Skip to content

security: prevent fork-based npm publishes and add CODEOWNERS #2

security: prevent fork-based npm publishes and add CODEOWNERS

security: prevent fork-based npm publishes and add CODEOWNERS #2

Workflow file for this run

name: codingbuddy-dev
on:
push:
branches-ignore:
- master
- stag-**
paths:
- 'mcp-server/**'
- '.ai-rules/**'
- '.antigravity/**'
- '.claude/**'
- '.codex/**'
- '.cursor/**'
- 'scripts/**'
- .github/workflows/dev.yml
permissions:
statuses: write
contents: read
jobs:
publish-dev:
if: github.repository == 'JeremyDev87/codingbuddy'
runs-on: ubuntu-latest
defaults:
run:
working-directory: mcp-server
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup node.js
uses: actions/setup-node@v4
with:
node-version: '24'
- name: Enable Corepack
run: corepack enable
- name: Restore dependencies from cache
id: cache
uses: actions/cache@v4
with:
path: ./mcp-server/node_modules
key: ${{ runner.os }}-yarn-${{ hashFiles(format('{0}{1}', github.workspace, '/mcp-server/yarn.lock')) }}
restore-keys: |
${{ runner.os }}-yarn-
- name: Install dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: yarn install --immutable
- name: Build
run: yarn build
- name: Publish dev
run: |
TIMESTAMP=$(date +%Y%m%d%H%M%S)
COMMIT_SHA=${GITHUB_SHA::7}
VERSION="0.0.0-dev.${TIMESTAMP}.${COMMIT_SHA}"
cat <<< "$( jq --arg v "$VERSION" '.version = $v' package.json )" > package.json
yarn npm publish --tag dev
env:
YARN_NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
GITHUB_SHA: ${{ github.sha }}
- name: Output dev version number
run: |
name=$(jq -r .name package.json)
version=$(jq -r .version package.json)
yarn dlx action-status --context "Published $name" --state success --description $version --url "https://unpkg.com/$name@$version/"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}