-
Notifications
You must be signed in to change notification settings - Fork 0
175 lines (159 loc) · 5.38 KB
/
publish-npm.yml
File metadata and controls
175 lines (159 loc) · 5.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
name: Publish Package NPM
on:
workflow_call:
inputs:
scope:
description: "NPM package scope (e.g., @iexec)"
default: "@iexec"
type: string
node-version:
description: "Node.js version to use"
default: "20"
type: string
registry:
description: "NPM registry URL"
default: "https://registry.npmjs.org"
type: string
access:
description: "Package access (public/restricted)"
default: "public"
type: string
provenance:
description: "Enable npm provenance"
default: true
type: boolean
install-command:
description: "Install dependencies command"
default: "npm ci"
type: string
build-command:
description: "Build package command"
default: "npm run build"
type: string
run-tests:
description: "Execute unit tests step"
default: false
type: boolean
test-command:
description: "Run unit tests command"
default: "npm test --if-present"
type: string
lint-command:
description: "Run linting command"
default: "npm run lint --if-present"
type: string
type-check-command:
description: "Run type-checking command"
default: "npm run check-types --if-present"
type: string
format-check-command:
description: "Run format-checking command"
default: "npm run check-format --if-present"
type: string
environment:
description: "GitHub environment"
default: "production"
type: string
tag:
description: "npm publish tag (e.g., latest, nightly)"
default: ""
type: string
working-directory:
description: "Directory containing package.json"
default: ""
type: string
artifact-name:
description: "Name of an artifact to download before the build (leave empty to skip)"
default: ""
type: string
artifact-path:
description: "Destination path for the downloaded artifact"
default: ""
type: string
version:
description: "Version to publish (leave empty to use package.json version)"
default: ""
type: string
dry-run:
description: "Run in dry-run mode (the package will not be published)"
default: false
type: boolean
secrets:
npm-token:
description: "NPM auth token (required unless `dry-run: true` or workflow is called by a trusted publisher)"
required: false
jobs:
build:
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Download extra artifact
if: ${{ inputs.artifact-name != '' }}
uses: actions/download-artifact@v4
with:
name: ${{ inputs.artifact-name }}
path: ${{ inputs.artifact-path }}
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ inputs.node-version }}
registry-url: ${{ inputs.registry }}
scope: ${{ inputs.scope }}
- name: Ensure npm version
if: ${{ !inputs.dry-run }}
run: |
if [ -n "${{ secrets.npm-token }}" ]; then
echo "npm-token secret is set not using OIDC"
elif [ $(npx semver -r ">=11.5.1" $(npm -v)) ]; then
echo "OIDC trusted publishing supported by current npm version"
else
echo "OIDC trusted publishing requires npm >= 11.5.1, updating npm"
npm install -g npm@11
fi
- name: Install dependencies
working-directory: ${{ inputs.working-directory }}
run: ${{ inputs.install-command }}
- name: Override version
if: ${{ inputs.version != '' }}
working-directory: ${{ inputs.working-directory }}
run: |
npm pkg set version="${{ inputs.version }}"
- name: Run build
working-directory: ${{ inputs.working-directory }}
run: ${{ inputs.build-command }}
- name: Run type checks
working-directory: ${{ inputs.working-directory }}
run: ${{ inputs.type-check-command }}
- name: check format
working-directory: ${{ inputs.working-directory }}
run: ${{ inputs.format-check-command }}
- name: Run linting
working-directory: ${{ inputs.working-directory }}
run: ${{ inputs.lint-command }}
- name: Run unit tests
if: ${{ inputs.run-tests }}
working-directory: ${{ inputs.working-directory }}
run: ${{ inputs.test-command }}
- name: Publish package
working-directory: ${{ inputs.working-directory }}
env:
NODE_AUTH_TOKEN: ${{ secrets.npm-token }}
run: |
TAG_OPT=""
if [ -n "${{ inputs.tag }}" ]; then
TAG_OPT="--tag ${{ inputs.tag }}"
fi
DRY_RUN_OPT=""
if [ "${{ inputs.dry-run }}" = "true" ]; then
npm pkg set version=$(npm pkg get version | sed 's/"//g')-dry-run
DRY_RUN_OPT="--dry-run --tag dry-run"
fi
PROVENANCE_OPT=""
if [ "${{ inputs.provenance }}" = "true" ]; then
PROVENANCE_OPT="--provenance"
fi
npm publish --access ${{ inputs.access }} $TAG_OPT $DRY_RUN_OPT $PROVENANCE_OPT