Skip to content
CI

fix: remove registry-url to fix OIDC trusted publishing #9

Sign in to view logs

fix: remove registry-url to fix OIDC trusted publishing

fix: remove registry-url to fix OIDC trusted publishing #9

Workflow file for this run

.github/workflows/ci.yml at a6bc45b
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: latest
- name: Install dependencies
run: bun install
- name: Type check
run: bun run typecheck
- name: Build JS
run: bun run build:js
- name: Test CLI
run: |
bun run cba capabilities
bun run cba analyze . -d surface -q
release:
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
needs: test
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
outputs:
released: ${{ steps.version.outputs.changed }}
version: ${{ steps.version.outputs.current }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: latest
- name: Setup Node (for npm publish)
uses: actions/setup-node@v4
with:
node-version: 20
# Note: Don't use registry-url here - it creates an .npmrc that interferes with OIDC trusted publishing
- name: Install dependencies
run: bun install
- name: Check if version needs publishing
id: version
run: |
CURRENT=$(node -p "require('./package.json').version")
PUBLISHED=$(npm view codebase-analyzer-mcp version 2>/dev/null || echo "0.0.0")
echo "current=$CURRENT" >> $GITHUB_OUTPUT
echo "published=$PUBLISHED" >> $GITHUB_OUTPUT
if [ "$CURRENT" != "$PUBLISHED" ]; then
echo "changed=true" >> $GITHUB_OUTPUT
echo "Version $CURRENT not published (npm has $PUBLISHED)"
else
echo "changed=false" >> $GITHUB_OUTPUT
echo "Version $CURRENT already published"
fi
- name: Build JS
if: steps.version.outputs.changed == 'true'
run: bun run build:js
- name: Debug npm config
if: steps.version.outputs.changed == 'true'
run: |
echo "=== npm config ==="
npm config list
echo "=== .npmrc files ==="
cat ~/.npmrc 2>/dev/null || echo "No ~/.npmrc"
cat .npmrc 2>/dev/null || echo "No ./.npmrc"
echo "=== npm whoami ==="
npm whoami 2>&1 || echo "Not logged in (expected for OIDC)"
- name: Publish to npm (trusted publisher)
if: steps.version.outputs.changed == 'true'
run: npm publish --provenance --access public
- name: Create GitHub Release
if: steps.version.outputs.changed == 'true'
uses: softprops/action-gh-release@v1
with:
tag_name: v${{ steps.version.outputs.current }}
name: v${{ steps.version.outputs.current }}
generate_release_notes: true
build-binaries:
needs: release
if: needs.release.outputs.released == 'true'
strategy:
matrix:
include:
- os: macos-latest
asset_name: cba-macos-arm64
- os: macos-13
asset_name: cba-macos-x64
- os: ubuntu-latest
asset_name: cba-linux-x64
- os: ubuntu-24.04-arm
asset_name: cba-linux-arm64
- os: windows-latest
asset_name: cba-windows-x64.exe
runs-on: ${{ matrix.os }}
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: latest
- name: Install dependencies
run: bun install
- name: Build binary
run: bun build src/cli/index.ts --compile --outfile dist/${{ matrix.asset_name }}
- name: Upload to release
uses: softprops/action-gh-release@v1
with:
tag_name: v${{ needs.release.outputs.version }}
files: dist/${{ matrix.asset_name }}