Skip to content

0.2.0

0.2.0 #3

Workflow file for this run

name: Publish
on:
push:
tags:
- 'v*'
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # required for npm Trusted Publishing (OIDC) + provenance
steps:
- uses: actions/checkout@v6
- uses: oven-sh/setup-bun@v2
with:
bun-version: latest
- uses: actions/setup-node@v6
with:
node-version: lts/*
registry-url: https://registry.npmjs.org
# Trusted Publishing + provenance need npm >= 11.5.1.
- run: npm install -g npm@latest
- run: bun install --frozen-lockfile
- name: Verify tag matches package.json version
run: |
TAG="${GITHUB_REF_NAME#v}"
PKG="$(node -p "require('./package.json').version")"
echo "tag=${TAG} package.json=${PKG}"
if [ "${TAG}" != "${PKG}" ]; then
echo "::error::Tag v${TAG} does not match package.json version ${PKG}"
exit 1
fi
# `npm publish` runs the prepublishOnly gate (check, typecheck, test,
# licenses, build). Auth is via OIDC — no NPM_TOKEN needed.
- run: npm publish --provenance --access public