Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 4 additions & 13 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
name: Publish to npm

on:
# Manual publish, with a choice of dist-tag (for prereleases etc.).
# The only trigger. Used both for a manual publish (with a dist-tag choice) and
# for the automatic publish, which release-please.yml fires via
# `gh workflow run` after it cuts a release. Either way this workflow is the
# run's entry point, which is what npm trusted publishing matches against.
workflow_dispatch:
inputs:
dist_tag:
Expand All @@ -14,18 +17,6 @@ on:
- beta
- next

# Called by release-please.yml right after it cuts a release, so merging the
# `chore(main): release X.Y.Z` PR publishes automatically. A reusable-workflow
# call (rather than `on: release`) is used because a Release created with the
# default GITHUB_TOKEN does not trigger event-based workflows.
workflow_call:
inputs:
dist_tag:
description: 'npm dist-tag to publish under'
type: string
default: latest
required: false

jobs:
publish:
runs-on: ubuntu-latest
Expand Down
26 changes: 15 additions & 11 deletions .github/workflows/release-please.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,7 @@ name: Release Please

# Maintains a "release PR" that bumps the version and updates CHANGELOG.md from
# Conventional Commits as they land on master. Merging that PR creates the git
# tag (vX.Y.Z) and the GitHub Release, and then publishes to npm via the publish
# workflow (called below only when a release was actually created).
# tag (vX.Y.Z) and the GitHub Release, then triggers the publish workflow.
on:
push:
branches:
Expand All @@ -26,15 +25,20 @@ jobs:
# from the repo root.
token: ${{ secrets.GITHUB_TOKEN }}

# Runs only when the previous job just cut a release (i.e. the release PR was
# merged). Calls the publish workflow as a reusable workflow so npm publishing
# stays defined in one place (publish.yml) and keeps OIDC trusted publishing.
publish:
# Runs only when the previous job just cut a release. It dispatches publish.yml
# rather than calling it as a reusable workflow, so the publish run's *entry*
# workflow is publish.yml itself: npm trusted publishing matches the top-level
# workflow, so it must be the entry, not a called sub-workflow. A GITHUB_TOKEN
# cannot trigger release/push events, but workflow_dispatch is the documented
# exception, so no PAT is needed.
trigger-publish:
needs: release-please
if: ${{ needs.release-please.outputs.release_created == 'true' }}
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
uses: ./.github/workflows/publish.yml
with:
dist_tag: latest
actions: write
steps:
- name: Dispatch the publish workflow
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh workflow run publish.yml --repo "${{ github.repository }}" --ref "${{ github.ref_name }}" -f dist_tag=latest
1 change: 0 additions & 1 deletion release-please-config.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
"changelog-path": "CHANGELOG.md",
"include-component-in-tag": false,
"include-v-in-tag": true,
"release-as": "2.0.0",
"changelog-sections": [
{ "type": "feat", "section": "Added" },
{ "type": "fix", "section": "Fixed" },
Expand Down
Loading