@@ -3,6 +3,7 @@ name: Deploy
33on :
44 push :
55 branches :
6+ # Stable version branches
67 - 2023-04
78 - 2023-07
89 - 2023-10
1112 - 2024-07
1213 - 2024-10
1314 - 20[0-9][0-9]-[01][1470]
15+ # RC version branches
16+ - 20[0-9][0-9]-[01][1470]-rc
1417
1518concurrency : ${{ github.workflow }}-${{ github.ref }}
1619
1720jobs :
1821 changesets :
1922 name : Deploy
2023 runs-on : ubuntu-latest
24+ permissions :
25+ contents : read
26+ id-token : write # Required for OIDC
2127 steps :
2228 - uses : actions/checkout@v3
2329 with :
2430 token : ${{ secrets.SHOPIFY_GH_ACCESS_TOKEN }}
2531
2632 - uses : ./.github/workflows/actions/prepare
2733
34+ - name : Update npm to latest
35+ run : npm install -g npm@latest
36+
2837 - id : changesets
2938 name : Create release Pull Request or publish to NPM
30- uses : changesets/action@06245a4e0a36c064a573d4150030f5ec548e4fcc # v1.4.10
39+ uses : changesets/action@e0145edc7d9d8679003495b11f87bd8ef63c0cba # v1.5.3
3140 with :
3241 title : Version Packages (${{ github.ref_name }})
33- publish : yarn run deploy --tag ${{ github.ref_name }}
42+ publish : yarn run deploy --tag ${{ endsWith( github.ref_name, '-rc') && 'rc' || github.ref_name }} # RC publishes as `rc` tag, stable publishes as the version number
3443 createGithubReleases : false
3544 env :
36- NPM_TOKEN : ${{ secrets.NPM_TOKEN }}
45+ NPM_TOKEN : ' ' # Forces OIDC authentication
3746 GITHUB_TOKEN : ${{ secrets.SHOPIFY_GH_ACCESS_TOKEN }}
3847
3948 - name : Set 'latest' NPM dist tag
4049 if : steps.changesets.outputs.published == 'true' && github.ref_name == vars.LATEST_STABLE_VERSION
4150 env :
42- NPM_TOKEN : ${{ secrets.NPM_TOKEN }}
4351 PUBLISHED_PACKAGES : ${{ steps.changesets.outputs.publishedPackages }}
4452 run : |
45- cat << EOF > "$HOME/.npmrc"
46- //registry.npmjs.org/:_authToken=$NPM_TOKEN
47- EOF
4853 for pkg in $(echo "$PUBLISHED_PACKAGES" | jq -r '.[] | @base64'); do
4954 _jq() {
5055 echo ${pkg} | base64 --decode | jq -r ${1}
0 commit comments