-
Notifications
You must be signed in to change notification settings - Fork 0
128 lines (111 loc) · 3.93 KB
/
release.yml
File metadata and controls
128 lines (111 loc) · 3.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
name: Release
on:
push:
tags:
- "v*"
concurrency:
group: release-${{ github.ref }}
cancel-in-progress: false
jobs:
release:
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Verify tagged commit is on main
shell: bash
run: |
set -euo pipefail
git fetch origin main --no-tags
if ! git merge-base --is-ancestor "$GITHUB_SHA" "origin/main"; then
echo "Tag ${GITHUB_REF_NAME} does not point to a commit on origin/main." >&2
exit 1
fi
- name: Check for merge conflict markers
run: |
if git grep -nE '^(<<<<<<<|=======|>>>>>>>)' -- .; then
echo "Merge conflict markers found in tracked files." >&2
exit 1
fi
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: 22
registry-url: https://registry.npmjs.org
cache: npm
- name: Upgrade npm for trusted publishing
run: npm install --global npm@^11.5.1
- name: Verify npm supports trusted publishing
shell: bash
run: |
set -euo pipefail
NPM_VERSION="$(npm --version)"
echo "Detected npm ${NPM_VERSION}"
IFS='.' read -r major minor patch <<< "${NPM_VERSION}"
if (( major < 11 || (major == 11 && minor < 5) || (major == 11 && minor == 5 && patch < 1) )); then
echo "npm ${NPM_VERSION} is too old for trusted publishing; require >= 11.5.1." >&2
exit 1
fi
- name: Install dependencies
run: npm ci
- name: Run quality checks
run: npm run check
- name: Build package
run: npm run build
- name: Verify tag matches package version
id: package_meta
shell: bash
run: |
set -euo pipefail
VERSION="$(node -p "require('./package.json').version")"
NAME="$(node -p "require('./package.json').name")"
TAG="${GITHUB_REF_NAME}"
EXPECTED_TAG="v${VERSION}"
if [[ "$TAG" != "$EXPECTED_TAG" ]]; then
echo "Tag ${TAG} does not match package.json version ${VERSION}. Expected ${EXPECTED_TAG}." >&2
exit 1
fi
echo "package_name=$NAME" >> "$GITHUB_OUTPUT"
echo "package_version=$VERSION" >> "$GITHUB_OUTPUT"
- name: Pack package
id: tarball
shell: bash
run: |
set -euo pipefail
TARBALL="$(npm pack --ignore-scripts | tail -n 1)"
echo "tarball=$TARBALL" >> "$GITHUB_OUTPUT"
- name: Check whether this version is already published
id: npm_version
shell: bash
run: |
set -euo pipefail
NAME="${{ steps.package_meta.outputs.package_name }}"
VERSION="${{ steps.package_meta.outputs.package_version }}"
if npm view "$NAME@$VERSION" version >/dev/null 2>&1; then
echo "should_publish=false" >> "$GITHUB_OUTPUT"
echo "Version $VERSION is already published. Skipping npm publish."
else
echo "should_publish=true" >> "$GITHUB_OUTPUT"
echo "Version $VERSION is not published yet. Proceeding."
fi
- name: Publish to npm
if: steps.npm_version.outputs.should_publish == 'true'
run: npm publish --access public --provenance
- name: Create or update GitHub release
env:
GH_TOKEN: ${{ github.token }}
shell: bash
run: |
set -euo pipefail
TAG="${GITHUB_REF_NAME}"
TARBALL="${{ steps.tarball.outputs.tarball }}"
if gh release view "$TAG" >/dev/null 2>&1; then
gh release upload "$TAG" "$TARBALL" --clobber
else
gh release create "$TAG" "$TARBALL" --title "$TAG" --generate-notes
fi