Skip to content

Enhance security recommendations for trusted publishers #2507

Enhance security recommendations for trusted publishers

Enhance security recommendations for trusted publishers #2507

Workflow file for this run

# This file is automatically added by @npmcli/template-oss. Do not edit.
name: Publish
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
workflow_call:
jobs:
build-and-upload:
permissions:
contents: read
pages: read
name: Build and Upload
if: github.repository_owner == 'npm'
runs-on: ubuntu-latest
defaults:
run:
shell: bash
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Git User
run: |
git config --global user.email "[email protected]"
git config --global user.name "npm CLI robot"
- name: Setup Node
uses: actions/setup-node@v4
id: node
with:
node-version: 22.x
check-latest: contains('22.x', '.x')
cache: npm
- name: Install Latest npm
uses: ./.github/actions/install-latest-npm
with:
node: ${{ steps.node.outputs.node-version }}
- name: Install Dependencies
run: npm i --no-audit --no-fund
- name: Rebuild deps
run: npm rebuild
- name: Setup Pages
uses: actions/configure-pages@v4
- name: Restore cache
id: cache-gatsby
uses: actions/cache/restore@v4
with:
key: ${{ runner.os }}-gatsby-${{ github.ref_name }}
path: |
public
.cache
- name: Build documentation
run: npm run build
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Save cache
uses: actions/cache/save@v4
with:
key: ${{ steps.cache-gatsby.outputs.cache-primary-key }}
path: |
public
.cache
- name: Upload artifact
uses: actions/upload-pages-artifact@v3
with:
path: './public'
deploy:
permissions:
pages: write
actions: read
id-token: write
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
needs: build-and-upload
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4
with:
preview: ${{ github.event_name == 'pull_request' }}