|
1 | | -name: Release |
| 1 | +name: Release on NPM |
2 | 2 |
|
3 | 3 | on: |
4 | | - push: |
5 | | - branches: |
6 | | - - "main" |
7 | | - - "beta" |
8 | | - - "next" |
9 | | - - "3.x" |
10 | | - - "v4" |
11 | | - pull_request: |
12 | | - workflow_dispatch: |
| 4 | + release: |
| 5 | + types: [published] # runs when a GitHub Release is published |
| 6 | + |
| 7 | +permissions: |
| 8 | + contents: read |
| 9 | + id-token: write # required for npm provenance |
13 | 10 |
|
14 | 11 | env: |
15 | 12 | NODE_VER: 24.14 |
16 | | - WORKING_DIR: packages/next-auth |
| 13 | + CI: true |
17 | 14 |
|
18 | 15 | defaults: |
19 | 16 | run: |
20 | 17 | working-directory: packages/next-auth |
21 | 18 |
|
22 | 19 | jobs: |
23 | | - test: |
24 | | - name: Test |
| 20 | + publish: |
| 21 | + name: Publish package from release tag |
| 22 | + # Run only when tag is in the format `vX.Y.Z` produced by `npm version` |
| 23 | + if: startsWith(github.event.release.tag_name, 'v') |
25 | 24 | runs-on: ubuntu-latest |
| 25 | + |
26 | 26 | steps: |
27 | | - - name: Init |
28 | | - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd |
| 27 | + - name: Check out the tag referenced by this release |
| 28 | + uses: actions/checkout@v5 |
29 | 29 | with: |
30 | | - fetch-depth: 2 |
| 30 | + ref: ${{ github.event.release.tag_name }} |
| 31 | + fetch-depth: 0 |
31 | 32 |
|
32 | 33 | - name: Install pnpm |
33 | | - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 |
| 34 | + uses: pnpm/action-setup@v4 |
34 | 35 | with: |
35 | 36 | run_install: false |
36 | | - cache_dependency_path: ${{ env.WORKING_DIR }}/pnpm-lock.yaml |
37 | 37 |
|
38 | | - - name: Setup Node |
39 | | - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f |
| 38 | + - name: Setup Node.js and pnpm |
| 39 | + uses: actions/setup-node@v4 |
40 | 40 | with: |
41 | 41 | node-version: ${{ env.NODE_VER }} |
42 | | - cache: pnpm |
43 | | - cache-dependency-path: ${{ env.WORKING_DIR }}/pnpm-lock.yaml |
| 42 | + cache: 'pnpm' |
| 43 | + # This is required for `setup-node` to generate the registry URL into .npmrc |
| 44 | + # See https://github.com/actions/setup-node/blob/5e2628c959b9ade56971c0afcebbe5332d44b398/action.yml#L17-L18 |
| 45 | + registry-url: 'https://registry.npmjs.org/' |
| 46 | + |
| 47 | + - name: Verify tag matches package.json version |
| 48 | + run: | |
| 49 | + TAG="${{ github.event.release.tag_name }}" |
| 50 | + PKG_VERSION=$(node -p "require('./package.json').version") |
| 51 | + if [ "v$PKG_VERSION" != "$TAG" ]; then |
| 52 | + echo "::error ::Tag ($TAG) does not match package.json version (v$PKG_VERSION)" |
| 53 | + exit 1 |
| 54 | + fi |
| 55 | +
|
| 56 | + - name: Install deps |
| 57 | + run: | |
| 58 | + pnpm --version |
| 59 | + pnpm install --frozen-lockfile |
| 60 | +
|
| 61 | + # Note: no build step because npm publish would run `prepublishOnly` script which builds the package |
| 62 | + |
| 63 | + - name: Publish to npm with provenance |
| 64 | + run: | |
| 65 | + TAG="${{ github.event.release.tag_name }}" |
| 66 | +
|
| 67 | + # Stable release (vX.Y.Z) |
| 68 | + if echo "$TAG" | grep -Eq '^v[0-9]+\.[0-9]+\.[0-9]+$'; then |
| 69 | + npm publish --provenance --access public |
44 | 70 |
|
45 | | - - name: Install dependencies |
46 | | - run: pnpm i --frozen-lockfile |
| 71 | + # Pre-release (vX.Y.Z-*) |
| 72 | + elif echo "$TAG" | grep -Eq '^v[0-9]+\.[0-9]+\.[0-9]+-'; then |
| 73 | + npm publish --provenance --access public --tag next |
47 | 74 |
|
48 | | - - name: Build |
49 | | - run: pnpm build |
| 75 | + else |
| 76 | + echo "Not a valid release tag ($TAG), skipping publish." |
| 77 | + fi |
0 commit comments