From c0238f83f6864d1009bfdd09048cc8952000551f Mon Sep 17 00:00:00 2001 From: Lucas-FullStackX Date: Sun, 12 Jul 2026 13:39:38 -0500 Subject: [PATCH] ci: release from npm trusted workflow --- .github/workflows/release.yml | 34 +++++++++++++--- .github/workflows/version-packages.yml | 56 -------------------------- 2 files changed, 28 insertions(+), 62 deletions(-) delete mode 100644 .github/workflows/version-packages.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3d9e573..d4deba2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,16 +8,28 @@ jobs: publish: runs-on: ubuntu-latest permissions: - contents: read + contents: write id-token: write # provenance npm steps: - uses: actions/checkout@v4 + with: + fetch-depth: 0 - uses: pnpm/action-setup@v4 - uses: actions/setup-node@v4 with: node-version: 22 cache: pnpm registry-url: "https://registry.npmjs.org" + - run: pnpm install --frozen-lockfile + - id: changesets + run: | + if find .changeset -maxdepth 1 -type f -name '*.md' ! -name 'README.md' -print -quit | grep -q .; then + echo "pending=true" >> "$GITHUB_OUTPUT" + else + echo "pending=false" >> "$GITHUB_OUTPUT" + fi + - if: steps.changesets.outputs.pending == 'true' + run: pnpm changeset version - id: version run: | package_name="$(node -p "require('./package.json').name")" @@ -29,12 +41,22 @@ jobs: else echo "publish=true" >> "$GITHUB_OUTPUT" fi - - run: pnpm install --frozen-lockfile - - run: pnpm generate - - run: pnpm test - - run: pnpm build + - if: steps.version.outputs.publish == 'true' + run: pnpm generate + - if: steps.version.outputs.publish == 'true' + run: pnpm test + - if: steps.version.outputs.publish == 'true' + run: pnpm build + - if: steps.changesets.outputs.pending == 'true' + run: | + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + git add .changeset CHANGELOG.md package.json + git commit -m "chore: version packages" + git push origin HEAD:main # npm Trusted Publishing exchanges this GitHub OIDC identity for a # short-lived publish credential; no long-lived NPM_TOKEN is stored. - - run: npm install --global npm@latest + - if: steps.version.outputs.publish == 'true' + run: npm install --global npm@latest - if: steps.version.outputs.publish == 'true' run: npm publish --provenance --access public diff --git a/.github/workflows/version-packages.yml b/.github/workflows/version-packages.yml deleted file mode 100644 index f56934b..0000000 --- a/.github/workflows/version-packages.yml +++ /dev/null @@ -1,56 +0,0 @@ -name: Version and Publish Packages - -on: - push: - branches: [main] - -concurrency: - group: version-packages-main - cancel-in-progress: false - -jobs: - release: - runs-on: ubuntu-latest - permissions: - contents: write - id-token: write - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - uses: pnpm/action-setup@v4 - - uses: actions/setup-node@v4 - with: - node-version: 22 - cache: pnpm - registry-url: "https://registry.npmjs.org" - - run: pnpm install --frozen-lockfile - - id: changesets - run: | - pnpm changeset status --output=changeset-status.json - if node -e "process.exit(require('./changeset-status.json').releases.length ? 0 : 1)"; then - echo "pending=true" >> "$GITHUB_OUTPUT" - else - echo "pending=false" >> "$GITHUB_OUTPUT" - fi - - if: steps.changesets.outputs.pending == 'true' - run: pnpm changeset version - - if: steps.changesets.outputs.pending == 'true' - run: pnpm generate - - if: steps.changesets.outputs.pending == 'true' - run: pnpm test - - if: steps.changesets.outputs.pending == 'true' - run: pnpm build - - if: steps.changesets.outputs.pending == 'true' - run: | - git config user.name "github-actions[bot]" - git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - git add .changeset CHANGELOG.md package.json - git commit -m "chore: version packages" - git push origin HEAD:main - # npm Trusted Publishing exchanges this GitHub OIDC identity for a - # short-lived publish credential; no long-lived NPM_TOKEN is stored. - - if: steps.changesets.outputs.pending == 'true' - run: npm install --global npm@latest - - if: steps.changesets.outputs.pending == 'true' - run: npm publish --provenance --access public