ci: add @clerk/expo compat gate before release publish#593
Draft
chriscanin wants to merge 2 commits intomainfrom
Draft
ci: add @clerk/expo compat gate before release publish#593chriscanin wants to merge 2 commits intomainfrom
chriscanin wants to merge 2 commits intomainfrom
Conversation
Introduces an `expo-compat` job in the manual-release workflow that runs before `publish`. The job: 1. Publishes the current SDK source to mavenLocal with a snapshot suffix 2. Clones clerk/javascript and clerk/clerk-expo-quickstart 3. Patches @clerk/expo's pinned clerk-android version to the snapshot 4. Adds mavenLocal() to the gradle repositories so resolution works 5. Builds the quickstart NativeComponentQuickstart against the snapshot 6. Runs the Maestro e2e suite from clerk/javascript's integration-mobile/ The `publish` job now depends on `expo-compat` succeeding, so a release cannot publish if the Expo integration tests fail. Secrets required (to be configured on this repo): - CLERK_TEST_EMAIL - CLERK_TEST_PASSWORD - EXPO_PUBLIC_CLERK_PUBLISHABLE_KEY Related: clerk/javascript#8334 (adds the integration-mobile/ test suite this workflow invokes)
chriscanin
added a commit
to clerk/clerk-ios
that referenced
this pull request
Apr 16, 2026
Introduces an `expo-compat` job in release-sdk.yml that runs between `checks` and `publish`. The job validates that the clerk-ios SHA about to be published does not break @clerk/expo's native component integration. The job: 1. Clones clerk/javascript and clerk/clerk-expo-quickstart 2. Patches packages/expo/app.plugin.js to pin the SPM clerk-ios dependency to the current release SHA using requirement kind 'revision' instead of 'exactVersion' 3. Builds the NativeComponentQuickstart app via `expo run:ios --configuration Release` 4. Runs the Maestro e2e suite from integration-mobile/ on an iOS simulator 5. If any Maestro flow fails, the `publish` job is blocked Because the clerk-ios dependency is resolved via SPM, no local publish step is needed — SPM clones the clerk-ios repo at the specified SHA during the quickstart's Xcode build. Secrets required: - CLERK_TEST_EMAIL - CLERK_TEST_PASSWORD - EXPO_PUBLIC_CLERK_PUBLISHABLE_KEY Related: - clerk/javascript#8334 — adds the integration-mobile/ test suite - clerk/clerk-android#593 — Android equivalent of this gate
3 tasks
Adds two workflow_dispatch inputs: - skip_expo_compat (boolean, default false) - skip_reason (string, required when skip=true) When invoked with skip_expo_compat=true, the expo-compat job is skipped and a new log-skip job records the actor, reason, and version to the GitHub Actions job summary for permanent audit trail. Automated release events (release: types: [published]) cannot provide workflow_dispatch inputs, so the gate is always enforced for those triggers. The skip is available only for manual workflow_dispatch runs, which are already gated by the authorize job.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds an
expo-compatjob tomanual-release.ymlthat runs beforepublishas a release gate. The job validates that the clerk-android version about to be published does not break @clerk/expo's native component integration.What it does
mavenLocalwith a snapshot suffix (e.g.1.0.12-expo-compat-12345678)packages/expo/android/build.gradlein the javascript checkout to use the snapshot versions and addsmavenLocal()to the repositories closureNativeComponentQuickstartapp from the quickstart repointegration-mobile/flows/against the running emulatorpublishjob is blockedWhy this matters
@clerk/expo pins specific clerk-android versions in its
build.gradle. When clerk-android ships a new release, that pinned version gets bumped downstream. Before this gate, there was no automated way to know if a breaking change in clerk-android would show up as a user-visible regression in @clerk/expo components — it would ship, users would file bugs, we'd find out after the fact.With this gate, a breaking change surfaces on the PR/release that introduces it, before the SDK is published to Maven Central.
Secrets required
The following secrets must be configured on this repo's Actions settings before this workflow can succeed:
CLERK_TEST_EMAIL— a test user email on the Clerk dev instance (use the+clerk_testtestmode pattern)CLERK_TEST_PASSWORD— password for that userEXPO_PUBLIC_CLERK_PUBLISHABLE_KEY— the dev instance publishable keyRelated
integration-mobile/test suite and Maestro flows this workflow invokesPhase 2 (follow-up, not in this PR)
After
publishsucceeds, we could auto-open a version-bump PR in clerk/javascript that updates the pinnedclerkAndroidApiVersion/clerkAndroidUiVersioninpackages/expo/android/build.gradle. That would eliminate the manual step of "remember to bump @clerk/expo to use the new clerk-android release."Requires a cross-repo PAT/GitHub App token with write access to clerk/javascript. Needs discussion before implementation.
Known caveats
mainbeing buildable; if it breaks, this gate fails even when the clerk-android change is fine. Consider pinningQUICKSTART_REPO_REFto a specific SHA for stability.manual) because they need human OAuth interactionChecklist