Skip to content

Merge pull request #57 from commercetools/BMU-2684-add-standalone-pri… #45

Merge pull request #57 from commercetools/BMU-2684-add-standalone-pri…

Merge pull request #57 from commercetools/BMU-2684-add-standalone-pri… #45

Workflow file for this run

name: Release
on:
push:
branches:
- main
permissions:
actions: write
contents: write
id-token: write # Required for npm trusted publishing (OIDC)
jobs:
release:
runs-on: ubuntu-latest
steps:
# Get GitHub token via the CT Changesets App
- name: Generate GitHub token (via CT Changesets App)
id: generate_github_token
uses: tibdex/github-app-token@v2.1.0
with:
app_id: ${{ secrets.CT_CHANGESETS_APP_ID }}
private_key: ${{ secrets.CT_CHANGESETS_APP_PEM }}
# Get an app user (ct-release-bot)
- name: Get App user
id: get_app_user
env:
GITHUB_TOKEN: ${{ steps.generate_github_token.outputs.token }}
run: |
export GH_APP_USER=`gh api /users/ct-changesets%5Bbot%5D | jq .id`
echo "email=${GH_APP_USER}+ct-changesets[bot]@users.noreply.github.com" >> "$GITHUB_OUTPUT"
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# Pass a personal access token (using our CT Changesets App) to be able to trigger other workflows
# https://help.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token
# https://github.community/t/action-does-not-trigger-another-on-push-tag-action/17148/8
token: ${{ steps.generate_github_token.outputs.token }}
- name: Setup
uses: ./.github/actions/ci
- name: Update npm
run: npm install -g npm@latest
- name: Creating .npmrc
run: |
cat << EOF > "$HOME/.npmrc"
email=npmjs@commercetools.com
//registry.npmjs.org/:_authToken=$NPM_TOKEN
EOF
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Verify npm version
run: npm --version
- name: Building packages
run: yarn build
- name: Verify npm OIDC configuration
run: |
# Verify registry is set correctly
echo "Registry: $(npm config get registry)"
# Ensure no token-based auth is configured (OIDC should be used automatically)
npm config delete //register.npmjs.org/:_authToken || true
# Verify npm can access the registry (this will use OIDC if configured)
echo "npm OIDC authentication configured via setup-node action"
- name: Building packages
run: yarn build
- name: Create Release Pull Request or Publish to npm
id: changesets
uses: changesets/action@e0145edc7d9d8679003495b11f87bd8ef63c0cba # 1.5.3
with:
publish: yarn changeset publish
version: yarn changeset:version-and-format
commit: 'ci(changesets): version packages'
env:
GITHUB_TOKEN: ${{ steps.generate_github_token.outputs.token }}
# Ensure npm uses OIDC authentication
NPM_CONFIG_REGISTRY: 'https://registry.npmjs.org'