v1.3.0 #5
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish to NPM | |
| on: | |
| release: | |
| types: [published] | |
| workflow_dispatch: | |
| inputs: | |
| dry_run: | |
| description: 'Dry run only (no actual publish)' | |
| required: false | |
| default: 'true' | |
| type: choice | |
| options: | |
| - 'true' | |
| - 'false' | |
| permissions: | |
| contents: read | |
| id-token: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 | |
| with: | |
| node-version: '24' | |
| registry-url: 'https://registry.npmjs.org' | |
| - run: npm ci | |
| - run: npm run build | |
| - name: Determine dist-tag and publish | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| DRY_RUN: ${{ github.event_name == 'workflow_dispatch' && inputs.dry_run || 'false' }} | |
| run: | | |
| set -euo pipefail | |
| VERSION=$(node -p "require('./package.json').version") | |
| PKG_NAME=$(node -p "require('./package.json').name") | |
| echo "Publishing $PKG_NAME@$VERSION" | |
| # Build the publish command flags. | |
| PUBLISH_FLAGS=(--access=public) | |
| if [[ "$DRY_RUN" == "true" ]]; then | |
| PUBLISH_FLAGS+=(--dry-run) | |
| echo "DRY RUN — nothing will actually be published." | |
| fi | |
| # Pre-releases (ex: 2.1.0-rc.1) get tagged as 'rc' | |
| if [[ "$VERSION" == *"-"* ]]; then | |
| echo "Pre-release detected, publishing under 'rc' tag" | |
| npm publish "${PUBLISH_FLAGS[@]}" --tag rc | |
| exit 0 | |
| fi | |
| # Look up current 'latest' on NPM. If never published before, | |
| # defaults to 0.0.0 so any release (0.1.0, 1.0.0, etc.) becomes latest | |
| CURRENT_LATEST=$(npm view "$PKG_NAME" version 2>/dev/null || echo "0.0.0") | |
| echo "Current 'latest' on npm: $CURRENT_LATEST" | |
| # If this version is strictly greater than the current 'latest', | |
| # it becomes latest | |
| if npx --yes semver "$VERSION" -r ">$CURRENT_LATEST" >/dev/null 2>&1; then | |
| echo "Publishing as 'latest'" | |
| npm publish "${PUBLISH_FLAGS[@]}" | |
| else | |
| # Otherwise, this is a maintenance release on an older line | |
| # Tag as v<major>.<minor> so users can pin to it | |
| MAJOR_MINOR=$(echo "$VERSION" | cut -d. -f1,2) | |
| DIST_TAG="v${MAJOR_MINOR}" | |
| echo "Maintenance release detected, publishing under '$DIST_TAG' tag" | |
| npm publish "${PUBLISH_FLAGS[@]}" --tag "$DIST_TAG" | |
| fi |