fix: generate provenance statement for release (#168) #42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- main | |
name: release-please | |
permissions: | |
id-token: write # to enable use of OIDC for npm provenance | |
jobs: | |
release-please: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: GoogleCloudPlatform/release-please-action@v2 | |
id: release | |
with: | |
release-type: node | |
package-name: test-release-please | |
# The logic below handles the npm publication: | |
- uses: actions/checkout@v3 | |
# these if statements ensure that a publication only occurs when | |
# a new release is created: | |
if: ${{ steps.release.outputs.release_created }} | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 16 | |
registry-url: 'https://registry.npmjs.org' | |
if: ${{ steps.release.outputs.release_created }} | |
- run: npm ci | |
if: ${{ steps.release.outputs.release_created }} | |
- run: npm publish --provenance | |
env: | |
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
if: ${{ steps.release.outputs.release_created }} | |
# Tweets out release announcement | |
- run: 'npx @humanwhocodes/tweet "${{ github.event.repository.full_name }} v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }}.${{ steps.release.outputs.patch }} has been released!\n\n${{ github.event.repository.html_url }}/releases/tag/v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }}.${{ steps.release.outputs.patch }}"' | |
if: ${{ steps.release.outputs.release_created }} | |
env: | |
TWITTER_CONSUMER_KEY: ${{ secrets.TWITTER_CONSUMER_KEY }} | |
TWITTER_CONSUMER_SECRET: ${{ secrets.TWITTER_CONSUMER_SECRET }} | |
TWITTER_ACCESS_TOKEN_KEY: ${{ secrets.TWITTER_ACCESS_TOKEN_KEY }} | |
TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }} |