update github workflow to utilize OIDC #8
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish package to npm | |
| on: | |
| push: | |
| tags: | |
| - 'v*.*.*' # Matches version tags like v1.0.0, v2.1.3, etc. | |
| permissions: | |
| id-token: write # Required for OIDC | |
| contents: read | |
| jobs: | |
| publish: | |
| name: Publish to npm | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Fetch all history for tags | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '24.x' | |
| registry-url: 'https://registry.npmjs.org' | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Run tests | |
| run: npm test | |
| - name: Build project | |
| run: npm run build | |
| - name: Extract version from tag | |
| id: get_version | |
| run: | | |
| VERSION=${GITHUB_REF#refs/tags/v} | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| echo "Extracted version: $VERSION" | |
| - name: Update package.json version | |
| run: | | |
| npm version ${{ steps.get_version.outputs.version }} --no-git-tag-version | |
| echo "Updated package.json version to ${{ steps.get_version.outputs.version }}" | |
| - name: Verify package.json version matches tag | |
| run: | | |
| PACKAGE_VERSION=$(node -p "require('./package.json').version") | |
| TAG_VERSION="${{ steps.get_version.outputs.version }}" | |
| if [ "$PACKAGE_VERSION" != "$TAG_VERSION" ]; then | |
| echo "Error: package.json version ($PACKAGE_VERSION) does not match tag version ($TAG_VERSION)" | |
| exit 1 | |
| fi | |
| echo "Version verification successful: $PACKAGE_VERSION" | |
| - name: Publish to npm | |
| run: npm publish | |
| - name: Create Release | |
| id: create_release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
| with: | |
| tag_name: ${{ github.ref }} | |
| release_name: Release ${{ github.ref }} | |
| body: | | |
| Changes in this Release | |
| - See commit history for changes | |
| draft: false | |
| prerelease: false |