Trusted publishing, update CI #48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: [master] | |
| workflow_dispatch: # For dev publishing | |
| concurrency: ${{ github.workflow }}-${{ github.ref }} | |
| permissions: | |
| id-token: write # Required for OIDC / trusted publishing | |
| contents: write # Required for changesets pushing commits | |
| pull-requests: write # Required for changesets creating PRs | |
| jobs: | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v5 | |
| - name: Enable Corepack | |
| run: corepack enable | |
| - name: Setup Node.js 20 | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: 20 | |
| cache: yarn | |
| - name: Update npm | |
| run: | | |
| npm install -g npm@latest | |
| npm --version | |
| - name: Install Dependencies | |
| run: yarn install --frozen-lockfile | |
| - name: Create Release Pull Request or Publish to npm | |
| id: changesets | |
| uses: changesets/action@v1 | |
| if: ${{ github.event_name == 'push' }} | |
| with: | |
| # This expects you to have a script called release which does a build for your packages and calls changeset publish | |
| publish: yarn release | |
| version: yarn changeset version | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Dev publish | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| run: | | |
| yarn changeset version --no-git-tag --snapshot dev | |
| yarn changeset publish --tag dev | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |