fedify/.github/workflows/build.yaml at main · 54GradSoftware/fedify · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
#
# NOTE: This workflow is named "build" to maintain compatibility with legacy
# maintenance branches (1.9-maintenance, 1.8-maintenance, etc.) which have
# their own build.yaml that directly publishes to npm.
#
# IMPORTANT: This workflow MUST be the sole entry point for npm publishing
# to work with npm's trusted publishing (OIDC). npm validates the workflow
# that is directly triggered, not reusable workflows called via workflow_call.
# See: https://docs.npmjs.com/trusted-publishers/
#
# This workflow is triggered via workflow_dispatch from:
# 1. main.yaml's publish-npm job (for regular releases)
# 2. publish-pr.yaml (for PR pre-releases)
name: build

on:
  workflow_dispatch:
    inputs:
      run_id:
        description: 'Run ID of the workflow that created the npm-packages artifact'
        required: true
        type: string
      tag:
        description: 'npm dist-tag to use (e.g., "latest", "dev", "pr-123")'
        required: true
        type: string

jobs:
  npm-publish:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
    steps:
    - uses: actions/download-artifact@v4
      with:
        name: npm-packages
        run-id: ${{ inputs.run_id }}
        github-token: ${{ secrets.GITHUB_TOKEN }}
    - run: ls -la
    - name: Setup Node.js
      uses: actions/setup-node@v4
      with:
        node-version: lts/*
        registry-url: https://registry.npmjs.org
    - run: sudo npm install -g npm@latest && npm --version
    - name: Publish packages
      run: |
        set -ex
        TAG="${{ inputs.tag }}"
        for pkg in fedify-*.tgz; do
          # Skip private packages
          if tar -xOzf "$pkg" package/package.json | jq -e '.private == true' > /dev/null 2>&1; then
            echo "Skipping private package: $pkg"
            continue
          fi
          npm publish \
            --logs-dir=. \
            --provenance \
            --access public \
            --tag "$TAG" \
            "$pkg" \
            || grep "Cannot publish over previously published version" *.log
          rm -f *.log
        done