-
-
Notifications
You must be signed in to change notification settings - Fork 0
61 lines (54 loc) · 1.8 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# For every push to the master branch, this checks if the release-plan was
# updated and if it was it will publish stable npm packages based on the
# release plan
name: Publish Stable
on:
workflow_dispatch:
push:
branches:
- main
- master
concurrency:
group: publish-${{ github.head_ref || github.ref }}
cancel-in-progress: true
jobs:
check-plan:
name: 'Check Release Plan'
runs-on: ubuntu-latest
outputs:
command: ${{ steps.check-release.outputs.command }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: 'main'
# This will only cause the `check-plan` job to have a result of `success`
# when the .release-plan.json file was changed on the last commit. This
# plus the fact that this action only runs on main will be enough of a guard
- id: check-release
run: if git diff --name-only HEAD HEAD~1 | grep -w -q ".release-plan.json"; then echo "command=release"; fi >> $GITHUB_OUTPUT
publish:
name: 'NPM Publish'
runs-on: ubuntu-latest
needs: check-plan
if: needs.check-plan.outputs.command == 'release'
permissions:
contents: write
pull-requests: write
id-token: write
attestations: write
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
- uses: actions/setup-node@v4
with:
node-version: 18
# This creates an .npmrc that reads the NODE_AUTH_TOKEN environment variable
registry-url: 'https://registry.npmjs.org'
cache: pnpm
- run: pnpm install --frozen-lockfile
- name: npm publish
run: NPM_CONFIG_PROVENANCE=true pnpm release-plan publish
env:
GITHUB_AUTH: ${{ secrets.GITHUB_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}