From 7462710811b9e38365df94a5ab3f0b6ceeb392c1 Mon Sep 17 00:00:00 2001 From: Luke Bunselmeyer Date: Wed, 24 Sep 2025 16:59:42 -0400 Subject: [PATCH 1/5] Created publish to npm workflow --- .github/workflows/publish.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..5475e32 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,31 @@ +name: Publish Package to NPM + +on: + push: + tags: + - 'v*' + +permissions: + id-token: write # Required for NPM Trusted Publishers + contents: read + +jobs: + publish: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5 + + # Uses NPM Trusted Publishers for access to the registry + # See https://docs.npmjs.com/trusted-publishers + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 #v4.0.3 + with: + node-version-file: .node-version + registry-url: 'https://registry.npmjs.org' + + # Ensure npm 11.5.1 or later is installed + - name: Update npm + run: npm install -g npm@latest + - run: npm ci + - run: npm run build --if-present + - run: npm test + - run: npm publish --provenance --access public \ No newline at end of file From cfd1996a98f5ce0693331273e0c88f3634df4f72 Mon Sep 17 00:00:00 2001 From: Luke Bunselmeyer Date: Wed, 24 Sep 2025 19:47:23 -0400 Subject: [PATCH 2/5] Created release.yml GHA to version and publish package to npm --- .github/workflows/publish.yml | 31 --------------------- .github/workflows/release.yml | 51 +++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 31 deletions(-) delete mode 100644 .github/workflows/publish.yml create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml deleted file mode 100644 index 5475e32..0000000 --- a/.github/workflows/publish.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: Publish Package to NPM - -on: - push: - tags: - - 'v*' - -permissions: - id-token: write # Required for NPM Trusted Publishers - contents: read - -jobs: - publish: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v5 - - # Uses NPM Trusted Publishers for access to the registry - # See https://docs.npmjs.com/trusted-publishers - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 #v4.0.3 - with: - node-version-file: .node-version - registry-url: 'https://registry.npmjs.org' - - # Ensure npm 11.5.1 or later is installed - - name: Update npm - run: npm install -g npm@latest - - run: npm ci - - run: npm run build --if-present - - run: npm test - - run: npm publish --provenance --access public \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..f93ad21 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,51 @@ +name: Release - Version and Publish Package to NPM + +on: + workflow_dispatch: + inputs: + version: + description: "Semver version to publish" + type: string + required: true + dryRun: + description: "Enable dry run (default: true)" + type: boolean + default: true + +permissions: + id-token: write # Required for NPM Trusted Publishers + contents: read + +jobs: + release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5 + + # Uses NPM Trusted Publishers for access to the registry + # See https://docs.npmjs.com/trusted-publishers + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 #v4.0.3 + with: + node-version-file: .node-version + registry-url: "https://registry.npmjs.org" + # Ensure npm 11.5.1 or later is installed + - name: Update npm + run: npm install -g npm@latest + - name: Install + run: npm ci + - name: Build + run: npm run build + - name: Test + run: npm test + - name: Version (dry-run) + if: ${{ inputs.dryRun }} + run: npm version --no-git-tag-version ${{ inputs.version }} + - name: Version + if: ${{ ! inputs.dryRun }} + run: npm version ${{ inputs.version }} + - name: Publish (dry-run) + if: ${{ inputs.dryRun }} + run: npm publish --provenance --access public --dry-run + - name: Publish + if: ${{ ! inputs.dryRun }} + run: npm publish --provenance --access public From 7bb95d0de507dabf0c94149050936455a4a03363 Mon Sep 17 00:00:00 2001 From: Luke Bunselmeyer Date: Wed, 24 Sep 2025 19:52:39 -0400 Subject: [PATCH 3/5] Updated release.yml permissions to `contents: write` to allow git tags when versioning with npm version in non-dry-run mode --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f93ad21..5ffbe13 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,7 +14,7 @@ on: permissions: id-token: write # Required for NPM Trusted Publishers - contents: read + contents: write # Required to create git tags when versioning with npm version in non-dry-run mode jobs: release: From b344ed9ca50ebc3f0e040bfb5f7e931b5f73adc3 Mon Sep 17 00:00:00 2001 From: Luke Bunselmeyer Date: Wed, 24 Sep 2025 19:54:24 -0400 Subject: [PATCH 4/5] Pinned npm version --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5ffbe13..00587fc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,7 +30,7 @@ jobs: registry-url: "https://registry.npmjs.org" # Ensure npm 11.5.1 or later is installed - name: Update npm - run: npm install -g npm@latest + run: npm install -g npm@11.6.1 - name: Install run: npm ci - name: Build From 32177acf85cdca7366f3fbe98e8b6ea3d957a444 Mon Sep 17 00:00:00 2001 From: Nicolas De Loof Date: Fri, 26 Sep 2025 11:15:03 +0200 Subject: [PATCH 5/5] apply https://docs.npmjs.com/trusted-publishers#supported-cicd-providers Signed-off-by: Nicolas De Loof --- .github/workflows/release.yml | 35 +++++++++++++---------------------- 1 file changed, 13 insertions(+), 22 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 00587fc..18faaa9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,20 +1,13 @@ -name: Release - Version and Publish Package to NPM +name: Publish Package on: - workflow_dispatch: - inputs: - version: - description: "Semver version to publish" - type: string - required: true - dryRun: - description: "Enable dry run (default: true)" - type: boolean - default: true + push: + tags: + - "v*" permissions: - id-token: write # Required for NPM Trusted Publishers - contents: write # Required to create git tags when versioning with npm version in non-dry-run mode + id-token: write # Required for OIDC + contents: write # Required to create git tags jobs: release: @@ -24,28 +17,26 @@ jobs: # Uses NPM Trusted Publishers for access to the registry # See https://docs.npmjs.com/trusted-publishers - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 #v4.0.3 + - uses: actions/setup-node@4 with: node-version-file: .node-version registry-url: "https://registry.npmjs.org" + # Ensure npm 11.5.1 or later is installed - name: Update npm run: npm install -g npm@11.6.1 + - name: Install run: npm ci + - name: Build run: npm run build + - name: Test run: npm test - - name: Version (dry-run) - if: ${{ inputs.dryRun }} - run: npm version --no-git-tag-version ${{ inputs.version }} + - name: Version - if: ${{ ! inputs.dryRun }} run: npm version ${{ inputs.version }} - - name: Publish (dry-run) - if: ${{ inputs.dryRun }} - run: npm publish --provenance --access public --dry-run + - name: Publish - if: ${{ ! inputs.dryRun }} run: npm publish --provenance --access public