chainlit/.github/workflows/publish-libs.yaml at main · Chainlit/chainlit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
name: Publish libs

on:
  workflow_dispatch:
    inputs:
      dry_run:
        description: 'Dry run (test publishing)'
        required: false
        default: false
        type: boolean
  release:
    types: [published]

permissions: read-all

jobs:
  validate:
    name: Validate inputs
    runs-on: ubuntu-latest
    steps:
      - name: Validate publishing branch and destination package index
        run: |
          if [[ "${{ github.ref_name }}" != "main" && "${{ github.event_name }}" != "release" ]]; then
            if [[ "${{ inputs.dry_run }}" != "true" ]]; then
              echo "❌ Error: Only build from main branch or release tag can be published to npm registry."
              echo "Please check 'Dry run (test publishing)' when running from branch: ${{ github.ref_name }}"
              exit 1
            fi
          fi
          echo "✅ Validation passed"
  ci:
    needs: [validate]
    uses: ./.github/workflows/ci.yaml
    secrets: inherit
  build-n-publish:
    name: Upload libs release to npm registry
    runs-on: ubuntu-latest
    needs: [ci]
    permissions:
      contents: read
      id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/pnpm-node-install
        name: Install Node, pnpm and dependencies.

      - name: Build libs
        run: pnpm build:libs

      - name: Publish packages to npm
        # --no-git-checks allows testing from non-main branches and publishing from release tags
        run: pnpm publish --recursive --no-git-checks ${{ inputs.dry_run && '--dry-run' || '' }}
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_REACT_CLIENT }}