - Used when the PR is considered a breaking change.
-* enhancement - Used when the PR adds a new feature or enhancement.
-* bug - Used when the PR fixes a bug included in a previous release.
-* documentation - Used when the PR adds or updates documentation.
-* internal - Used for internal changes that still require a mention in the
-  changelog/release notes.
+- breaking - Used when the PR is considered a breaking change.
+- enhancement - Used when the PR adds a new feature or enhancement.
+- bug - Used when the PR fixes a bug included in a previous release.
+- documentation - Used when the PR adds or updates documentation.
+- internal - Internal changes or things that don't fit in any other category.
 
+**Note:** `release-plan` requires that **all** PRs are labeled. If a PR doesn't fit in a category it's fine to label it as `internal`
 
 ## Release
 
-Once the prep work is completed, the actual release is straight forward:
-
-* First ensure that you have `release-it` installed globally, generally done by
-  using one of the following commands:
-
-```
-# using https://volta.sh
-volta install release-it
-
-# using Yarn
-yarn global add release-it
-
-# using npm
-npm install --global release-it
-```
-
-* Second, ensure that you have installed your projects dependencies:
-
-```
-yarn install
-```
-
-* And last (but not least 😁) do your release. It requires a
-  [GitHub personal access token](https://github.com/settings/tokens) as
-  `$GITHUB_AUTH` environment variable. Only "repo" access is needed; no "admin"
-  or other scopes are required.
-
-```
-export GITHUB_AUTH="f941e0..."
-release-it
-```
-
-[release-it](https://github.com/release-it/release-it/) manages the actual
-release process. It will prompt you to to choose the version number after which
-you will have the chance to hand tweak the changelog to be used (for the
-`CHANGELOG.md` and GitHub release), then `release-it` continues on to tagging,
-pushing the tag and commits, etc.
+Once the prep work is completed, the actual release is straight forward: you just need to merge the open [Plan Release](https://github.com/ember-cli/ember-resolver/pulls?q=is%3Apr+is%3Aopen+%22Prepare+Release%22+in%3Atitle) PR

package.json

@@ -1,4 +1,5 @@
 {
+  "version": "13.1.1",
   "private": true,
   "repository": {
     "type": "git",
@@ -15,8 +16,6 @@
   "devDependencies": {
     "@babel/eslint-parser": "^7.21.3",
     "@babel/plugin-proposal-decorators": "^7.21.0",
-    "@release-it-plugins/lerna-changelog": "5.0.0",
-    "@release-it-plugins/workspaces": "^3.2.0",
     "ember-template-lint": "^5.7.2",
     "eslint": "^8.46.0",
     "eslint-config-prettier": "^8.9.0",
@@ -26,30 +25,7 @@
     "eslint-plugin-qunit": "^7.3.4",
     "npm-run-all": "^4.1.5",
     "prettier": "^2.8.4",
-    "release-it": "^15.6.0"
+    "release-plan": "^0.17.4"
   },
-  "release-it": {
-    "hooks": {
-      "before:init": "cp README.md LICENSE.md addon/"
-    },
-    "plugins": {
-      "@release-it-plugins/workspaces": {
-        "publish": false
-      },
-      "@release-it-plugins/lerna-changelog": {
-        "infile": "CHANGELOG.md",
-        "launchEditor": true
-      }
-    },
-    "git": {
-      "tagName": "v${version}"
-    },
-    "npm": false,
-    "github": {
-      "release": true,
-      "tokenRef": "GITHUB_AUTH"
-    }
-  },
-  "packageManager": "pnpm@10.29.3",
-  "version": "13.1.1"
+  "packageManager": "pnpm@10.29.3"
 }