|
| 1 | +name: Release on NPM |
| 2 | + |
| 3 | +on: |
| 4 | + release: |
| 5 | + types: [published] # runs when a GitHub Release is published |
| 6 | + |
| 7 | +permissions: |
| 8 | + contents: read |
| 9 | + id-token: write # required for npm provenance |
| 10 | + |
| 11 | +env: |
| 12 | + NODE_VER: 24.7 |
| 13 | + CI: true |
| 14 | + |
| 15 | +jobs: |
| 16 | + publish: |
| 17 | + name: Publish package from release tag |
| 18 | + # Run only when tag is in the format `vX.Y.Z` produced by `npm version` |
| 19 | + if: startsWith(github.event.release.tag_name, 'v') |
| 20 | + runs-on: ubuntu-latest |
| 21 | + |
| 22 | + steps: |
| 23 | + - name: Check out the tag referenced by this release |
| 24 | + uses: actions/checkout@v5 |
| 25 | + with: |
| 26 | + ref: ${{ github.event.release.tag_name }} |
| 27 | + fetch-depth: 0 |
| 28 | + |
| 29 | + - name: Install pnpm |
| 30 | + uses: pnpm/action-setup@v4 |
| 31 | + with: |
| 32 | + run_install: false |
| 33 | + |
| 34 | + - name: Setup Node.js and pnpm |
| 35 | + uses: actions/setup-node@v4 |
| 36 | + with: |
| 37 | + node-version: ${{ env.NODE_VER }} |
| 38 | + cache: 'pnpm' |
| 39 | + # This is required for `setup-node` to generate the registry URL into .npmrc |
| 40 | + # See https://github.com/actions/setup-node/blob/5e2628c959b9ade56971c0afcebbe5332d44b398/action.yml#L17-L18 |
| 41 | + registry-url: 'https://registry.npmjs.org/' |
| 42 | + |
| 43 | + - name: Verify tag matches package.json version |
| 44 | + run: | |
| 45 | + TAG="${{ github.event.release.tag_name }}" |
| 46 | + PKG_VERSION=$(node -p "require('./package.json').version") |
| 47 | + if [ "v$PKG_VERSION" != "$TAG" ]; then |
| 48 | + echo "::error ::Tag ($TAG) does not match package.json version (v$PKG_VERSION)" |
| 49 | + exit 1 |
| 50 | + fi |
| 51 | +
|
| 52 | + - name: Install deps |
| 53 | + run: | |
| 54 | + pnpm --version |
| 55 | + pnpm install --frozen-lockfile |
| 56 | +
|
| 57 | + # Note: no build step because npm publish would run `prepack` script which builds the module |
| 58 | + |
| 59 | + - name: Publish to npm with provenance |
| 60 | + env: |
| 61 | + # Environment variable used by `setup-node` action |
| 62 | + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |
| 63 | + run: | |
| 64 | + TAG="${{ github.event.release.tag_name }}" |
| 65 | +
|
| 66 | + # Stable release (vX.Y.Z) |
| 67 | + if echo "$TAG" | grep -Eq '^v[0-9]+\.[0-9]+\.[0-9]+$'; then |
| 68 | + npm publish --provenance --access public |
| 69 | +
|
| 70 | + # Pre-release (vX.Y.Z-*) |
| 71 | + elif echo "$TAG" | grep -Eq '^v[0-9]+\.[0-9]+\.[0-9]+-'; then |
| 72 | + npm publish --provenance --access public --tag next |
| 73 | +
|
| 74 | + else |
| 75 | + echo "Not a valid release tag ($TAG), skipping publish." |
| 76 | + fi |
| 77 | +
|
0 commit comments