chore: add release script (nextauthjs#3891)

* chore: fix `next-auth` version in `package.json`

* chore: add WIP publish script

* chore: fix comments, add TODOs

* chore: set newer TS target

* chore: extract release config

* chore: WIP work on publish script

* chore: finish up release script

* chore: do not push unless not dryRun

* chore: add debug env var, return early if no package to update

* chore: remove unnecessary comment

* chore: remove changeset and unused dependencies

* chore: drop `semantic-release`

* chore: remove `jsonfile` dependency

* chore: address code review

* fix: list other commits in changelog when releasing

* chore: fix env variable references

* chore: fetch with tags and commit history

* chore: fix analyze code

* chore: fix utils script

* chore: better changelog formatting

* chore: fix package path

* chore: fix some remaining stuff

* chore: remove DEBUG flag

.github/workflows/release.yml

@@ -20,8 +20,8 @@ jobs:
         uses: actions/setup-node@v2
         with:
           node-version: 16
-          cache: 'yarn'
-      - name: Install dependencies 
+          cache: "yarn"
+      - name: Install dependencies
         run: yarn --frozen-lockfile
       - name: Build
         run: npm run build
@@ -44,20 +44,25 @@ jobs:
     steps:
       - name: Init
         uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
       - name: Setup Node
         uses: actions/setup-node@v2
         with:
           node-version: 16
-          cache: 'yarn'
-      - name: Install dependencies 
+          cache: "yarn"
+      - name: Install dependencies
         run: yarn --frozen-lockfile
       - name: Publish to npm and GitHub
         run: |
-          cd packages/next-auth
-          npx semantic-release@17
+          git config --global user.email "[email protected]"
+          git config --global user.name "Balázs Orbán"
+          yarn release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_TOKEN_PKG: ${{ secrets.NPM_TOKEN }}
+          NPM_TOKEN_ORG: ${{ secrets.NPM_TOKEN_ORG }}
+          DRY_RUN: true
   release-pr:
     name: Publish PR
     runs-on: ubuntu-latest
@@ -71,8 +76,8 @@ jobs:
         uses: actions/setup-node@v2
         with:
           node-version: 16
-          cache: 'yarn'
-      - name: Install dependencies 
+          cache: "yarn"
+      - name: Install dependencies
         run: yarn --frozen-lockfile
       - name: Determine version
         uses: ./.github/version-pr

CHANGELOG.md

@@ -1,5 +1,5 @@
 # CHANGELOG
 
 The changelog is automatically updated using
-[semantic-release](https://github.com/semantic-release/semantic-release). You
+[scripts/release/index.ts](https://github.com/nextauthjs/next-auth/tree/main/scripts/index.ts). You
 can see it on the [releases page](../../releases).

CONTRIBUTING.md

@@ -85,43 +85,27 @@ You can look at the existing built-in providers for inspiration.
 #### Databases
 
 If you would like to contribute to an existing database adapter or help create a new one, head over to the [nextauthjs/adapters](https://www.github.com/nextauthjs/adapters) repository and follow the instructions provided there.
+
 #### Testing
 
 Tests can be run with `yarn test`.
 
 Automated tests are currently crude and limited in functionality, but improvements are in development.
+
 ## For maintainers
 
-We use [semantic-release](https://github.com/semantic-release/semantic-release) together with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0) to automate releases. This makes the maintenance process easier and less error-prone to human error. Please study the "Conventional Commits" site to understand how to write a good commit message.
+We use [a custom script](https://github.com/nextauthjs/next-auth/tree/main/scripts/index.ts) together with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0) to automate releases. This makes the maintenance process easier and less error-prone. Please study the "Conventional Commits" site to understand how to write a good commit message.
 
 When accepting Pull Requests, make sure the following:
 
 - Use "Squash and merge"
 - Make sure you merge contributor PRs into `main`
-- Rewrite the commit message to conform to the `Conventional Commits` style. Check the "Recommended Scopes" section for further advice.
+- Rewrite the commit message to conform to the `Conventional Commits` style.
+  - Using `fix` releases a patch (x.x.1)
+  - Using `feat` releases a minor (x.1.x)
+  - Using `feat` when `BREAKING CHANGE` is present in the commit messgae releases a major (1.x.x)
 - Optionally link issues the PR will resolve (You can add "close" in front of the issue numbers to close the issues automatically, when the PR is merged. `semantic-release` will also comment back to connected issues and PRs, notifying the users that a feature is added/bug fixed, etc.)
 
-### Recommended Scopes
-
-A typical conventional commit looks like this:
-
-```
-type(scope): title
-
-body
-```
-
-Scope is the part that will help grouping the different commit types in the release notes.
-
-Some recommended scopes are:
-
-- **provider** - Provider related changes. (eg.: "feat(provider): add X provider", "docs(provider): fix typo in X documentation"
-- **adapter** - Adapter related changes. (eg.: "feat(adapter): add X provider", "docs(provider): fix typo in X documentation"
-- **db** - Database related changes. (eg.: "feat(db): add X database", "docs(db): fix typo in X documentation"
-- **deps** - Adding/removing/updating a dependency (eg.: "chore(deps): add X")
-
-> NOTE: If you are not sure which scope to use, you can simply ignore it. (eg.: "feat: add something"). Adding the correct type already helps a lot when analyzing the commit messages.
-
 ### Skipping a release
 
-Every commit that contains [skip release] or [release skip] in their message will be excluded from the commit analysis and won't participate in the release type determination. This is useful, if the PR being merged should not trigger a new `npm` release.
+If a commit contains `[skip release]` in their message will be excluded from the commit analysis and won't participate in the release type determination. This is useful, if the PR being merged should not trigger a new `npm` release.

package.json

@@ -3,7 +3,11 @@
   "version": "0.0.0",
   "private": true,
   "workspaces": {
-    "packages": ["packages/*", "apps/dev", "docs"]
+    "packages": [
+      "packages/*",
+      "apps/dev",
+      "docs"
+    ]
   },
   "repository": "https://github.com/nextauthjs/next-auth.git",
   "scripts": {
@@ -15,24 +19,29 @@
     "dev": "yarn dev:app",
     "dev:app": "turbo run dev --parallel --no-deps --no-cache --scope=next-auth-app",
     "dev:docs": "turbo run dev --parallel --no-deps --no-cache --scope=next-auth-docs",
-    "version:pr": "node ./config/version-pr"
+    "version:pr": "node ./config/version-pr",
+    "release": "ts-node scripts/release"
   },
   "devDependencies": {
     "@actions/core": "^1.6.0",
-    "@changesets/cli": "^2.20.0",
+    "@commitlint/parse": "16.0.0",
+    "@types/semver": "7.3.9",
     "@typescript-eslint/eslint-plugin": "^5.10.2",
     "@typescript-eslint/parser": "^4.33.0",
-    "conventional-changelog-conventionalcommits": "4.6.1",
     "eslint": "^7.32.0",
     "eslint-config-prettier": "^8.3.0",
     "eslint-config-standard-with-typescript": "^21.0.1",
     "eslint-plugin-import": "^2.25.4",
     "eslint-plugin-jest": "^25.3.0",
     "eslint-plugin-node": "^11.1.0",
     "eslint-plugin-promise": "^6.0.0",
+    "git-log-parser": "1.2.0",
     "husky": "^7.0.4",
     "prettier": "2.4.1",
     "pretty-quick": "^3.1.2",
+    "semver": "7.3.5",
+    "stream-to-array": "2.3.0",
+    "ts-node": "10.5.0",
     "turbo": "^1.1.2",
     "typescript": "^4.5.2"
   },
@@ -44,7 +53,10 @@
   },
   "eslintConfig": {
     "parser": "@typescript-eslint/parser",
-    "extends": ["standard-with-typescript", "prettier"],
+    "extends": [
+      "standard-with-typescript",
+      "prettier"
+    ],
     "ignorePatterns": [
       "node_modules",
       "next-env.d.ts",
@@ -68,16 +80,26 @@
     },
     "overrides": [
       {
-        "files": ["./**/*test.js"],
+        "files": [
+          "./**/*test.js"
+        ],
         "env": {
           "jest/globals": true
         },
-        "extends": ["plugin:jest/recommended"],
-        "plugins": ["jest"]
+        "extends": [
+          "plugin:jest/recommended"
+        ],
+        "plugins": [
+          "jest"
+        ]
       }
     ]
   },
-  "eslintIgnore": ["./*.d.ts", "**/tests", "**/__tests__"],
+  "eslintIgnore": [
+    "./*.d.ts",
+    "**/tests",
+    "**/__tests__"
+  ],
   "packageManager": "[email protected]",
   "funding": [
     {

packages/next-auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "next-auth",
-  "version": "4.1.2",
+  "version": "4.2.1",
   "description": "Authentication for Next.js",
   "homepage": "https://next-auth.js.org",
   "repository": "https://github.com/nextauthjs/next-auth.git",
@@ -86,7 +86,6 @@
     }
   },
   "devDependencies": {
-    "@actions/core": "^1.6.0",
     "@babel/cli": "^7.16.0",
     "@babel/core": "^7.16.0",
     "@babel/plugin-proposal-optional-catch-binding": "^7.16.0",
@@ -133,31 +132,5 @@
     "./*.d.ts",
     "**/tests",
     "**/__tests__"
-  ],
-  "release": {
-    "branches": [
-      "+([0-9])?(.{+([0-9]),x}).x",
-      "main",
-      {
-        "name": "beta",
-        "prerelease": true
-      },
-      {
-        "name": "next",
-        "prerelease": true
-      }
-    ],
-    "plugins": [
-      "@semantic-release/commit-analyzer",
-      "@semantic-release/release-notes-generator",
-      "@semantic-release/npm",
-      [
-        "@semantic-release/github",
-        {
-          "releasedLabels": false,
-          "successComment": false
-        }
-      ]
-    ]
-  }
+  ]
 }