diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f5f806b4..516cc3d4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -58,22 +58,21 @@ jobs: release: runs-on: ubuntu-latest - permissions: - contents: write - issues: write - pull-requests: write - id-token: write + permissions: {} if: github.ref_name == 'main' - needs: [lint, test] + needs: [lint, test, windows-test] steps: + - uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ secrets.RELEASE_BOT_APP_ID }} + private-key: ${{ secrets.RELEASE_BOT_PRIVATE_KEY }} - uses: actions/checkout@v4 with: fetch-depth: 0 - token: ${{ secrets.SEMANTIC_RELEASE_BOT_GITHUB_TOKEN }} + token: ${{ steps.app-token.outputs.token }} - uses: actions/setup-node@v4 - run: yarn - - run: yarn prepack - run: yarn semantic-release - env: - NPM_TOKEN: ${{ secrets.SEMANTIC_RELEASE_BOT_NPM_TOKEN }} - GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_BOT_GITHUB_TOKEN }} + env: + GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..98a8809c --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,20 @@ +name: Publish to npm + +on: + push: + tags: + - 'v[0-9]*' + +jobs: + publish: + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + registry-url: 'https://registry.npmjs.org' + - run: yarn + - run: npm publish --provenance diff --git a/.releaserc.yaml b/.releaserc.yaml index 91cbbf84..490e71a0 100644 --- a/.releaserc.yaml +++ b/.releaserc.yaml @@ -8,6 +8,5 @@ plugins: - "@semantic-release/commit-analyzer" - "@semantic-release/release-notes-generator" - "@semantic-release/changelog" - - "@semantic-release/npm" - "@semantic-release/git" - "@semantic-release/github"