Publish #14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| on: | |
| release: | |
| types: | |
| - published | |
| workflow_dispatch: | |
| inputs: | |
| dry_run: | |
| description: Run all checks without publishing to npm. | |
| type: boolean | |
| default: true | |
| npm_tag: | |
| description: npm dist-tag to use when publishing manually. | |
| type: string | |
| default: next | |
| permissions: | |
| contents: write | |
| id-token: write | |
| env: | |
| BUN_VERSION: "1.3.0" | |
| NODE_VERSION: "24" | |
| jobs: | |
| npm: | |
| name: npm | |
| runs-on: ubuntu-latest | |
| environment: npm | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set up Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: ${{ env.BUN_VERSION }} | |
| - name: Set up Node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| package-manager-cache: false | |
| - name: Verify trusted publishing toolchain | |
| run: | | |
| node -e 'const [major, minor] = process.versions.node.split(".").map(Number); if (major < 22 || (major === 22 && minor < 14)) { throw new Error(`Trusted publishing requires Node >=22.14.0, received ${process.versions.node}`); }' | |
| npm_version="$(npm --version)" | |
| node -e 'const version = process.argv[1]; const [major, minor, patch] = version.split(".").map(Number); if (major < 11 || (major === 11 && (minor < 5 || (minor === 5 && patch < 1)))) { throw new Error(`Trusted publishing requires npm >=11.5.1, received ${version}`); } console.log(`npm ${version}`);' "$npm_version" | |
| - name: Install dependencies | |
| run: bun install --frozen-lockfile | |
| - name: Lint | |
| run: bun run lint | |
| - name: Typecheck | |
| run: bun run typecheck | |
| - name: Test | |
| run: bun test | |
| - name: Validate generated projects | |
| run: bun run validate | |
| - name: Build | |
| run: bun run build | |
| - name: Check package contents | |
| run: bun run pack:check | |
| - name: Smoke test packed package | |
| run: bun run pack:smoke | |
| - name: Resolve package version | |
| id: package-version | |
| run: | | |
| version="$(node -p "require('./package.json').version")" | |
| echo "version=$version" >> "$GITHUB_OUTPUT" | |
| echo "tag=v$version" >> "$GITHUB_OUTPUT" | |
| - name: Generate GitHub release notes from changelog | |
| run: bun scripts/changelog-section.ts "${{ steps.package-version.outputs.version }}" > release-notes.md | |
| - name: Resolve npm publish tag | |
| id: publish-tag | |
| run: | | |
| if [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ -n "${{ inputs.npm_tag }}" ]; then | |
| tag="${{ inputs.npm_tag }}" | |
| elif [[ "${{ steps.package-version.outputs.version }}" == *-* ]]; then | |
| tag="next" | |
| else | |
| tag="latest" | |
| fi | |
| echo "tag=$tag" >> "$GITHUB_OUTPUT" | |
| echo "Resolved npm dist-tag '$tag' for version '${{ steps.package-version.outputs.version }}'." | |
| - name: Publish to npm | |
| if: github.event_name == 'release' || inputs.dry_run == false | |
| run: npm publish --provenance --access public --tag "${{ steps.publish-tag.outputs.tag }}" | |
| - name: Skip publish | |
| if: github.event_name == 'workflow_dispatch' && inputs.dry_run | |
| run: echo "Dry run completed; no package was published." | |
| - name: Create GitHub release from changelog | |
| if: github.event_name == 'workflow_dispatch' && inputs.dry_run == false | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| gh release create "${{ steps.package-version.outputs.tag }}" \ | |
| --target "$GITHUB_SHA" \ | |
| --title "${{ steps.package-version.outputs.tag }}" \ | |
| --notes-file release-notes.md | |
| - name: Update GitHub release notes from changelog | |
| if: github.event_name == 'release' | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| gh release edit "${{ github.event.release.tag_name }}" \ | |
| --notes-file release-notes.md |