Skip to content
Release

Update GitHub Actions release workflow to include permissions for id-… #2

Sign in to view logs

Update GitHub Actions release workflow to include permissions for id-…

Update GitHub Actions release workflow to include permissions for id-… #2

Workflow file for this run

.github/workflows/release.yml at 90e9ddc
name: Release
on:
push:
branches:
- main
tags:
- "v*.*.*"
jobs:
build-and-publish:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Enable Corepack
run: corepack enable
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: "yarn"
cache-dependency-path: "yarn.lock"
node-version-file: ".nvmrc"
- name: Install dependencies
run: yarn install
- name: Run Biome
run: npx biome ci .
- name: Run tests
run: yarn test
- name: Typecheck
run: yarn typecheck
- name: Set dev version for main branch
if: github.ref == 'refs/heads/main'
run: |
BUILD_NUM=${{ github.run_number }}
COMMIT_HASH=${{ github.sha }}
VERSION=$(jq -r .version package.json)
DEV_VERSION="$VERSION-dev.$BUILD_NUM+${COMMIT_HASH:0:8}"
jq --arg v "$DEV_VERSION" '.version = $v' package.json > package.json.tmp
mv package.json.tmp package.json
- name: Pack npm package
run: mkdir -p out && yarn pack --out out/%s-%v.tgz
- name: Check Package Entrypoints
run: yarn attw out/*.tgz
- name: Publish to registry
if: |
github.event_name == 'push' &&
(github.ref_type == 'tag' || github.ref == 'refs/heads/main')
run: |
set -ex
npm config set //registry.npmjs.org/:_authToken "$NPM_AUTH_TOKEN"
npm whoami
if [[ "$GITHUB_REF_TYPE" = "tag" ]]; then
npm publish --provenance --access public *.tgz
else
npm publish --provenance --access public --tag dev *.tgz
fi
env:
NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
working-directory: ${{ github.workspace }}/out/