Skip to content

v1.58.1

v1.58.1 #129

# Publishes @functionland/react-native-fula to npmjs.com via OIDC "trusted publishing".
# No npm token is used: auth comes from GitHub's OIDC id-token, which npm verifies
# against the Trusted Publisher configured at npmjs.com (Package > Settings).
# Docs: https://docs.npmjs.com/trusted-publishers/
name: Node.js Package
on:
workflow_dispatch:
release:
types: [published]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
- run: npm ci
- run: npm test
publish-npm:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # REQUIRED: lets the job mint the OIDC token npm verifies
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
# Deliberately NO registry-url: it makes setup-node write an empty
# _authToken into .npmrc that shadows OIDC (the classic 404/ENEEDAUTH).
# The publish registry is already pinned by publishConfig in package.json.
# Trusted publishing needs npm >= 11.5.1; Node 22 ships npm 10.x, so upgrade.
- run: npm install -g npm@latest
# Sanity check: this MUST print npm >= 11.5.1, or OIDC publishing won't work.
# ("packageManager: yarn@..." + Corepack could otherwise shadow the upgrade.)
- run: node -v && npm -v
- run: npm ci
- run: npm publish --provenance --access public