@@ -10,16 +10,10 @@ jobs:
1010 runs-on : ubuntu-latest
1111 steps :
1212 - name : Checkout 🛎
13- uses : actions/checkout@v4
14-
15- - name : Import GPG 🔑
16- uses : crazy-max/ghaction-import-gpg@v5.2.0
17- with :
18- gpg_private_key : ${{ secrets.GPG_SIGNING_KEY }}
19- passphrase : ${{ secrets.GPG_SIGNING_KEY_PASSPHRASE }}
13+ uses : actions/checkout@v5
2014
2115 - name : Setup Node 📦
22- uses : actions/setup-node@v4
16+ uses : actions/setup-node@v5
2317 with :
2418 node-version : lts/*
2519 cache : npm
@@ -30,24 +24,21 @@ jobs:
3024 - name : Build 🔨
3125 run : npm run build
3226
33- - name : Sign files with GPG 🔐
34- run : |
35- gpg --local-user 9A80A82A --armor --detach-sign dist/Collapsable.js
36- gpg --local-user 9A80A82A --armor --detach-sign dist/Collapsable.min.js
37-
38- - name : Download artifacts 🧩
27+ - name : Upload artifacts 🧩
3928 uses : actions/upload-artifact@v4
4029 with :
4130 name : dist-files
4231 path : dist/
4332
4433 release :
45- name : Release
34+ name : GitHub Release
4635 runs-on : ubuntu-latest
4736 needs : [build]
37+ permissions :
38+ contents : write
4839 steps :
4940 - name : Checkout 🛎
50- uses : actions/checkout@v4
41+ uses : actions/checkout@v5
5142
5243 - name : Download artifacts 🧩
5344 uses : actions/download-artifact@v4
@@ -56,24 +47,25 @@ jobs:
5647 path : dist/
5748
5849 - name : Create release draft 🕊️
59- uses : softprops/action-gh-release@v2
60- with :
61- draft : true
62- files : |
63- dist/Collapsable.js
64- dist/Collapsable.js.map
65- dist/Collapsable.js.asc
66- dist/Collapsable.min.js
50+ run : |
51+ gh release create "${{ github.ref_name }}" --draft --target "${{ github.sha }}" \
52+ dist/Collapsable.js \
53+ dist/Collapsable.js.map \
54+ dist/Collapsable.min.js \
6755 dist/Collapsable.min.js.map
68- dist/Collapsable.min.js.asc
56+ env :
57+ GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
6958
70- publish :
71- name : Publish
59+ publishPublic :
60+ name : Publish (public)
7261 runs-on : ubuntu-latest
7362 needs : [build]
63+ permissions :
64+ contents : read
65+ id-token : write
7466 steps :
7567 - name : Checkout 🛎
76- uses : actions/checkout@v4
68+ uses : actions/checkout@v5
7769
7870 - name : Download artifacts 🧩
7971 uses : actions/download-artifact@v4
@@ -82,12 +74,34 @@ jobs:
8274 path : dist/
8375
8476 - name : Setup Node 📦
85- uses : actions/setup-node@v4
77+ uses : actions/setup-node@v5
8678 with :
8779 node-version : lts/*
8880 registry-url : ' https://registry.npmjs.org'
8981
9082 - name : Publish release 🕊️
91- run : npm publish
92- env :
93- NODE_AUTH_TOKEN : ${{ secrets.NPM_AUTH_TOKEN }}
83+ # `npm publish --provenance` intermittently fails with a Sigstore transparency log
84+ # 409 (`TLOG_CREATE_ENTRY_ERROR`). The tlog entry is created before the registry
85+ # upload, so on that error nothing is published and a fresh attempt (new attestation)
86+ # succeeds. Retry a few times; if a previous attempt already published the version,
87+ # treat the publish conflict as success.
88+ run : |
89+ set +e
90+ for attempt in 1 2 3; do
91+ echo "::group::npm publish attempt $attempt"
92+ output=$(npm publish --provenance --access public 2>&1)
93+ status=$?
94+ echo "$output"
95+ echo "::endgroup::"
96+ if [ $status -eq 0 ]; then
97+ exit 0
98+ fi
99+ if echo "$output" | grep -q "EPUBLISHCONFLICT\|cannot publish over"; then
100+ echo "Version already published — treating as success."
101+ exit 0
102+ fi
103+ echo "Attempt $attempt failed (exit $status). Retrying in 15s…"
104+ sleep 15
105+ done
106+ echo "npm publish failed after 3 attempts."
107+ exit 1
0 commit comments