Skip to content

Commit 40aa87b

Browse files
alanscodelogalanscodelog
committed
build: added trusted publishing
1 parent ded7901 commit 40aa87b

3 files changed

Lines changed: 18 additions & 21 deletions

File tree

.github/actions/composite-build/action.yml

Lines changed: 4 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,31 +1,18 @@
11
name: Build
2-
inputs:
3-
build_script:
4-
required: false
5-
type: boolean
6-
default: "pnpm build"
7-
lint_script:
8-
required: false
9-
type: boolean
10-
default: "pnpm lint"
11-
test_script:
12-
required: false
13-
type: boolean
14-
default: "pnpm test"
152

163
# note it cannot contain the checkout, the must be checked out in the calling workflow or it will not be able to find the composite action
174
runs:
185
using: "composite"
196
steps:
20-
- run: ${{ inputs.build_script }}
7+
- run: pnpm build
218
shell: bash
229

23-
- run: ${{ inputs.lint_script }}
10+
- run: pnpm lint
2411
shell: bash
2512

26-
- run: ${{ inputs.test_script }}
13+
- run: pnpm test
2714
shell: bash
28-
15+
2916
- name: Coverage
3017
if: ${{ github.event_name == 'pull_request' }}
3118
uses: romeovs/lcov-reporter-action@v0.3.1

.github/workflows/docs.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,8 @@ jobs:
3232
- name: Build
3333
uses: ./.github/actions/composite-build
3434
if: "env.ENABLE_DOCS == 'true'"
35+
with:
36+
USE_LOCKFILE: ${{ env.USE_LOCKFILE }}
3537

3638
- run: pnpm doc
3739
if: "env.ENABLE_DOCS == 'true'"

.github/workflows/release.yml

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,13 +10,20 @@ on:
1010
repository_dispatch:
1111
types: [ release ]
1212

13+
permissions:
14+
id-token: write
15+
1316
jobs:
1417
release:
1518
runs-on: ubuntu-latest
1619
strategy:
1720
matrix:
1821
node-version: ["lts/*"]
19-
22+
permissions:
23+
contents: write # to be able to publish a GitHub release
24+
issues: write # to be able to comment on released issues
25+
pull-requests: write # to be able to comment on released pull requests
26+
id-token: write # to enable use of OIDC for trusted publishing and npm provenance
2027
steps:
2128
- uses: actions/checkout@v6
2229

@@ -30,20 +37,21 @@ jobs:
3037

3138
- name: Build
3239
uses: ./.github/actions/composite-build
40+
with:
41+
USE_LOCKFILE: ${{ secrets.USE_LOCKFILE }}
42+
3343

3444
- name: Release
3545
if: "env.ENABLE_RELEASE == 'true' && ! contains('refs/heads/build ', github.ref)"
3646
env:
3747
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
38-
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
3948
run: pnpm semantic-release
4049

4150
- name: Release Dry Run
4251
if: "env.ENABLE_RELEASE != 'true' || contains('refs/heads/build ', github.ref)"
4352
env:
4453
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
45-
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
46-
run: pnpm semantic-release --dry-run
54+
run: pnpm semantic-release --dry-run
4755

4856
- run: echo "env.ENABLE_RELEASE is ${{ env.ENABLE_RELEASE == 'true' }} and branch is ${{ github.ref }}, no release can be published." && exit 1
4957
if: "env.ENABLE_RELEASE != 'true' || contains('refs/heads/build ', github.ref)"

0 commit comments

Comments
 (0)