fix: Adding NPM_TOKEN to git release workflow

RedEagle-dh · RedEagle-dh · commit f518935c5472 · 2026-01-10T14:33:25.000+01:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,165 +1,167 @@
 name: Release
 
 on:
-  push:
-    tags:
-      - 'v*'
-  workflow_dispatch:
-    inputs:
-      version:
-        description: 'Version to release (e.g., 2.0.1)'
-        required: true
-        type: string
-      dry_run:
-        description: 'Dry run (skip npm publish)'
-        required: false
-        type: boolean
-        default: false
+    push:
+        tags:
+            - "v*"
+    workflow_dispatch:
+        inputs:
+            version:
+                description: "Version to release (e.g., 2.0.1)"
+                required: true
+                type: string
+            dry_run:
+                description: "Dry run (skip npm publish)"
+                required: false
+                type: boolean
+                default: false
 
 permissions:
-  contents: write
-  id-token: write  # Required for npm provenance/trusted publishing
+    contents: write
+    id-token: write # Required for npm provenance/trusted publishing
 
 jobs:
-  build:
-    strategy:
-      matrix:
-        include:
-          - os: ubuntu-latest
-            target: x86_64-unknown-linux-gnu
-            npm-dir: linux-x64
-            binary: zenv
-          - os: ubuntu-latest
-            target: aarch64-unknown-linux-gnu
-            npm-dir: linux-arm64
-            binary: zenv
-          - os: macos-latest
-            target: x86_64-apple-darwin
-            npm-dir: darwin-x64
-            binary: zenv
-          - os: macos-latest
-            target: aarch64-apple-darwin
-            npm-dir: darwin-arm64
-            binary: zenv
-          - os: windows-latest
-            target: x86_64-pc-windows-msvc
-            npm-dir: win32-x64
-            binary: zenv.exe
-
-    runs-on: ${{ matrix.os }}
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install Rust
-        uses: dtolnay/rust-toolchain@stable
-        with:
-          targets: ${{ matrix.target }}
-
-      - name: Install cross (Linux ARM64)
-        if: matrix.target == 'aarch64-unknown-linux-gnu'
-        run: cargo install cross
-
-      - name: Build (native)
-        if: matrix.target != 'aarch64-unknown-linux-gnu'
-        run: cargo build --release --target ${{ matrix.target }}
-
-      - name: Build (cross)
-        if: matrix.target == 'aarch64-unknown-linux-gnu'
-        run: cross build --release --target ${{ matrix.target }}
-
-      - name: Prepare npm package
-        shell: bash
-        run: |
-          mkdir -p npm/${{ matrix.npm-dir }}/bin
-          cp target/${{ matrix.target }}/release/${{ matrix.binary }} npm/${{ matrix.npm-dir }}/bin/
-
-      - name: Upload artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ matrix.npm-dir }}
-          path: npm/${{ matrix.npm-dir }}
-
-  publish:
-    needs: build
-    runs-on: ubuntu-latest
-    environment: npm-publish  # Optional: use GitHub environment for extra protection
-    permissions:
-      contents: write
-      id-token: write  # Required for npm provenance
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-          registry-url: 'https://registry.npmjs.org'
-
-      - name: Download all artifacts
-        uses: actions/download-artifact@v4
-        with:
-          path: npm-artifacts
-
-      - name: Prepare packages
-        run: |
-          # Copy built binaries to npm package directories
-          for dir in npm-artifacts/*/; do
-            name=$(basename "$dir")
-            cp -r "$dir"/* "npm/$name/"
-          done
-
-          # Copy main binary to zenv package for fallback
-          mkdir -p npm/zenv/bin
-          cp npm/linux-x64/bin/zenv npm/zenv/bin/ || true
-
-      - name: Update versions (manual dispatch)
-        if: ${{ inputs.version }}
-        run: |
-          VERSION="${{ inputs.version }}"
-          for pkg in npm/*/package.json; do
-            sed -i "s/\"version\": \"[^\"]*\"/\"version\": \"$VERSION\"/" "$pkg"
-            # Also update optionalDependencies versions in main package
-            if [[ "$pkg" == "npm/zenv/package.json" ]]; then
-              sed -i "s/@modlogtv\/zenv-\([^\"]*\)\": \"[^\"]*\"/@modlogtv\/zenv-\1\": \"$VERSION\"/g" "$pkg"
-            fi
-          done
-          echo "Updated all packages to version $VERSION"
-
-      - name: Publish @modlogtv/zenv-linux-x64
-        if: ${{ !inputs.dry_run }}
-        working-directory: npm/linux-x64
-        run: npm publish --access public --provenance
-
-      - name: Publish @modlogtv/zenv-linux-arm64
-        if: ${{ !inputs.dry_run }}
-        working-directory: npm/linux-arm64
-        run: npm publish --access public --provenance
-
-      - name: Publish @modlogtv/zenv-darwin-x64
-        if: ${{ !inputs.dry_run }}
-        working-directory: npm/darwin-x64
-        run: npm publish --access public --provenance
-
-      - name: Publish @modlogtv/zenv-darwin-arm64
-        if: ${{ !inputs.dry_run }}
-        working-directory: npm/darwin-arm64
-        run: npm publish --access public --provenance
-
-      - name: Publish @modlogtv/zenv-win32-x64
-        if: ${{ !inputs.dry_run }}
-        working-directory: npm/win32-x64
-        run: npm publish --access public --provenance
-
-      - name: Publish @modlogtv/zenv
-        if: ${{ !inputs.dry_run }}
-        working-directory: npm/zenv
-        run: npm publish --access public --provenance
-
-      - name: Create GitHub Release
-        if: ${{ !inputs.dry_run }}
-        uses: softprops/action-gh-release@v1
-        with:
-          tag_name: ${{ inputs.version && format('v{0}', inputs.version) || github.ref_name }}
-          files: |
-            npm-artifacts/*/bin/*
-          generate_release_notes: true
+    build:
+        strategy:
+            matrix:
+                include:
+                    - os: ubuntu-latest
+                      target: x86_64-unknown-linux-gnu
+                      npm-dir: linux-x64
+                      binary: zenv
+                    - os: ubuntu-latest
+                      target: aarch64-unknown-linux-gnu
+                      npm-dir: linux-arm64
+                      binary: zenv
+                    - os: macos-latest
+                      target: x86_64-apple-darwin
+                      npm-dir: darwin-x64
+                      binary: zenv
+                    - os: macos-latest
+                      target: aarch64-apple-darwin
+                      npm-dir: darwin-arm64
+                      binary: zenv
+                    - os: windows-latest
+                      target: x86_64-pc-windows-msvc
+                      npm-dir: win32-x64
+                      binary: zenv.exe
+
+        runs-on: ${{ matrix.os }}
+        steps:
+            - uses: actions/checkout@v4
+
+            - name: Install Rust
+              uses: dtolnay/rust-toolchain@stable
+              with:
+                  targets: ${{ matrix.target }}
+
+            - name: Install cross (Linux ARM64)
+              if: matrix.target == 'aarch64-unknown-linux-gnu'
+              run: cargo install cross
+
+            - name: Build (native)
+              if: matrix.target != 'aarch64-unknown-linux-gnu'
+              run: cargo build --release --target ${{ matrix.target }}
+
+            - name: Build (cross)
+              if: matrix.target == 'aarch64-unknown-linux-gnu'
+              run: cross build --release --target ${{ matrix.target }}
+
+            - name: Prepare npm package
+              shell: bash
+              run: |
+                  mkdir -p npm/${{ matrix.npm-dir }}/bin
+                  cp target/${{ matrix.target }}/release/${{ matrix.binary }} npm/${{ matrix.npm-dir }}/bin/
+
+            - name: Upload artifact
+              uses: actions/upload-artifact@v4
+              with:
+                  name: ${{ matrix.npm-dir }}
+                  path: npm/${{ matrix.npm-dir }}
+
+    publish:
+        needs: build
+        runs-on: ubuntu-latest
+        environment: npm-publish
+        permissions:
+            contents: write
+            id-token: write # Required for npm provenance
+        env:
+            NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        steps:
+            - uses: actions/checkout@v4
+
+            - name: Setup Node.js
+              uses: actions/setup-node@v4
+              with:
+                  node-version: "20"
+                  registry-url: "https://registry.npmjs.org"
+
+            - name: Download all artifacts
+              uses: actions/download-artifact@v4
+              with:
+                  path: npm-artifacts
+
+            - name: Prepare packages
+              run: |
+                  # Copy built binaries to npm package directories
+                  for dir in npm-artifacts/*/; do
+                    name=$(basename "$dir")
+                    cp -r "$dir"/* "npm/$name/"
+                  done
+
+                  # Copy main binary to zenv package for fallback
+                  mkdir -p npm/zenv/bin
+                  cp npm/linux-x64/bin/zenv npm/zenv/bin/ || true
+
+            - name: Update versions (manual dispatch)
+              if: ${{ inputs.version }}
+              run: |
+                  VERSION="${{ inputs.version }}"
+                  for pkg in npm/*/package.json; do
+                    sed -i "s/\"version\": \"[^\"]*\"/\"version\": \"$VERSION\"/" "$pkg"
+                    # Also update optionalDependencies versions in main package
+                    if [[ "$pkg" == "npm/zenv/package.json" ]]; then
+                      sed -i "s/@modlogtv\/zenv-\([^\"]*\)\": \"[^\"]*\"/@modlogtv\/zenv-\1\": \"$VERSION\"/g" "$pkg"
+                    fi
+                  done
+                  echo "Updated all packages to version $VERSION"
+
+            - name: Publish @modlogtv/zenv-linux-x64
+              if: ${{ !inputs.dry_run }}
+              working-directory: npm/linux-x64
+              run: npm publish --access public --provenance
+
+            - name: Publish @modlogtv/zenv-linux-arm64
+              if: ${{ !inputs.dry_run }}
+              working-directory: npm/linux-arm64
+              run: npm publish --access public --provenance
+
+            - name: Publish @modlogtv/zenv-darwin-x64
+              if: ${{ !inputs.dry_run }}
+              working-directory: npm/darwin-x64
+              run: npm publish --access public --provenance
+
+            - name: Publish @modlogtv/zenv-darwin-arm64
+              if: ${{ !inputs.dry_run }}
+              working-directory: npm/darwin-arm64
+              run: npm publish --access public --provenance
+
+            - name: Publish @modlogtv/zenv-win32-x64
+              if: ${{ !inputs.dry_run }}
+              working-directory: npm/win32-x64
+              run: npm publish --access public --provenance
+
+            - name: Publish @modlogtv/zenv
+              if: ${{ !inputs.dry_run }}
+              working-directory: npm/zenv
+              run: npm publish --access public --provenance
+
+            - name: Create GitHub Release
+              if: ${{ !inputs.dry_run }}
+              uses: softprops/action-gh-release@v1
+              with:
+                  tag_name: ${{ inputs.version && format('v{0}', inputs.version) || github.ref_name }}
+                  files: |
+                      npm-artifacts/*/bin/*
+                  generate_release_notes: true
