Force tokenless npm trusted publishing path #20
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Publish tagged release | |
| on: | |
| push: | |
| tags: | |
| - v* | |
| permissions: | |
| id-token: write | |
| contents: write | |
| jobs: | |
| build: | |
| name: Build ${{ matrix.target }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: macos-14 | |
| target: darwin-arm64 | |
| node_arch: arm64 | |
| build_for_arch: arm64 | |
| - os: macos-14 | |
| target: darwin-x64 | |
| node_arch: x64 | |
| build_for_arch: x64 | |
| - os: windows-latest | |
| target: win32-x64 | |
| node_arch: x64 | |
| build_for_arch: x64 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Setup Rosetta (macOS x64) | |
| if: runner.os == 'macOS' && matrix.target == 'darwin-x64' | |
| run: softwareupdate --install-rosetta --agree-to-license || true | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| architecture: ${{ matrix.node_arch }} | |
| cache: npm | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Setup Windows compiler tools | |
| if: runner.os == 'Windows' | |
| uses: ilammy/msvc-dev-cmd@v1 | |
| - name: Install dependencies | |
| run: npm ci --ignore-scripts | |
| - name: Build native dependencies | |
| env: | |
| BUILD_FOR_ARCH: ${{ matrix.build_for_arch }} | |
| run: | | |
| npm run clean-tesseract | |
| npm run build-tesseract | |
| - name: Build prebuilds | |
| run: npm run prebuildify | |
| - name: Verify target prebuild exists | |
| run: | | |
| node -e "const fs=require('fs'); const path=require('path'); const dir=path.join('prebuilds','${{ matrix.target }}'); if(!fs.existsSync(dir)) throw new Error('Missing prebuild dir: '+dir); const files=fs.readdirSync(dir).filter(name => name.endsWith('.node')); if(files.length===0) throw new Error('No .node prebuild found in '+dir); console.log('Found prebuilds:', files.join(', '));" | |
| - name: Upload prebuilds artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: prebuilds-${{ matrix.target }} | |
| path: prebuilds/ | |
| retention-days: 1 | |
| publish: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Download all prebuilds | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: prebuilds-all | |
| pattern: prebuilds-* | |
| merge-multiple: true | |
| - name: Merge prebuilds into package | |
| run: | | |
| mkdir -p prebuilds | |
| cp -r prebuilds-all/* prebuilds/ | |
| ls -la prebuilds/ | |
| find prebuilds -name '*.node' -type f | |
| - name: Install dependencies (skip scripts) | |
| run: npm ci --ignore-scripts | |
| - name: Show package contents | |
| run: npm pack --dry-run | |
| - name: Pack release tarball | |
| run: npm pack | |
| - name: Prepare release assets | |
| shell: bash | |
| run: | | |
| mkdir -p release-assets | |
| cp ./*.tgz release-assets/ | |
| for target in prebuilds/*; do | |
| [ -d "$target" ] || continue | |
| target_name=$(basename "$target") | |
| (cd prebuilds && zip -r "../release-assets/prebuilds-${target_name}.zip" "$target_name") | |
| done | |
| ls -la release-assets | |
| - name: Create GitHub release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| release-assets/* | |
| - name: Publish tagged release | |
| run: npm publish --provenance | |
| env: | |
| NODE_AUTH_TOKEN: '' |