Publish #11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| on: | |
| release: | |
| types: [published] | |
| workflow_dispatch: | |
| workflow_call: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| cache-dependency-path: "pnpm-lock.yaml" | |
| node-version: "24.x" | |
| cache: "pnpm" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Lint | |
| run: pnpm lint | |
| - name: Test | |
| run: pnpm test:ci | |
| # Add other code quality/build steps here as needed | |
| publish: | |
| needs: check | |
| if: | | |
| (github.event_name == 'release' && startsWith(github.event.release.tag_name, 'v')) || | |
| (github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main') || | |
| (github.event_name == 'workflow_call') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| cache-dependency-path: "pnpm-lock.yaml" | |
| node-version: "24.x" | |
| cache: "pnpm" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run tests | |
| run: pnpm test:ci | |
| - name: Extract version from tag | |
| id: version | |
| run: | | |
| TAG_NAME="${GITHUB_REF#refs/tags/}" | |
| VERSION="${TAG_NAME#v}" | |
| echo "version=$VERSION" >> "$GITHUB_OUTPUT" | |
| - name: Determine dist-tag | |
| id: disttag | |
| run: | | |
| VERSION="${{ steps.version.outputs.version }}" | |
| if [[ "$VERSION" == *"-"* ]]; then | |
| echo "tag=prerelease" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "tag=latest" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Upgrade npm for OIDC trusted publishing | |
| run: npm install -g npm@latest # Ensures npm >= 11.5.1 | |
| - name: Publish to npm (Trusted Publisher OIDC) | |
| run: pnpm publish --no-git-checks --tag ${{ steps.disttag.outputs.tag }} | |
| # No NODE_AUTH_TOKEN env! OIDC will be used automatically |