Merge pull request #37 from badrap/changeset-release/main #87
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| on: | |
| push: | |
| branches: | |
| - main | |
| concurrency: ${{ github.workflow }}-${{ github.ref }} | |
| # Disable all permissions by default, requiring explicit permission definitions for all jobs. | |
| permissions: {} | |
| jobs: | |
| check: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 | |
| with: | |
| node-version: 24 | |
| # Allow caching, as this job can't write and doesn't produce any artifacts. | |
| cache: npm | |
| - run: npm ci | |
| - run: npm run lint | |
| - run: npm run typecheck | |
| changesets: | |
| needs: check | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| outputs: | |
| published: ${{ steps.changesets.outputs.published }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 | |
| with: | |
| node-version: 24 | |
| # Disable package manager cache to so that other jobs can't poison the NPM cache. | |
| package-manager-cache: false | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Create release pull request or GitHub release | |
| id: changesets | |
| uses: changesets/action@e0145edc7d9d8679003495b11f87bd8ef63c0cba # v1.5.3 | |
| with: | |
| version: npm run bump | |
| publish: npm run tag | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| build: | |
| needs: changesets | |
| if: needs.changesets.outputs.published == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| outputs: | |
| tarball: ${{ steps.pack.outputs.tarball }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 | |
| with: | |
| node-version: 24 | |
| # Disable package manager cache to so that other jobs can't poison the NPM cache. | |
| package-manager-cache: false | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build & pack the package | |
| id: pack | |
| run: | | |
| npm run build | |
| TARBALL=$(npm pack) | |
| echo "tarball=${TARBALL}" >> ${GITHUB_OUTPUT} | |
| - name: Upload build artifact | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: tarball | |
| path: ${{ steps.pack.outputs.tarball }} | |
| publish: | |
| environment: publish | |
| needs: | |
| - changesets | |
| - build | |
| if: needs.changesets.outputs.published == 'true' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| steps: | |
| - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 | |
| with: | |
| node-version: 24 | |
| # Disable package manager cache to so that other jobs can't poison the NPM cache. | |
| package-manager-cache: false | |
| - name: Download build artifact | |
| uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 | |
| with: | |
| name: tarball | |
| - name: Publish to npm | |
| run: npm publish ${TARBALL} | |
| env: | |
| TARBALL: ${{ needs.build.outputs.tarball }} |