|
5 | 5 | jobs: |
6 | 6 | build-and-publish: |
7 | 7 | # prevents this action from running on forks |
8 | | - if: github.repository == 'chimurai/http-proxy-middleware' |
| 8 | + # only allow listed user to publish |
| 9 | + if: | |
| 10 | + github.repository == 'chimurai/http-proxy-middleware' && |
| 11 | + github.triggering_actor == 'chimurai' |
9 | 12 | runs-on: ubuntu-latest |
10 | 13 | permissions: |
11 | 14 | contents: read |
12 | | - id-token: write |
| 15 | + id-token: write # Required for OIDC |
13 | 16 | steps: |
14 | | - - uses: actions/checkout@v4 |
15 | | - - uses: actions/setup-node@v4 |
| 17 | + - uses: actions/checkout@v6 |
16 | 18 | with: |
17 | | - node-version: '22.x' |
| 19 | + token: ${{ secrets.GITHUB_TOKEN }} |
| 20 | + - uses: actions/setup-node@v6 |
| 21 | + with: |
| 22 | + node-version: '24.x' |
18 | 23 | registry-url: 'https://registry.npmjs.org' |
19 | 24 |
|
| 25 | + # Ensure npm 11.5.1 or later is installed |
| 26 | + - name: Update npm |
| 27 | + run: npm install -g npm@latest |
| 28 | + |
20 | 29 | - name: Install Dependencies |
21 | | - run: yarn install |
| 30 | + run: yarn install --frozen-lockfile --ignore-scripts |
22 | 31 |
|
23 | 32 | - name: Publish to NPM (beta) |
24 | 33 | if: 'github.event.release.prerelease' |
25 | | - run: npm publish --provenance --access public --tag v2-beta |
26 | | - env: |
27 | | - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |
| 34 | + run: npm stage publish --access public --tag v2-beta |
28 | 35 |
|
29 | 36 | - name: Publish to NPM (stable) |
30 | 37 | if: '!github.event.release.prerelease' |
31 | | - run: npm publish --provenance --access public --tag v2-latest |
32 | | - env: |
33 | | - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |
| 38 | + run: npm stage publish --access public --tag v2-latest |
0 commit comments