fix: don't use tokens to publish (#516) #355
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish updated packages | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| id-token: write # Required publishing to npm using OIDC | |
| contents: read | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Setup .npmrc file to publish to npm | |
| - name: Enable corepack | |
| run: corepack enable | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: "yarn" | |
| cache-dependency-path: "**/yarn.lock" | |
| registry-url: "https://registry.npmjs.org" | |
| scope: "@reflag" | |
| - name: npm version | |
| run: npm version | |
| - name: Install dependencies | |
| run: yarn install --immutable | |
| - name: Build packages | |
| run: yarn build | |
| - name: Publish | |
| run: yarn lerna publish from-package --no-private --yes | |
| - name: Build docs | |
| run: yarn docs | |
| - name: Checkout docs with SSH | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: reflagcom/docs | |
| ssh-key: ${{ secrets.DOCS_DEPLOY_KEY }} | |
| path: reflag-docs | |
| - name: Copy generated docs to docs repo | |
| run: | | |
| rm -rf reflag-docs/sdk | |
| cp -R dist/docs reflag-docs/sdk | |
| - name: Commit and push changes | |
| run: | | |
| cd reflag-docs | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@reflag.com" | |
| git add sdk | |
| git commit -m "Update documentation" && git push || echo "No docs changes to commit" |