Publish #8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| on: | |
| release: | |
| types: | |
| - published | |
| workflow_dispatch: | |
| inputs: | |
| dry_run: | |
| description: Run all checks without publishing to npm. | |
| type: boolean | |
| default: true | |
| npm_tag: | |
| description: npm dist-tag to use when publishing manually. | |
| type: string | |
| default: next | |
| permissions: | |
| contents: read | |
| id-token: write | |
| env: | |
| BUN_VERSION: "1.3.0" | |
| NODE_VERSION: "24" | |
| jobs: | |
| npm: | |
| name: npm | |
| runs-on: ubuntu-latest | |
| environment: npm | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set up Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: ${{ env.BUN_VERSION }} | |
| - name: Set up Node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| package-manager-cache: false | |
| - name: Verify trusted publishing toolchain | |
| run: | | |
| node -e 'const [major, minor] = process.versions.node.split(".").map(Number); if (major < 22 || (major === 22 && minor < 14)) { throw new Error(`Trusted publishing requires Node >=22.14.0, received ${process.versions.node}`); }' | |
| npm_version="$(npm --version)" | |
| node -e 'const version = process.argv[1]; const [major, minor, patch] = version.split(".").map(Number); if (major < 11 || (major === 11 && (minor < 5 || (minor === 5 && patch < 1)))) { throw new Error(`Trusted publishing requires npm >=11.5.1, received ${version}`); } console.log(`npm ${version}`);' "$npm_version" | |
| - name: Install dependencies | |
| run: bun install --frozen-lockfile | |
| - name: Lint | |
| run: bun run lint | |
| - name: Typecheck | |
| run: bun run typecheck | |
| - name: Test | |
| run: bun test | |
| - name: Validate generated projects | |
| run: bun run validate | |
| - name: Build | |
| run: bun run build | |
| - name: Check package contents | |
| run: bun run pack:check | |
| - name: Smoke test packed package | |
| run: bun run pack:smoke | |
| - name: Resolve npm publish tag | |
| id: publish-tag | |
| run: | | |
| version="$(node -p "require('./package.json').version")" | |
| if [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ -n "${{ inputs.npm_tag }}" ]; then | |
| tag="${{ inputs.npm_tag }}" | |
| elif [[ "$version" == *-* ]]; then | |
| tag="next" | |
| else | |
| tag="latest" | |
| fi | |
| echo "tag=$tag" >> "$GITHUB_OUTPUT" | |
| echo "Resolved npm dist-tag '$tag' for version '$version'." | |
| - name: Publish to npm | |
| if: github.event_name == 'release' || inputs.dry_run == false | |
| run: npm publish --provenance --access public --tag "${{ steps.publish-tag.outputs.tag }}" | |
| - name: Skip publish | |
| if: github.event_name == 'workflow_dispatch' && inputs.dry_run | |
| run: echo "Dry run completed; no package was published." |