NPM Publish Node 24 #76
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Alks.js Publish Package | |
| on: | |
| push: | |
| branches: | |
| - master | |
| jobs: | |
| get_pull_request: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v2 | |
| with: | |
| token: ${{ secrets._GITHUB_TOKEN }} | |
| - name: Get the PR that this merge came from | |
| uses: actions-ecosystem/action-get-merged-pull-request@136e2f3a66a0d28e8d85094e1042ddbe5abea267 | |
| id: get-merged-pull-request | |
| with: | |
| github_token: ${{ secrets._GITHUB_TOKEN }} | |
| outputs: | |
| pull_request_labels: ${{ steps.get-merged-pull-request.outputs.labels }} | |
| pull_request_title: ${{ steps.get-merged-pull-request.outputs.title }} | |
| pull_request_body: ${{ steps.get-merged-pull-request.outputs.body }} | |
| bump_version: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - get_pull_request | |
| if: ${{ contains(needs.get_pull_request.outputs.pull_request_labels, 'release/patch') || contains(needs.get_pull_request.outputs.pull_request_labels, 'release/minor') || contains(needs.get_pull_request.outputs.pull_request_labels, 'release/major') }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v2 | |
| with: | |
| token: ${{ secrets._GITHUB_TOKEN }} | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24 | |
| - name: Set up Artifactory Auth with OIDC | |
| uses: jfrog/setup-jfrog-cli@v4 | |
| env: | |
| JF_URL: https://artifactory.coxautoinc.com | |
| with: | |
| oidc-provider-name: gh-public | |
| - name: Configure npm to use Artifactory | |
| run: | | |
| jf npm-config --repo-resolve cai-npm --server-id-resolve setup-jfrog-cli-server | |
| - name: Set github user | |
| run: | | |
| git config --global user.name 'github-actions[bot]' | |
| git config --global user.email 'github-actions[bot]@users.noreply.github.com' | |
| # need to run npm install before npm version so that husky's precommit hooks rebuild the dist/ folder | |
| - name: install dependencies | |
| run: jf npm ci | |
| - name: Get the release level (major/minor/patch) from the labels | |
| uses: actions-ecosystem/action-release-label@955bf130fba6be3d99d2c14457d0dc7f176bc563 | |
| id: release-label | |
| if: ${{ needs.get_pull_request.outputs.pull_request_title != null }} | |
| with: | |
| labels: ${{ needs.get_pull_request.outputs.pull_request_labels }} | |
| - name: skip non-merge pushes | |
| if: ${{ needs.get_pull_request.outputs.pull_request_title == null }} | |
| run: echo "skipping build since this is not a merge of a pull request" && exit 1 | |
| - name: skip merges without a release label | |
| if: ${{ steps.release-label.outputs.level == null }} | |
| run: echo "skipping build since there is no release label on the merged PR" && exit 1 | |
| - name: Bump both git-tag and package.json version | |
| run: npm version "${{ steps.release-label.outputs.level }}" -m "${{ needs.get_pull_request.outputs.pull_request_title }}" | |
| # Temporarily disable and reenable enforce administrators | |
| - name: Temporarily disable "include administrators" branch protection | |
| uses: benjefferies/branch-protection-bot@1.0.9 | |
| if: always() | |
| with: | |
| access_token: ${{ secrets._GITHUB_TOKEN }} | |
| owner: Cox-Automotive | |
| repo: alks.js | |
| enforce_admins: false | |
| - name: Commit & Push changes | |
| uses: ad-m/github-push-action@8407731efefc0d8f72af254c74276b7a90be36e1 | |
| with: | |
| github_token: ${{ secrets._GITHUB_TOKEN }} | |
| branch: ${{ github.ref }} | |
| force: true # have to do this since there's a branch protection on master | |
| tags: true | |
| - name: Enable "include administrators" branch protection | |
| uses: benjefferies/branch-protection-bot@1.0.9 | |
| if: always() # Force to always run this step to ensure "include administrators" is always turned back on | |
| with: | |
| access_token: ${{ secrets._GITHUB_TOKEN }} | |
| owner: Cox-Automotive | |
| repo: alks.js | |
| enforce_admins: true | |
| - name: Get the latest tag | |
| id: previoustag | |
| uses: WyriHaximus/github-action-get-previous-tag@8656db79964f6757c940965c172d371ceedc8a7f | |
| with: | |
| fallback: 0.0.1 # Optional fallback tag to use when no tag can be found | |
| - name: Get the contents of the change log | |
| id: get_changelog | |
| run: echo "::set-output name=contents::$(cat CHANGELOG.md)" | |
| - uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets._GITHUB_TOKEN }} | |
| with: | |
| tag_name: ${{ steps.previoustag.outputs.tag }} | |
| release_name: ${{ steps.previoustag.outputs.tag }} | |
| body: ${{ steps.get_changelog.outputs.contents }} | |
| - name: Configure npm for npmjs publishing | |
| run: | | |
| echo "registry=https://registry.npmjs.org/" > .npmrc | |
| - name: Publish to npm with OIDC provenance | |
| run: | | |
| unset NODE_AUTH_TOKEN | |
| npm publish --provenance --access public |