-
Notifications
You must be signed in to change notification settings - Fork 65
89 lines (79 loc) · 3.02 KB
/
publish.yml
File metadata and controls
89 lines (79 loc) · 3.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
name: Publish to npm
# Fires whenever a tag matching v[0-9]* is pushed (e.g. v1.1.0, v1.2.0-rc1).
# The workflow refuses to publish unless the tag matches package.json's
# version, so a typo in either place is caught before anything reaches npm.
on:
push:
tags: ['v[0-9]*']
jobs:
publish:
name: Publish on tag
runs-on: ubuntu-latest
permissions:
contents: write # required to create the GitHub Release
id-token: write # required for npm provenance via GitHub OIDC
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
registry-url: 'https://registry.npmjs.org'
cache: 'npm'
- name: Verify tag matches package.json version
run: |
tag="${GITHUB_REF_NAME#v}"
pkg=$(node -p "require('./package.json').version")
if [ "$tag" != "$pkg" ]; then
echo "::error::Tag $GITHUB_REF_NAME (=$tag) does not match package.json version $pkg"
exit 1
fi
echo "Tag and package.json agree on $pkg"
- run: npm ci
- run: npm test
- run: npm run typecheck
- name: Publish to npm with provenance
run: npm publish --provenance --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Extract CHANGELOG section for this version
id: notes
run: |
version="${GITHUB_REF_NAME#v}"
# Pull lines between "## [vX.Y.Z]" and the next "## [" header,
# then trim trailing "---" separators / blank lines that
# Keep-a-Changelog uses between sections.
awk -v ver="$version" '
$0 ~ "^## \\[v" ver "\\]" { flag=1; next }
flag && /^## \[/ { exit }
flag { n++; lines[n] = $0 }
END {
while (n > 0 && (lines[n] == "---" || lines[n] ~ /^[[:space:]]*$/)) n--
for (i = 1; i <= n; i++) print lines[i]
}
' CHANGELOG.md > /tmp/release-notes.md
if [ ! -s /tmp/release-notes.md ]; then
echo "::warning::No CHANGELOG section found for v$version — falling back to auto-generated notes"
echo "fallback=true" >> "$GITHUB_OUTPUT"
else
echo "fallback=false" >> "$GITHUB_OUTPUT"
fi
- name: Create GitHub Release (with CHANGELOG notes)
if: steps.notes.outputs.fallback == 'false'
env:
GH_TOKEN: ${{ github.token }}
run: |
gh release create "$GITHUB_REF_NAME" \
--title "$GITHUB_REF_NAME" \
--notes-file /tmp/release-notes.md \
--latest \
--verify-tag
- name: Create GitHub Release (auto-generated fallback)
if: steps.notes.outputs.fallback == 'true'
env:
GH_TOKEN: ${{ github.token }}
run: |
gh release create "$GITHUB_REF_NAME" \
--title "$GITHUB_REF_NAME" \
--generate-notes \
--latest \
--verify-tag