Use npm environment for npm_publish
#1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release-please | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| bootstrapSha: | ||
| description: 'The SHA hash of the last version released before introducing release-please' | ||
| required: true | ||
| type: string | ||
| packageName: | ||
| description: 'The name of the package to be released' | ||
| required: true | ||
| type: string | ||
| releaseAs: | ||
| description: 'Release as version' | ||
| required: false | ||
| type: string | ||
| publishToGithub: | ||
| description: 'Publish to GitHub Package Registry' | ||
| required: false | ||
| type: boolean | ||
| lockfile: | ||
| description: 'Whether to expect a lockfile or not' | ||
| required: false | ||
| default: false | ||
| type: boolean | ||
| secrets: | ||
| NPM_TOKEN: | ||
| required: true | ||
| GITHUB_TOKEN: | ||
| required: false | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| release_please: | ||
| name: release-please | ||
| runs-on: ubuntu-latest | ||
| if: inputs.packageName && inputs.bootstrapSha | ||
| outputs: | ||
| releaseCreated: ${{ steps.release.outputs.release_created }} | ||
| permissions: | ||
| contents: write | ||
| pull-requests: write | ||
| steps: | ||
| - uses: google-github-actions/release-please-action@v3 | ||
| id: release | ||
| with: | ||
| release-type: node | ||
| release-as: ${{ inputs.releaseAs }} | ||
| package-name: ${{ inputs.packageName }} | ||
| bootstrap-sha: ${{ inputs.bootstrapSha }} | ||
| npm_publish: | ||
| name: Publish to npm | ||
| runs-on: ubuntu-latest | ||
| environment: npm | ||
| needs: release_please | ||
| if: needs.release_please.outputs.releaseCreated | ||
| permissions: | ||
| id-token: write | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| show-progress: false | ||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: lts/* | ||
| registry-url: 'https://registry.npmjs.org' | ||
| - run: npm install -g npm | ||
| - if: inputs.lockfile == false | ||
| run: npm install | ||
| - if: inputs.lockfile == true | ||
| run: npm ci | ||
| - run: npm publish --provenance --access public | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
| gpr_publish: | ||
| name: Publish to GitHub Package Registry | ||
| runs-on: ubuntu-latest | ||
| needs: release_please | ||
| if: inputs.publishToGithub && needs.release_please.outputs.releaseCreated | ||
| permissions: | ||
| packages: write | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| show-progress: false | ||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: lts/* | ||
| - if: inputs.lockfile == false | ||
| run: npm install | ||
| - if: inputs.lockfile == true | ||
| run: npm ci | ||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: lts/* | ||
| registry-url: 'https://npm.pkg.github.com' | ||
| - run: npm publish | ||
| env: | ||
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
