Skip to content

feat(web): 公开仓库 web 扫描器 + 本地客户端模式 (v0.7.0) #11

feat(web): 公开仓库 web 扫描器 + 本地客户端模式 (v0.7.0)

feat(web): 公开仓库 web 扫描器 + 本地客户端模式 (v0.7.0) #11

Workflow file for this run

name: Release
# Publishes to npm with provenance (SLSA build attestation) when a version tag
# is pushed (e.g. `git tag v0.5.12 && git push --tags`).
# Requires an NPM_TOKEN repo secret (automation token, publish scope).
on:
push:
tags:
- 'v*'
permissions:
contents: read
id-token: write # required for npm provenance
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
registry-url: 'https://registry.npmjs.org'
- name: Install dependencies
run: npm install
- name: Typecheck
run: npx tsc --noEmit
- name: Test
run: npm test
- name: Detection benchmark gate
run: npm run bench -- --ci
- name: Build
run: npm run build
# Idempotent: skip if this version is already on npm (e.g. published locally).
- name: Check if version already published
id: check
run: |
V=$(node -p "require('./package.json').version")
if npm view "shellward@$V" version >/dev/null 2>&1; then
echo "exists=true" >> "$GITHUB_OUTPUT"
else
echo "exists=false" >> "$GITHUB_OUTPUT"
fi
- name: Publish with provenance
if: steps.check.outputs.exists == 'false'
run: npm publish --provenance --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}