feat(publish-npm): add dry-run option (#71)

PierreJeanjacquot · web-flow · commit d8a0c3389b39 · 2025-07-02T11:03:41.000+02:00
* feat(publish-npm): add dry-run option

* chore(publish-npm): remove unused input
diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml
@@ -4,85 +4,85 @@ on:
   workflow_call:
     inputs:
       scope:
-        description: 'NPM package scope (e.g., @iexec)'
-        default: '@iexec'
+        description: "NPM package scope (e.g., @iexec)"
+        default: "@iexec"
         type: string
       node-version:
-        description: 'Node.js version to use'
-        default: '20'
+        description: "Node.js version to use"
+        default: "20"
         type: string
       registry:
-        description: 'NPM registry URL'
-        default: 'https://registry.npmjs.org'
+        description: "NPM registry URL"
+        default: "https://registry.npmjs.org"
         type: string
       access:
-        description: 'Package access (public/restricted)'
-        default: 'public'
+        description: "Package access (public/restricted)"
+        default: "public"
         type: string
       provenance:
-        description: 'Enable npm provenance'
+        description: "Enable npm provenance"
         default: true
         type: boolean
       install-command:
-        description: 'Install dependencies command'
-        default: 'npm ci'
+        description: "Install dependencies command"
+        default: "npm ci"
         type: string
       build-command:
-        description: 'Build package command'
-        default: 'npm run build'
+        description: "Build package command"
+        default: "npm run build"
         type: string
       run-tests:
-        description: 'Execute unit tests step'
+        description: "Execute unit tests step"
         default: false
         type: boolean
       test-command:
-        description: 'Run unit tests command'
-        default: 'npm test --if-present'
+        description: "Run unit tests command"
+        default: "npm test --if-present"
         type: string
       lint-command:
-        description: 'Run linting command'
-        default: 'npm run lint --if-present'
+        description: "Run linting command"
+        default: "npm run lint --if-present"
         type: string
       type-check-command:
-        description: 'Run type-checking command'
-        default: 'npm run check-types --if-present'
+        description: "Run type-checking command"
+        default: "npm run check-types --if-present"
         type: string
       format-check-command:
-        description: 'Run format-checking command'
-        default: 'npm run check-format --if-present'
+        description: "Run format-checking command"
+        default: "npm run check-format --if-present"
         type: string
       environment:
-        description: 'GitHub environment'
-        default: 'production'
+        description: "GitHub environment"
+        default: "production"
         type: string
       tag:
-        description: 'npm publish tag (e.g., latest, nightly)'
-        default: ''
-        type: string
-      tag-prefix:
-        description: 'Prefix for Git tag'
-        default: 'v'
+        description: "npm publish tag (e.g., latest, nightly)"
+        default: ""
         type: string
       working-directory:
-        description: 'Directory containing package.json'
-        default: ''
+        description: "Directory containing package.json"
+        default: ""
         type: string
       artifact-name:
-        description: 'Name of an artifact to download before the build (leave empty to skip)'
-        default: ''
+        description: "Name of an artifact to download before the build (leave empty to skip)"
+        default: ""
         type: string
       artifact-path:
-        description: 'Destination path for the downloaded artifact'
-        default: ''
+        description: "Destination path for the downloaded artifact"
+        default: ""
         type: string
       version:
-        description: 'Version to publish (leave empty to use package.json version)'
-        default: ''
+        description: "Version to publish (leave empty to use package.json version)"
+        default: ""
         type: string
+      dry-run:
+        description: "Run in dry-run mode (the package will not be published)"
+        default: false
+        type: boolean
     secrets:
       npm-token:
-        description: 'NPM auth token'
-        required: true
+        description: "NPM auth token (required unless `dry-run: true`)"
+        required: false
 
 jobs:
   build:
@@ -93,6 +93,16 @@ jobs:
       packages: write
       id-token: write
     steps:
+      - name: Ensure npm-token
+        if: ${{ !inputs.dry-run }}
+        run: |
+          if [ -n "${{ secrets.npm-token }}" ]; then
+            echo "`npm-token` secret is set"
+          else
+            echo "Missing `npm-token` secret (required unless `dry-run: true`)"
+            exit 1
+          fi
+
       - name: Download extra artifact
         if: ${{ inputs.artifact-name != '' }}
         uses: actions/download-artifact@v4
@@ -111,7 +121,7 @@ jobs:
       - name: Install dependencies
         working-directory: ${{ inputs.working-directory }}
         run: ${{ inputs.install-command }}
-        
+
       - name: Override version
         if: ${{ inputs.version != '' }}
         working-directory: ${{ inputs.working-directory }}
@@ -149,8 +159,14 @@ jobs:
             TAG_OPT="--tag ${{ inputs.tag }}"
           fi
 
+          DRY_RUN_OPT=""
+          if [ "${{ inputs.dry-run }}" = "true" ]; then
+            DRY_RUN_OPT="--dry-run"
+          fi
+
+          PROVENANCE_OPT=""
           if [ "${{ inputs.provenance }}" = "true" ]; then
-            npm publish --access ${{ inputs.access }} $TAG_OPT --provenance
-          else
-            npm publish --access ${{ inputs.access }} $TAG_OPT
+            PROVENANCE_OPT="--provenance"
           fi
+
+          npm publish --access ${{ inputs.access }} $TAG_OPT $DRY_RUN_OPT $PROVENANCE_OPT
diff --git a/publish-npm/README.md b/publish-npm/README.md
@@ -20,7 +20,7 @@ for the package scope, Node.js version, registry URL, and other options. The wor
 ## Workflow Inputs 🛠️
 
 | **Input**                | **Description**                                               | **Required** | **Default**                         |
-|--------------------------|---------------------------------------------------------------|--------------|-------------------------------------|
+| ------------------------ | ------------------------------------------------------------- | ------------ | ----------------------------------- |
 | **scope**                | NPM package scope (e.g., `@iexec`).                           | No           | `@iexec`                            |
 | **node-version**         | Node.js version to use.                                       | No           | `20`                                |
 | **registry**             | NPM registry URL.                                             | No           | `https://registry.npmjs.org`        |
@@ -35,17 +35,17 @@ for the package scope, Node.js version, registry URL, and other options. The wor
 | **format-check-command** | Run format-checking command.                                  | No           | `npm run check-format --if-present` |
 | **environment**          | GitHub environment.                                           | No           | `production`                        |
 | **tag**                  | npm publish tag (e.g., latest, nightly).                      | No           | `''` (empty string)                 |
-| **tag-prefix**           | Prefix for Git tag.                                           | No           | `v`                                 |
 | **working-directory**    | Directory containing package.json.                            | No           | `''` (empty string)                 |
 | **artifact-name**        | Name of an artifact to download before the build.             | No           | `''` (empty string)                 |
 | **artifact-path**        | Destination path for the downloaded artifact.                 | No           | `''` (empty string)                 |
 | **version**              | Version to publish (leave empty to use package.json version). | No           | `''` (empty string)                 |
+| **dry-run**              | Run in dry-run mode (the package will not be published).      | No           | `false`                             |
 
 ### Secrets 🔐
 
-| **Secret**    | **Description** | **Required** |
-|---------------|-----------------|--------------|
-| **npm-token** | NPM auth token. | Yes          |
+| **Secret**    | **Description**                                    | **Required** |
+| ------------- | -------------------------------------------------- | ------------ |
+| **npm-token** | NPM auth token (required unless `dry-run: true`)". | No           |
 
 ## Job and Steps ⚙️
 
@@ -54,9 +54,9 @@ for the package scope, Node.js version, registry URL, and other options. The wor
 - **Runs On**: `ubuntu-latest`.
 - **Environment**: Uses the environment specified in `inputs.environment`.
 - **Permissions**:
-    - `contents: read` – to access repository contents. 🔍
-    - `packages: write` – to allow package publication. ✨
-    - `id-token: write` – for authentication purposes. 🔑
+  - `contents: read` – to access repository contents. 🔍
+  - `packages: write` – to allow package publication. ✨
+  - `id-token: write` – for authentication purposes. 🔑
 
 ## How to Use This Reusable Workflow 🔄
 
@@ -76,14 +76,13 @@ for the package scope, Node.js version, registry URL, and other options. The wor
      publish:
        uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/publish-npm.yml@main
        with:
-         node-version: '22'
-         build-command: 'npm run build:prod'
+         node-version: "22"
+         build-command: "npm run build:prod"
          run-tests: true
-         test-command: 'npm run test:ci'
-         lint-command: 'npm run lint'
-         type-check-command: 'npm run check-types'
-         format-check-command: 'npm run check-format'
-         tag-prefix: 'v'
+         test-command: "npm run test:ci"
+         lint-command: "npm run lint"
+         type-check-command: "npm run check-types"
+         format-check-command: "npm run check-format"
          # Optional: Download an artifact before building
          # artifact-name: 'my-build-artifact'
          # artifact-path: './dist'
