npm-publish.yaml

name: Publish Package

on:
  workflow_dispatch:
  release:
    types: [published]

jobs:
  publish-npm:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      id-token: write # Allows GitHub to generate OIDC tokens required for provenance

    steps:
      - uses: actions/checkout@v6
      - uses: actions/setup-node@v6
        with:
          node-version-file: ".nvmrc"
          registry-url: "https://registry.npmjs.org"

      - run: npm ci
      - run: npm run type-check
      - run: npm test
      - run: npm run build

      - name: Set package version
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          if [[ "${{ github.event_name }}" == "release" ]]; then
            VERSION=${GITHUB_REF#refs/tags/v}
          else
            # Fetch the latest release tag using the GitHub CLI
            VERSION=$(gh release view --json tagName --jq .tagName | sed 's/^v//')
          fi

          echo "Setting package version to ${VERSION}"
          # Persist VERSION for later steps so we can use it for the commit message
          echo "VERSION=${VERSION}" >> $GITHUB_ENV
          npm version $VERSION --no-git-tag-version

      - name: Update npm for OIDC
        run: npm install -g npm@latest
        
      - run: npm publish --provenance --access=public
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Commit package version
        run: |
          git config --global user.name "boba-tan[bot]"
          git config --global user.email "boba-tan[bot]@users.noreply.github.com"

          git add package.json package-lock.json

          # Only commit if there are changes to commit so the action doesn't fail
          if ! git diff --staged --quiet; then
            # The [skip ci] in the commit message prevents this commit from re-triggering workflows.
            git commit -m "${VERSION} has shipped ⛵🌟💖 [skip ci]"
            git push
          else
            echo "No changes to commit."
          fi