Merge pull request #27 from phantom/kuba/fix-publishing #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: | |
| - master | |
| concurrency: ${{ github.workflow }}-${{ github.ref }} | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| # OIDC | |
| id-token: write | |
| jobs: | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| env: | |
| # Force npm to emit provenance (SLSA) when publishing via OIDC. | |
| NPM_CONFIG_PROVENANCE: true | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js 20.x | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20.x | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Ensure npm 11.5.1+ for trusted publishing | |
| run: npm install -g npm@^11.8.0 | |
| - name: Enable Corepack | |
| run: corepack enable | |
| - name: Install Dependencies | |
| run: yarn | |
| - name: Create Release Pull Request or Publish to npm | |
| id: changesets | |
| uses: changesets/action@e0145edc7d9d8679003495b11f87bd8ef63c0cba | |
| with: | |
| # This expects you to have a script called release which does a build for your packages and calls changeset publish | |
| version: yarn changeset version | |
| publish: yarn release | |
| commitMode: github-api | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # we use trusted publishing and setup-node will set these incorrectly. Unset if we ever use RO_TOKEN | |
| NODE_AUTH_TOKEN: "" | |
| NPM_CONFIG_PROVENANCE: true |