Merge pull request #65 from muhammedaksam/develop #53
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Package (Trusted Publishing) | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| permissions: | |
| id-token: write # Required for OIDC trusted publishing | |
| contents: read | |
| jobs: | |
| publish: | |
| name: Publish to npm with Trusted Publishing | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Setup environment | |
| uses: ./.github/actions/setup | |
| with: | |
| frozen-lockfile: "true" | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: "22.x" | |
| registry-url: "https://registry.npmjs.org" | |
| # npm >= 11.5.1 is required for OIDC trusted publishing | |
| # npm self-upgrade is broken on ubuntu-24.04 runners (missing promise-retry) | |
| # Use npx to bootstrap a fresh npm copy that can perform the upgrade | |
| - name: Update npm for trusted publishing | |
| run: npx -y npm@latest install -g npm@latest | |
| - name: Build package | |
| run: bun run build | |
| - name: Verify build artifacts | |
| run: | | |
| if [ ! -f "dist/index.js" ]; then | |
| echo "ERROR: Build artifacts missing - dist/index.js not found" | |
| exit 1 | |
| fi | |
| echo "✓ Build artifacts verified" | |
| ls -la dist/ | |
| # Publish using OIDC authentication (no NPM_TOKEN needed) | |
| # Prereleases are published with extracted tag (e.g., v1.0.0-dev.1 → --tag dev) | |
| - name: Publish to npm | |
| run: | | |
| VERSION="${GITHUB_REF#refs/tags/v}" | |
| if [[ "$VERSION" == *"-"* ]]; then | |
| # Extract tag name: 1.0.0-dev.1 → dev, 1.0.0-beta.2 → beta | |
| PRERELEASE="${VERSION#*-}" # dev.1 or beta.2 | |
| TAG="${PRERELEASE%%.*}" # dev or beta | |
| echo "Publishing prerelease version $VERSION with --tag $TAG" | |
| npm publish --access public --no-git-checks --tag "$TAG" | |
| else | |
| echo "Publishing stable version $VERSION" | |
| npm publish --access public --no-git-checks | |
| fi |