ci: upgrade Node.js to 24 and actions/cache to v4 for OIDC publish su… #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Package Release | |
| on: | |
| push: | |
| branches: | |
| - latest-release | |
| - beta | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| issues: write | |
| pull-requests: write | |
| id-token: write # Required for npm OIDC trusted publishing | |
| concurrency: | |
| group: release-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| release-builder: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: packages/builder | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Important for semantic release to work correctly | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "24" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v2 | |
| with: | |
| version: "10.8.1" | |
| run_install: false | |
| - name: Get pnpm store directory | |
| id: pnpm-cache | |
| shell: bash | |
| run: | | |
| echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT | |
| - uses: actions/cache@v4 | |
| name: Setup pnpm cache | |
| with: | |
| path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| working-directory: . | |
| - name: Build package | |
| run: pnpm build | |
| working-directory: . | |
| - name: Semantic Release | |
| id: semantic | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: pnpm semantic-release | |
| - name: Publish to npm with OIDC | |
| if: steps.semantic.outcome == 'success' | |
| run: | | |
| # Check if package.json version was updated (not 0.0.0-development) | |
| VERSION=$(node -p "require('./package.json').version") | |
| if [ "$VERSION" != "0.0.0-development" ]; then | |
| echo "Publishing version $VERSION to npm with OIDC provenance..." | |
| npm publish --provenance --access public | |
| else | |
| echo "No new version to publish" | |
| fi | |