v1.0.0 Switch to ESM #13
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: npm publish | |
| on: | |
| release: | |
| types: [published] | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'Release tag to publish (e.g. v0.9.0)' | |
| required: true | |
| type: string | |
| permissions: {} | |
| jobs: | |
| verify: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ inputs.tag || github.ref }} | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: '24.x' | |
| - run: npm ci | |
| - name: Validate package repository url | |
| run: | | |
| REPO=$(node -p "(() => { const r=require('./package.json').repository; return (typeof r==='string')?r:(r&&r.url)||'' })()") | |
| echo "package.json repository.url = $REPO" | |
| test "$REPO" = "git+https://github.com/albe/node-event-storage.git" \ | |
| || { echo "ERROR: repository.url must be git+https://github.com/albe/node-event-storage.git for npm OIDC trusted publishing"; exit 1; } | |
| - name: Validate version | |
| run: | | |
| echo "GITHUB_REF=$GITHUB_REF" | |
| VERSION="$(node -p "require('./package.json').version")" | |
| TAG="${{ inputs.tag || github.event.release.tag_name }}" | |
| echo "tag=$TAG version=$VERSION" | |
| test "v$VERSION" = "$TAG" || { echo "ERROR: Tag ($TAG) does not match package.json version (v$VERSION)"; exit 1; } | |
| - name: Pack | |
| run: npm pack | |
| - name: Verify pack contents | |
| run: | | |
| TARBALL=$(ls event-storage-*.tgz) | |
| FILES=$(tar tzf "$TARBALL") | |
| echo "$FILES" | |
| # Required files must be present | |
| REQUIRED=( | |
| "package/index.js" | |
| "package/src/EventStore.js" | |
| "package/src/Storage.js" | |
| "package/src/Partition.js" | |
| "package/src/Index.js" | |
| "package/src/metadataUtil.js" | |
| ) | |
| for f in "${REQUIRED[@]}"; do | |
| echo "$FILES" | grep -qF "$f" || { echo "ERROR: required file '$f' is missing from the package"; exit 1; } | |
| done | |
| # Sensitive / unwanted files must not be present | |
| FORBIDDEN=( | |
| "\.env" | |
| "node_modules/" | |
| "/data/" | |
| ) | |
| for pattern in "${FORBIDDEN[@]}"; do | |
| if echo "$FILES" | grep -qE "$pattern"; then | |
| echo "ERROR: package contains files matching forbidden pattern '$pattern'" | |
| exit 1 | |
| fi | |
| done | |
| echo "Package contents verified successfully." | |
| - name: Install pack into bench and run smoke test | |
| run: | | |
| TARBALL="$(pwd)/$(ls event-storage-*.tgz)" | |
| cd bench | |
| npm ci --ignore-scripts | |
| npm install --ignore-scripts --no-save "$TARBALL" | |
| npm run bench | |
| publish: | |
| needs: verify | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ inputs.tag || github.ref }} | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: '24.x' | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: "Update npm" | |
| run: npm install -g npm@latest | |
| - run: npm ci --ignore-scripts | |
| - run: npm publish --provenance --access public |