|
| 1 | +# publish |
| 2 | + |
| 3 | +The `actions/nodejs/publish` action provides a way to publish a Node.js package |
| 4 | +tarball and attestations generated by the |
| 5 | +[Node.js builder](../../../internal/builders/nodejs/README.md) to the |
| 6 | +[official npm registy](https://www.npmjs.com/). |
| 7 | + |
| 8 | +## Example |
| 9 | + |
| 10 | +Here is an example of building a Node.js package with the Node.js builder and |
| 11 | +publishing it using the `publish` action. |
| 12 | + |
| 13 | +```yaml |
| 14 | +jobs: |
| 15 | + build: |
| 16 | + permissions: |
| 17 | + id-token: write |
| 18 | + contents: read |
| 19 | + actions: read |
| 20 | + if: startsWith(github.ref, 'refs/tags/') |
| 21 | + uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] |
| 22 | + with: |
| 23 | + run-scripts: "ci, build" |
| 24 | + |
| 25 | + publish: |
| 26 | + needs: [build] |
| 27 | + runs-on: ubuntu-latest |
| 28 | + steps: |
| 29 | + - name: Set up Node registry authentication |
| 30 | + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 |
| 31 | + with: |
| 32 | + # Use the official npm registry. |
| 33 | + registry-url: "https://registry.npmjs.org" |
| 34 | + |
| 35 | + - name: publish |
| 36 | + id: publish |
| 37 | + uses: slsa-framework/slsa-github-generator/actions/nodejs/[email protected] |
| 38 | + with: |
| 39 | + access: public |
| 40 | + node-auth-token: ${{ secrets.NPM_TOKEN }} |
| 41 | + package-name: ${{ needs.build.outputs.package-name }} |
| 42 | + package-download-name: ${{ needs.build.outputs.package-download-name }} |
| 43 | + package-download-sha256: ${{ needs.build.outputs.package-download-sha256 }} |
| 44 | + provenance-name: ${{ needs.build.outputs.provenance-name }} |
| 45 | + provenance-download-name: ${{ needs.build.outputs.provenance-download-name }} |
| 46 | + provenance-download-sha256: ${{ needs.build.outputs.provenance-download-sha256 }} |
| 47 | +``` |
| 48 | +
|
| 49 | +This will publish the tarball and provenance created built by the Node.js |
| 50 | +builder to the official registry. |
| 51 | +
|
| 52 | +## Inputs |
| 53 | +
|
| 54 | +| Name | Required | Default | Description | |
| 55 | +| ---------------------------- | -------- | ---------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | |
| 56 | +| `access` | no | 'restricted' for scoped packages, 'public' for unscoped packages | The package access level. See [`npm help access`](https://docs.npmjs.com/cli/v9/commands/npm-access) for more information. | |
| 57 | +| `dist-tag` | no | "latest" | The package dist-tag to attach. See [`npm help dist-tag`](https://docs.npmjs.com/cli/v9/commands/npm-dist-tag) for more information. | |
| 58 | +| `node-auth-token` | yes | | The npm registry auth token used to publish the package. See [About access tokens](https://docs.npmjs.com/about-access-tokens) for more information. | |
| 59 | +| `package-name` | yes | | The file name for the package tarball in the artifact. | |
| 60 | +| `package-download-name` | yes | | The GitHub Actions artifact name for the package tarball. | |
| 61 | +| `package-download-sha256` | yes | | The sha256 of the package tarball artifact. | |
| 62 | +| `provenance-name` | yes | | The file name for the package provenance in the artifact. | |
| 63 | +| `provenance-download-name` | yes | | The GitHub Actions artifact name for the package provenance. | |
| 64 | +| `provenance-download-sha256` | yes | | The sha256 of the package provenance artifact. | |
| 65 | + |
| 66 | +## Outputs |
| 67 | + |
| 68 | +There are no outputs. |
0 commit comments