ci: Refactor automated release and publishing workflows with Release Please

[d3xter666]

JIRA: CPOUI5FOUNDATION-1166

🔧 Technical Challenges & Solutions

1. Circular Peer Dependencies

Problem: @ui5/project has peerDependency on @ui5/builder, while @ui5/builder has devDependency on @ui5/project. The node-workspace plugin detected this cycle:

Error: found cycle in dependency graph: @ui5/builder -> @ui5/project -> @ui5/builder

Solution:

• Configured node-workspace plugin with updatePeerDependencies: true
• Added automated workflow step that manually updates @ui5/builder peer dependency in packages/project/package.json
• Uses jq for surgical JSON manipulation to update version range from ^4.x to ^5.x

BUILDER_VERSION=$(jq -r '.version' packages/builder/package.json)
jq --tab --arg new_version "^$BUILDER_VERSION" \
  '.peerDependencies."@ui5/builder" = $new_version' \
  packages/project/package.json > tmp.$$.json

2. Package-Lock Corruption from npm Aliases

Problem: The node-workspace plugin corrupted package-lock.json by updating npm alias entries in internal/documentation/package.json. This created inconsistent lockfile entries mixing workspace versions with registry URLs:

"node_modules/@ui5/fs-npm": {
  "name": "@ui5/fs",
  "version": "5.0.0-alpha.0",  // ❌ New workspace version
  "resolved": "https://registry.npmjs.org/@ui5/fs/-/fs-4.0.3.tgz",  // ❌ Old registry URL
  "integrity": "sha512-..."
}

Solution:
Implemented automated lockfile restoration that:

1. Runs npm install to regenerate workspace lockfile entries
2. Selectively restores npm alias entries from origin/main using jq
3. Preserves workspace updates while keeping npm aliases at stable registry versions

# Restore npm alias entries from main branch
git show origin/main:package-lock.json | \
  jq -r '.packages | to_entries[] | 
    select(.key | test("node_modules/@ui5/(builder|cli|fs|logger|project|server)-npm$")) | 
    .key' | while read key; do
  original_entry=$(git show origin/main:package-lock.json | jq ".packages[\"$key\"]")
  jq --tab --arg key "$key" --argjson entry "$original_entry" \
    '.packages[$key] = $entry' package-lock.json > tmp.$$.json
  mv tmp.$$.json package-lock.json
done

3. PR Title Version Extraction

Problem: Release Please's ${version} template doesn't work with grouped monorepo releases using the linked-versions plugin (no root package context).

Solution:

• Used ${branch} in PR title pattern: "release: UI5 CLI packages ${branch}"
• Final title: "release: UI5 CLI packages main"

[d3xter666]

GH Actions run: https://github.com/d3xter666/cli/actions/runs/19685910611/job/56391481303
The output: d3xter666#1

Note: The ui5/cli publishing is expected to fail its shrinkwrap regeneration there as other packages were not actually published to NPM

[coveralls]

coverage: 94.67% (+0.01%) from 94.657%
when pulling f3d82f1 on refactor-release-please-setup
into 9f13b7c on main.

[d3xter666]

I have added also a documentation, describing the current release process: #1217

[RandomByte]

Relates to googleapis/release-please#2452

[d3xter666]

@matz3 , sorry I needed to revert back the git's user.name & user.email as the amend is from a different "user" and needs this in order to push.

Now, the flow seems to be working correctly:

1. Prior merge (build GH release PR): https://github.com/d3xter666/cli/actions/runs/19729867589
2. After merging the PR: https://github.com/d3xter666/cli/actions/runs/19730143619 (note: shrinkrwap generator is expected to fail here as we don't have real @ui5/* publish)