(DRAFT) Create prepare-release script and bot pipeline

[vmoroz]

Description

Type of Change

• Automation (AI changes or Github Actions to reduce effort of manual tasks)

Why

Today, publish.yml pushes version bumps directly to protected branches using a PAT (beachball publish), and also publishes npm packages via ESRP — mixing build and release concerns. The ***NO_CI*** commit message hack prevents infinite build loops, and manual recovery from failures is difficult.

This PR replaces that with a bot-driven PR-based version bump flow, inspired by the changesets/action pattern used in microsoft/rnx-kit.

Core idea: version bumps are just code changes, and code changes go through PRs.

A scheduled bot detects pending change files, runs beachball bump, and creates/updates a "Version Packages" PR. A maintainer reviews and merges it. The publish pipeline then just packs artifacts (no git push, no npm publish). The release pipeline handles all registry publishing.

How recursion is avoided: The bot pushes to branches prefixed with prepare-release/ (e.g., prepare-release/main). The PR pipeline detects this prefix and skips beachball check (change files are already consumed). No ***NO_CI*** hack needed — the version bump merge is a normal commit that triggers a normal build.

What

New: @rnw-scripts/prepare-release package (packages/@rnw-scripts/prepare-release/)

• Detects pending change files, runs beachball bump, creates/updates a GitHub PR via gh CLI
• Can be run by the bot, or manually by a developer (npx prepare-release --branch main)
• Each run starts fresh from target branch HEAD — no stale state or merge conflicts

New: prepare-release-bot.yml pipeline

• Scheduled every 4 hours against main and *-stable branches
• Invokes npx prepare-release --branch $(Build.SourceBranchName)

Modified: publish.yml — now a pure build-and-pack pipeline

• Removed: beachball publish, configure-git.yml, git pull, ESRP npm release, GitHub Releases, ***NO_CI*** cancellation, skipGitPush/skipNpmPublish/stopOnNoCI parameters
• Added: npmPack.js --clean --no-color to pack npm tarballs (replaces beachball publish --pack-to-path)
• Artifact names unchanged — release.yml continues to work as-is

Modified: jobs/setup.yml — skip beachball check for bot PRs

• Added condition: not(startsWith(variables['System.PullRequest.SourceBranch'], 'refs/heads/prepare-release/'))
• beachball bump still runs (needed for correct versions in test builds)

Screenshots

N/A — pipeline changes only.

Testing

• @rnw-scripts/prepare-release builds successfully (npx lage build --scope @rnw-scripts/prepare-release)
• npx prepare-release --branch main --dry-run detects change files, runs beachball bump, generates PR body
• Register prepare-release-bot.yml in ADO, run manually against main — verify PR creation
• Run publish.yml — verify npmPack.js produces tarballs, artifacts publish correctly
• Run release.yml downstream — verify it picks up artifacts and publishes as before
• Open a PR from prepare-release/main — verify beachball check is skipped, CI passes

Changelog

Should this change be included in the release notes: no

Internal pipeline automation change. No user-facing behavior change.

Microsoft Reviewers: Open in CodeFlow