Skip to content

Commit c96016f

Browse files
committed
ci: Modernize publish workflow (npm provenance, drop GPG)
1 parent 872a9dc commit c96016f

3 files changed

Lines changed: 49 additions & 35 deletions

File tree

.github/workflows/ci.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,10 +11,10 @@ jobs:
1111
CI: true
1212
steps:
1313
- name: Checkout 🛎
14-
uses: actions/checkout@v4
14+
uses: actions/checkout@v5
1515

1616
- name: Setup Node 📦
17-
uses: actions/setup-node@v4
17+
uses: actions/setup-node@v5
1818
with:
1919
node-version: lts/*
2020
cache: npm

.github/workflows/publish.yml

Lines changed: 46 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -10,16 +10,10 @@ jobs:
1010
runs-on: ubuntu-latest
1111
steps:
1212
- name: Checkout 🛎
13-
uses: actions/checkout@v4
14-
15-
- name: Import GPG 🔑
16-
uses: crazy-max/ghaction-import-gpg@v5.2.0
17-
with:
18-
gpg_private_key: ${{ secrets.GPG_SIGNING_KEY }}
19-
passphrase: ${{ secrets.GPG_SIGNING_KEY_PASSPHRASE }}
13+
uses: actions/checkout@v5
2014

2115
- name: Setup Node 📦
22-
uses: actions/setup-node@v4
16+
uses: actions/setup-node@v5
2317
with:
2418
node-version: lts/*
2519
cache: npm
@@ -30,24 +24,21 @@ jobs:
3024
- name: Build 🔨
3125
run: npm run build
3226

33-
- name: Sign files with GPG 🔐
34-
run: |
35-
gpg --local-user 9A80A82A --armor --detach-sign dist/Collapsable.js
36-
gpg --local-user 9A80A82A --armor --detach-sign dist/Collapsable.min.js
37-
38-
- name: Download artifacts 🧩
27+
- name: Upload artifacts 🧩
3928
uses: actions/upload-artifact@v4
4029
with:
4130
name: dist-files
4231
path: dist/
4332

4433
release:
45-
name: Release
34+
name: GitHub Release
4635
runs-on: ubuntu-latest
4736
needs: [build]
37+
permissions:
38+
contents: write
4839
steps:
4940
- name: Checkout 🛎
50-
uses: actions/checkout@v4
41+
uses: actions/checkout@v5
5142

5243
- name: Download artifacts 🧩
5344
uses: actions/download-artifact@v4
@@ -56,24 +47,25 @@ jobs:
5647
path: dist/
5748

5849
- name: Create release draft 🕊️
59-
uses: softprops/action-gh-release@v2
60-
with:
61-
draft: true
62-
files: |
63-
dist/Collapsable.js
64-
dist/Collapsable.js.map
65-
dist/Collapsable.js.asc
66-
dist/Collapsable.min.js
50+
run: |
51+
gh release create "${{ github.ref_name }}" --draft --target "${{ github.sha }}" \
52+
dist/Collapsable.js \
53+
dist/Collapsable.js.map \
54+
dist/Collapsable.min.js \
6755
dist/Collapsable.min.js.map
68-
dist/Collapsable.min.js.asc
56+
env:
57+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
6958

70-
publish:
71-
name: Publish
59+
publishPublic:
60+
name: Publish (public)
7261
runs-on: ubuntu-latest
7362
needs: [build]
63+
permissions:
64+
contents: read
65+
id-token: write
7466
steps:
7567
- name: Checkout 🛎
76-
uses: actions/checkout@v4
68+
uses: actions/checkout@v5
7769

7870
- name: Download artifacts 🧩
7971
uses: actions/download-artifact@v4
@@ -82,12 +74,34 @@ jobs:
8274
path: dist/
8375

8476
- name: Setup Node 📦
85-
uses: actions/setup-node@v4
77+
uses: actions/setup-node@v5
8678
with:
8779
node-version: lts/*
8880
registry-url: 'https://registry.npmjs.org'
8981

9082
- name: Publish release 🕊️
91-
run: npm publish
92-
env:
93-
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
83+
# `npm publish --provenance` intermittently fails with a Sigstore transparency log
84+
# 409 (`TLOG_CREATE_ENTRY_ERROR`). The tlog entry is created before the registry
85+
# upload, so on that error nothing is published and a fresh attempt (new attestation)
86+
# succeeds. Retry a few times; if a previous attempt already published the version,
87+
# treat the publish conflict as success.
88+
run: |
89+
set +e
90+
for attempt in 1 2 3; do
91+
echo "::group::npm publish attempt $attempt"
92+
output=$(npm publish --provenance --access public 2>&1)
93+
status=$?
94+
echo "$output"
95+
echo "::endgroup::"
96+
if [ $status -eq 0 ]; then
97+
exit 0
98+
fi
99+
if echo "$output" | grep -q "EPUBLISHCONFLICT\|cannot publish over"; then
100+
echo "Version already published — treating as success."
101+
exit 0
102+
fi
103+
echo "Attempt $attempt failed (exit $status). Retrying in 15s…"
104+
sleep 15
105+
done
106+
echo "npm publish failed after 3 attempts."
107+
exit 1

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
},
1010
"repository": {
1111
"type": "git",
12-
"url": "https://github.com/zipper/collapsable.js"
12+
"url": "git+https://github.com/zipper/collapsable.js.git"
1313
},
1414
"keywords": [
1515
"collapsable",

0 commit comments

Comments
 (0)