Skip to content

chore: publish to npm with provenance #934

chore: publish to npm with provenance

chore: publish to npm with provenance #934

Workflow file for this run

name: Node.js CI
on: [push, pull_request]
jobs:
test:
name: 'Test on Node:${{ matrix.node-version }} OS:${{ matrix.os }}'
runs-on: ${{ matrix.os }}
strategy:
matrix:
node-version: [20, 22]
os: [ubuntu-latest]
include:
- os: windows-latest
node-version: 22
steps:
- uses: actions/checkout@v3
- name: setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
- uses: actions/cache@v2
id: npm-cache
with:
path: 'node_modules'
key: ${{ runner.os }}-node-v${{ matrix.node-version }}-npm-${{ hashFiles('package-lock.json') }}
- run: npm install
if: steps.npm-cache.outputs.cache-hit != 'true'
- run: npm run lint
if: matrix.os != 'windows-latest'
- run: npm run typecheck
- run: npm run build
- run: npm test
release:
runs-on: ubuntu-latest
needs: test
permissions:
contents: read
id-token: write
if: startsWith(github.ref, 'refs/tags/v')
steps:
- uses: actions/checkout@v3
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 22
registry-url: 'https://registry.npmjs.org'
- uses: actions/cache@v2
id: npm-cache
with:
path: 'node_modules'
key: ${{ runner.os }}-node-v20-npm-${{ hashFiles('package-lock.json') }}
- run: npm install
if: steps.npm-cache.outputs.cache-hit != 'true'
- run: npm run build
- run: |
VERSION="$(node -e 'console.log(process.argv[1].match(/^refs\/tags\/v(\d+\.\d+\.\d+)$/)[1])' "${{ github.ref }}")"
node -e 'console.log(JSON.stringify({...require("./package.json"),version:process.argv[1]}, null, 2))' "$VERSION" | tee ./tmp-package.json
mv ./tmp-package.json ./package.json
- run: npm publish --provenance
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}