Point repository URLs at the renamed GitHub repo #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| jobs: | |
| publish: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write # required for npm Trusted Publishing (OIDC) + provenance | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: lts/* | |
| registry-url: https://registry.npmjs.org | |
| # Trusted Publishing + provenance need npm >= 11.5.1. | |
| - run: npm install -g npm@latest | |
| - run: bun install --frozen-lockfile | |
| - name: Verify tag matches package.json version | |
| run: | | |
| TAG="${GITHUB_REF_NAME#v}" | |
| PKG="$(node -p "require('./package.json').version")" | |
| echo "tag=${TAG} package.json=${PKG}" | |
| if [ "${TAG}" != "${PKG}" ]; then | |
| echo "::error::Tag v${TAG} does not match package.json version ${PKG}" | |
| exit 1 | |
| fi | |
| # `npm publish` runs the prepublishOnly gate (check, typecheck, test, | |
| # licenses, build). Auth is via OIDC — no NPM_TOKEN needed. | |
| - run: npm publish --provenance --access public |