Skip to content

Commit d3a1e40

Browse files
marcstraubeclaude
andauthored
fix(ci): trigger npm publish on GitHub Release event (#65)
## Summary - Decouple npm publish from release-please's `release_created` output, which is unreliable with squash-merge (SHA mismatch causes "SHA not found in recent commits" → publish skipped) - Trigger publish on the `release: published` event instead - `release-please` job now only manages PR/release creation - `publish` job triggers on `release: published` or `workflow_dispatch` (manual fallback) - Eliminates the need for manual re-publish after every release ## Test plan - [x] Workflow syntax valid (YAML) - [ ] Next release should auto-publish without manual intervention 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 21bf2f9 commit d3a1e40

1 file changed

Lines changed: 15 additions & 50 deletions

File tree

.github/workflows/release-please.yml

Lines changed: 15 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,12 @@ on:
44
push:
55
branches:
66
- master
7+
release:
8+
types: [published]
79
workflow_dispatch:
810
inputs:
911
tag:
10-
description: 'Publish an existing release tag (e.g. v1.0.3)'
12+
description: 'Publish an existing release tag (e.g. v1.1.0)'
1113
required: true
1214

1315
permissions:
@@ -28,64 +30,27 @@ jobs:
2830
private-key: ${{ secrets.APP_PRIVATE_KEY }}
2931

3032
- uses: googleapis/release-please-action@v4
31-
id: release
3233
with:
3334
token: ${{ steps.app-token.outputs.token }}
3435
release-type: node
3536

36-
# If a release was created, publish to npm
37-
- name: Checkout code
38-
if: ${{ steps.release.outputs.release_created }}
39-
uses: actions/checkout@v6
40-
41-
- name: Setup pnpm
42-
if: ${{ steps.release.outputs.release_created }}
43-
uses: pnpm/action-setup@v5
44-
with:
45-
version: 10
46-
47-
- name: Setup Node.js
48-
if: ${{ steps.release.outputs.release_created }}
49-
uses: actions/setup-node@v6
50-
with:
51-
node-version: '20'
52-
cache: 'pnpm'
53-
registry-url: 'https://registry.npmjs.org'
54-
55-
- name: Install dependencies
56-
if: ${{ steps.release.outputs.release_created }}
57-
run: pnpm install --frozen-lockfile
58-
59-
- name: Build package
60-
if: ${{ steps.release.outputs.release_created }}
61-
run: pnpm run build
62-
63-
- name: Update npm for OIDC trusted publishing
64-
if: ${{ steps.release.outputs.release_created }}
65-
run: npm install -g npm@latest
66-
67-
- name: Publish to npm
68-
if: ${{ steps.release.outputs.release_created }}
69-
run: npm publish --access public --provenance
70-
71-
- name: Generate SBOM
72-
if: ${{ steps.release.outputs.release_created }}
73-
run: pnpm run sbom
74-
75-
- name: Upload SBOM to release
76-
if: ${{ steps.release.outputs.release_created }}
77-
env:
78-
GH_TOKEN: ${{ steps.app-token.outputs.token }}
79-
run: gh release upload ${{ steps.release.outputs.tag_name }} sbom.cdx.json --clobber
80-
8137
publish:
82-
if: github.event_name == 'workflow_dispatch'
38+
if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
8339
runs-on: ubuntu-latest
8440
steps:
41+
- name: Determine tag
42+
id: tag
43+
run: |
44+
if [ "${{ github.event_name }}" = "release" ]; then
45+
echo "ref=${{ github.event.release.tag_name }}" >> "$GITHUB_OUTPUT"
46+
else
47+
echo "ref=${{ inputs.tag }}" >> "$GITHUB_OUTPUT"
48+
fi
49+
8550
- name: Checkout code
8651
uses: actions/checkout@v6
8752
with:
88-
ref: ${{ inputs.tag }}
53+
ref: ${{ steps.tag.outputs.ref }}
8954

9055
- name: Setup pnpm
9156
uses: pnpm/action-setup@v5
@@ -117,4 +82,4 @@ jobs:
11782
- name: Upload SBOM to release
11883
env:
11984
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
120-
run: gh release upload ${{ inputs.tag }} sbom.cdx.json --clobber
85+
run: gh release upload ${{ steps.tag.outputs.ref }} sbom.cdx.json --clobber

0 commit comments

Comments
 (0)