npm-publish nightly@7.2.0-dev.20260507.sha.e3610cbd #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow is invoked by callers via `workflow_dispatch` (the GitHub | |
| # Actions API), NOT as a reusable workflow (`on: workflow_call:`). With | |
| # workflow_call, the OIDC token's workflow_ref claim points to the caller's | |
| # filename rather than this file, which breaks npm Trusted Publishing's | |
| # workflow-filename matching. See npm/documentation#1755. | |
| name: npm-publish | |
| run-name: 'npm-publish ${{ inputs.tag }}@${{ inputs.version }}' | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'npm dist-tag (e.g. nightly, latest, alpha)' | |
| required: true | |
| type: string | |
| version: | |
| description: 'Package version to publish' | |
| required: true | |
| type: string | |
| ref: | |
| description: 'Git ref (commit SHA preferred) to publish from' | |
| required: true | |
| type: string | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| publish: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| ref: ${{ inputs.ref }} | |
| - name: Install Node and dependencies | |
| uses: mongodb-labs/drivers-github-tools/node/setup@v3 | |
| - run: npm version "${{ inputs.version }}" --git-tag-version=false --allow-same-version | |
| - run: npm publish --provenance --tag="${{ inputs.tag }}" |