npmjs #5
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: npmjs | |
| on: | |
| release: | |
| types: [published] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: master | |
| - name: Import GPG key | |
| run: | | |
| echo "$GPG_PRIVATE_KEY" | gpg --batch --import | |
| GPG_KEY_ID=$(gpg --list-secret-keys --keyid-format=long | grep sec | awk '{print $2}' | cut -d'/' -f2) | |
| echo "GPG_KEY_ID=$GPG_KEY_ID" >> $GITHUB_ENV | |
| env: | |
| GPG_PRIVATE_KEY: ${{ secrets.PRIVATE_GPG_KEY }} | |
| - name: Verify GPG Key Import | |
| run: | | |
| gpg --list-secret-keys --keyid-format=long | |
| - name: Configure GPG for Non-Interactive Signing | |
| run: | | |
| echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf | |
| echo "use-agent" >> ~/.gnupg/gpg.conf | |
| echo "default-key $GPG_KEY_ID" >> ~/.gnupg/gpg.conf | |
| echo "default-recipient $GPG_KEY_ID" >> ~/.gnupg/gpg.conf | |
| echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf | |
| echo "enable-ssh-support" >> ~/.gnupg/gpg-agent.conf | |
| gpgconf --reload gpg-agent | |
| gpg --batch --passphrase "$GPG_PASSPHRASE" --pinentry-mode loopback --export-secret-keys "$GPG_KEY_ID" > /dev/null | |
| env: | |
| GPG_PASSPHRASE: ${{ secrets.PASSPHRASE }} | |
| GPG_KEY_ID: ${{ env.GPG_KEY_ID }} | |
| - name: Set GPG_TTY | |
| run: | | |
| echo "export GPG_TTY=$(tty)" >> ~/.bashrc | |
| source ~/.bashrc | |
| - name: Restart GPG Agent if Necessary | |
| run: | | |
| if pgrep -x "gpg-agent" > /dev/null; then | |
| echo "gpg-agent is already running. Skipping restart." | |
| else | |
| echo "Starting gpg-agent..." | |
| gpg-agent --daemon | |
| fi | |
| - name: Configure Git for GPG Signing | |
| run: | | |
| git config --global user.name "Irfan Shadik Rishad" | |
| git config --global user.email "irfanshadikrishad@gmail.com" | |
| git config --global commit.gpgSign true | |
| git config --global user.signingkey "$GPG_KEY_ID" | |
| git config --global gpg.program gpg | |
| env: | |
| GPG_KEY_ID: ${{ env.GPG_KEY_ID }} | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20.x" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Bump Version | |
| run: | | |
| npm version patch --no-git-tag-version | |
| - name: Get Version | |
| id: version | |
| run: | | |
| VERSION=$(node -p "require('./package.json').version") | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| shell: bash | |
| - name: Commit the Version (Signed) | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| VERSION: ${{ env.VERSION }} | |
| run: | | |
| git add package.json package-lock.json | |
| git commit -S -m "npmjs: v${VERSION}" | |
| git push origin master | |
| - name: Install Dependencies | |
| run: npm ci | |
| - name: Build Project | |
| run: npm run build | |
| - name: Publish Package | |
| run: npm publish --provenance --access public | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |