8585 contents : write
8686 steps :
8787 - uses : actions/checkout@v4
88+ with :
89+ fetch-depth : 0
90+ fetch-tags : true
91+ - run : git fetch --tags --force
8892 - uses : actions/download-artifact@v4
8993 with :
9094 path : artifacts
@@ -99,16 +103,40 @@ jobs:
99103 TARBALLS=$(ls artifacts/*.tar.xz | tr '\n' ',')
100104 CHECKSUMS=$(ls artifacts/*.sha256 | tr '\n' ',')
101105 echo "list=${TARBALLS}${CHECKSUMS}" >> $GITHUB_OUTPUT
106+ id : release-body
107+ env :
108+ VERSION : ${{ needs.compute-version.outputs.version }}
109+ run : |
110+ CURRENT_TAG="cli_v$VERSION"
111+ PREV_TAG=""
112+ LAST_TAG=""
113+
114+ while IFS= read -r tag; do
115+ if [[ "$tag" == "$CURRENT_TAG" ]]; then
116+ PREV_TAG="$LAST_TAG"
117+ break
118+ fi
119+ LAST_TAG="$tag"
120+ done < <(git tag -l 'cli_v*' --sort=v:refname)
121+
122+ if [[ -n "$PREV_TAG" ]]; then
123+ echo "value=https://github.com/${{ github.repository }}/compare/$PREV_TAG...$CURRENT_TAG" >> "$GITHUB_OUTPUT"
124+ else
125+ echo "value=https://github.com/${{ github.repository }}/commits/${{ github.sha }}" >> "$GITHUB_OUTPUT"
126+ fi
102127uses : ncipollo/release-action@v1
103128 with :
104129 tag : cli_v${{ needs.compute-version.outputs.version }}
105- name : char v${{ needs.compute-version.outputs.version }}
130+ name : cli_v${{ needs.compute-version.outputs.version }}
131+ body : ${{ steps.release-body.outputs.value }}
106132 prerelease : ${{ inputs.channel == 'nightly' }}
107133 artifacts : ${{ steps.artifacts.outputs.list }}
108134
109135 publish-npm :
110136 needs : [compute-version, release]
111137 runs-on : ubuntu-latest
138+ permissions :
139+ id-token : write
112140 steps :
113141 - uses : actions/checkout@v4
114142 - uses : actions/setup-node@v4
@@ -125,6 +153,4 @@ jobs:
125153 pkg.version = '$VERSION';
126154 fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2) + '\n');
127155 "
128- npm publish --access public --tag "$NPM_TAG"
129- env:
130- NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
156+ npm publish --tag "$NPM_TAG" --provenance
0 commit comments