-
Notifications
You must be signed in to change notification settings - Fork 0
108 lines (95 loc) · 3.74 KB
/
release.yml
File metadata and controls
108 lines (95 loc) · 3.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
name: release
# Publishes @noticed/cli to npm with provenance whenever the `version` in
# package.json changes on main. The workflow does the version check first,
# skips entirely if the version is unchanged from the previous commit, and
# creates + pushes the matching `v<version>` git tag after a successful
# publish so the release is also marked in git history.
#
# Why this shape (vs. the older "tag pushed → publish" trigger):
# - Bumping the version in the same PR that ships the change keeps the
# release intent visible in code review.
# - No manual `git tag && git push --tags` step after merging.
# - Merges that don't touch the version are no-ops, so feature PRs that
# don't bump version never accidentally publish.
on:
push:
branches:
- main
paths:
- "package.json"
workflow_dispatch:
inputs:
force:
description: "Force publish at the current package.json version (skip version-change check)."
type: boolean
default: false
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: write # for creating/pushing the version tag
id-token: write # for npm provenance
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2 # need previous commit to diff package.json
- name: Detect version change
id: version
run: |
set -euo pipefail
CURR=$(node -p "require('./package.json').version")
echo "curr=$CURR" >> "$GITHUB_OUTPUT"
FORCE='${{ inputs.force }}'
if [ "$FORCE" = "true" ]; then
echo "Forced publish at version $CURR."
echo "changed=true" >> "$GITHUB_OUTPUT"
exit 0
fi
if git rev-parse HEAD~1 >/dev/null 2>&1; then
PREV=$(git show HEAD~1:package.json | node -e 'process.stdout.write(JSON.parse(require("fs").readFileSync(0,"utf8")).version)')
else
PREV=""
fi
if [ "$PREV" = "$CURR" ]; then
echo "Version unchanged ($CURR) — skipping publish."
echo "changed=false" >> "$GITHUB_OUTPUT"
else
echo "Version bumped: $PREV → $CURR"
echo "changed=true" >> "$GITHUB_OUTPUT"
fi
- name: Check tag does not already exist
if: steps.version.outputs.changed == 'true'
run: |
VERSION="v${{ steps.version.outputs.curr }}"
if git ls-remote --tags --exit-code origin "refs/tags/$VERSION" >/dev/null 2>&1; then
echo "::error::Tag $VERSION already exists on origin — refusing to re-publish. Bump the version in package.json."
exit 1
fi
- uses: actions/setup-node@v4
if: steps.version.outputs.changed == 'true'
with:
node-version: "22"
registry-url: "https://registry.npmjs.org"
cache: npm
- run: npm ci
if: steps.version.outputs.changed == 'true'
- run: npm run lint
if: steps.version.outputs.changed == 'true'
- run: npm run check-types
if: steps.version.outputs.changed == 'true'
- run: npm test
if: steps.version.outputs.changed == 'true'
- run: npm run build
if: steps.version.outputs.changed == 'true'
- run: npm publish --provenance --access public
if: steps.version.outputs.changed == 'true'
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Tag the release
if: steps.version.outputs.changed == 'true'
run: |
VERSION="v${{ steps.version.outputs.curr }}"
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git tag "$VERSION"
git push origin "$VERSION"