Publish releases #23
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish releases | |
| # Consolidates canary and stable releases into single workflow | |
| # Trusted workflow for publishing to npm | |
| on: | |
| push: | |
| branches: [master] | |
| workflow_dispatch: | |
| inputs: | |
| version_specifier: | |
| description: 'Semver bump (patch|minor|major|pre*) or exact version (v1.2.3)' | |
| required: true | |
| type: string | |
| env: | |
| NODE_VERSION: '20' | |
| jobs: | |
| release-stable: # stable releases can only be manually triggered | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| # If your GitHub App is configured with org Members:read, you can | |
| # generate an app token instead. For now, rely on a PAT with read:org. | |
| # - name: Generate GitHub App token (with org members:read) | |
| # id: app-token | |
| # uses: actions/create-github-app-token@v2 | |
| # with: | |
| # app-id: ${{ secrets.APP_ID }} | |
| # private-key: ${{ secrets.PRIVATE_KEY }} | |
| # owner: supabase | |
| - name: Check if actor is member of admin or client-libs team | |
| id: team-check | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{ secrets.RELEASE_GITHUB_TOKEN }} | |
| script: | | |
| const org = 'supabase' | |
| const { actor } = context | |
| async function isTeamMember(team_slug) { | |
| try { | |
| const res = await github.rest.teams.getMembershipForUserInOrg({ | |
| org, | |
| team_slug, | |
| username: actor, | |
| }) | |
| return res?.status === 200 | |
| } catch (err) { | |
| // 404 means not a member or team not visible to token | |
| return false | |
| } | |
| } | |
| const isAdmin = await isTeamMember('admin') | |
| const isClientLibs = await isTeamMember('client-libs') | |
| const isMember = Boolean(isAdmin || isClientLibs) | |
| core.setOutput('is_team_member', isMember ? 'true' : 'false') | |
| - name: Fail if not authorized | |
| if: steps.team-check.outputs.is_team_member != 'true' | |
| run: | | |
| echo "You must be a member of @supabase/admin or @supabase/client-libs." | |
| exit 1 | |
| # - uses: actions/checkout@v5 | |
| # with: | |
| # fetch-depth: 0 |