-
Notifications
You must be signed in to change notification settings - Fork 236
110 lines (92 loc) · 3.55 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
name: Publish Release
on:
workflow_dispatch:
inputs:
branch:
description: The branch to release from
required: true
default: master
version:
description: The version being published. This should be a valid semver version, such as `1.0.0`.
required: true
default: ""
type: string
dry-run:
type: boolean
description: Perform a publishing dry run. This will not publish the release, but will validate the release and log the commands that would be run.
default: false
permissions:
contents: read
id-token: write # For publishing to NPM with provenance. Allows developers to run `npm audit signatures` and verify release signature of SDK. @see https://github.blog/2023-04-19-introducing-npm-package-provenance/
packages: write # For cross-publishing to GitHub Packages registry.
env:
NODE_VERSION: 18
NODE_ENV: development
jobs:
configure:
name: Validate input parameters
runs-on: ubuntu-latest
outputs:
vtag: ${{ steps.vtag.outputs.vtag }} # The fully constructed release tag to use for publishing
dry-run: ${{ steps.dry-run.outputs.dry-run }} # The dry-run flag to use for publishing, if applicable
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.inputs.branch }}
# Configure for dry-run, if applicable. @see https://docs.npmjs.com/cli/v9/commands/npm-publish#dry-run
- id: dry-run
if: ${{ github.event.inputs.dry-run == 'true' }}
name: Configure for `--dry-run`
run: |
echo "dry-run=--dry-run" >> $GITHUB_ENV
echo "dry-run=--dry-run" >> $GITHUB_OUTPUT
# Build the tag string from package.json version and release suffix. Produces something like `1.0.0-beta.1` for a beta, or `1.0.0` for a stable release.
- name: Build tag
id: vtag
run: |
PACKAGE_VERSION="${{ github.event.inputs.version }}"
echo "vtag=${PACKAGE_VERSION}" >> $GITHUB_ENV
echo "vtag=${PACKAGE_VERSION}" >> $GITHUB_OUTPUT
# Ensure tag does not already exist.
- name: Validate version
uses: actions/github-script@v7
env:
vtag: ${{ env.vtag }}
with:
script: |
const releaseMeta = github.rest.repos.listReleases.endpoint.merge({
owner: context.repo.owner,
repo: context.repo.repo,
});
const releases = await github.paginate(releaseMeta);
for (const release of releases) {
if (release.name === process.env.vtag) {
throw new Error(`${process.env.vtag} already exists`);
}
}
console.log(`${process.env.vtag} does not exist. Proceeding with release.`)
publish-npm:
needs: configure
name: Publish to NPM
runs-on: ubuntu-latest
environment: "release"
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.inputs.branch }}
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: npm
registry-url: "https://registry.npmjs.org"
- name: Install dependencies
run: npm ci
- name: Publish release to NPM
run: npm publish --provenance --tag ${{ needs.configure.outputs.vtag }} ${{ needs.configure.outputs.dry-run }}
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}