chore: update npm publishing to use OIDC authentication (#213) #125
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: [push] | |
| jobs: | |
| compile: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Set up node | |
| uses: actions/setup-node@v3 | |
| - name: Compile | |
| run: yarn && yarn build | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Set up node | |
| uses: actions/setup-node@v3 | |
| - name: Compile | |
| run: yarn && yarn test:unit | |
| publish: | |
| needs: [ compile ] | |
| if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # Required for OIDC | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Set up node | |
| uses: actions/setup-node@v3 | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Build | |
| run: yarn build | |
| - name: Publish to npm | |
| run: | | |
| publish() { # use latest npm to ensure OIDC support | |
| npx -y npm@latest publish "$@" | |
| } | |
| if [[ ${GITHUB_REF} == *alpha* ]]; then | |
| publish --access public --tag alpha | |
| elif [[ ${GITHUB_REF} == *beta* ]]; then | |
| publish --access public --tag beta | |
| else | |
| publish --access public | |
| fi |