v1.58.2 #130
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Publishes @functionland/react-native-fula to npmjs.com via OIDC "trusted publishing". | |
| # No npm token is used: auth comes from GitHub's OIDC id-token, which npm verifies | |
| # against the Trusted Publisher configured at npmjs.com (Package > Settings). | |
| # Docs: https://docs.npmjs.com/trusted-publishers/ | |
| name: Node.js Package | |
| on: | |
| workflow_dispatch: | |
| release: | |
| types: [published] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - run: npm ci | |
| - run: npm test | |
| publish-npm: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write # REQUIRED: lets the job mint the OIDC token npm verifies | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| # Deliberately NO registry-url: it makes setup-node write an empty | |
| # _authToken into .npmrc that shadows OIDC (the classic 404/ENEEDAUTH). | |
| # The publish registry is already pinned by publishConfig in package.json. | |
| # Trusted publishing needs npm >= 11.5.1; Node 22 ships npm 10.x, so upgrade. | |
| - run: npm install -g npm@latest | |
| # Sanity check: this MUST print npm >= 11.5.1, or OIDC publishing won't work. | |
| # ("packageManager: yarn@..." + Corepack could otherwise shadow the upgrade.) | |
| - run: node -v && npm -v | |
| - run: npm ci | |
| - run: npm publish --provenance --access public |