-
Notifications
You must be signed in to change notification settings - Fork 0
117 lines (105 loc) · 3.97 KB
/
Copy pathrelease.yml
File metadata and controls
117 lines (105 loc) · 3.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# Auto-release to npm from version tags on main.
#
# The publish step is gated on a `vX.Y.Z` tag push to `main` — that requires
# both a merged commit on the protected default branch AND an explicit tag,
# both of which need write access to main. Release branches, PR pushes, and
# force-pushes to a release branch do NOT publish, even with valid npm creds.
#
# Required repo secret: NPM_TOKEN (npm "Automation" access token with publish
# rights for the `orbcode` package).
name: Release
on:
push:
tags:
- "v*"
workflow_dispatch:
inputs:
version:
description: "Version to publish (must match package.json). Leave empty to read from package.json."
required: false
type: string
permissions:
contents: write # create the GitHub Release
id-token: write # npm --provenance (requires a public GitHub repo)
concurrency:
group: release
cancel-in-progress: false
jobs:
release:
runs-on: ubuntu-latest
if: github.event_name != 'push' || startsWith(github.ref, 'refs/tags/v')
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
registry-url: https://registry.npmjs.org
cache: npm
- name: Install
run: npm ci
- name: Resolve and verify version
id: version
run: |
set -euo pipefail
PKG_VERSION=$(node -p "require('./package.json').version")
NAME=$(node -p "require('./package.json').name")
if [ "${{ github.event_name }}" = "push" ]; then
# Tag push: REF is refs/tags/vX.Y.Z
TAG_VERSION=${GITHUB_REF#refs/tags/v}
if [ "$TAG_VERSION" != "$PKG_VERSION" ]; then
echo "::error::Tag v$TAG_VERSION does not match package.json version $PKG_VERSION."
echo "::error::Update package.json (and this tag) to publish a coherent release."
exit 1
fi
VERSION="$TAG_VERSION"
else
# Manual dispatch: prefer the input, fall back to package.json.
VERSION="${{ inputs.version }}"
if [ -z "$VERSION" ]; then
VERSION="$PKG_VERSION"
fi
if [ "$VERSION" != "$PKG_VERSION" ]; then
echo "::error::Input version $VERSION does not match package.json version $PKG_VERSION."
exit 1
fi
fi
echo "name=$NAME" >> "$GITHUB_OUTPUT"
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
- name: Typecheck & build
run: |
npm run typecheck
npm run build
- name: Check whether this version is already on npm
id: check
run: |
NAME="${{ steps.version.outputs.name }}"
VERSION="${{ steps.version.outputs.version }}"
if npm view "$NAME@$VERSION" version >/dev/null 2>&1; then
echo "Version $VERSION already published — skipping."
echo "publish=false" >> "$GITHUB_OUTPUT"
else
echo "publish=true" >> "$GITHUB_OUTPUT"
fi
- name: Publish to npm
if: steps.check.outputs.publish == 'true'
# Drop --provenance if the repository is private (provenance needs a
# public repo and a `repository` field in package.json).
run: npm publish --provenance
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Create GitHub Release
if: steps.check.outputs.publish == 'true'
env:
GH_TOKEN: ${{ github.token }}
VERSION: ${{ steps.version.outputs.version }}
run: |
TARGET_SHA="${{ github.sha }}"
# For tag pushes, also publish from the tagged commit itself.
if [ "${{ github.event_name }}" = "push" ]; then
TARGET_SHA="$GITHUB_REF"
fi
gh release create "v$VERSION" \
--title "orbcode v$VERSION" \
--generate-notes \
--target "$TARGET_SHA" \
|| echo "Release v$VERSION already exists."