Skip to content

fix: add provenance statement to npm publish fp-136 (#143) #55

fix: add provenance statement to npm publish fp-136 (#143)

fix: add provenance statement to npm publish fp-136 (#143) #55

Workflow file for this run

env:
ARTIFACT_NAME: dist
ARTIFACT_PATH: ./dist
name: Continuous Delivery
on:
push:
branches:
- main
concurrency:
group: cd-${{ github.ref }}
cancel-in-progress: true
jobs:
release:
name: Release
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
outputs:
release_created: ${{ steps.release.outputs.release_created }}
steps:
- name: Code Checkout
uses: actions/checkout@v4
- name: Release
id: release
uses: google-github-actions/release-please-action@v3
with:
command: manifest
dependencies:
name: Install Dependencies
needs: release
if: ${{ needs.release.outputs.release_created }}
runs-on: ubuntu-latest
steps:
- name: Code Checkout
uses: actions/checkout@v4
- name: Install NodeJS
uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
- name: Cache Dependencies
id: cache
uses: actions/cache@v3
with:
path: '**/node_modules'
key: cd-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
cd-
- name: Install Dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: npm install
build:
name: Build
needs: dependencies
runs-on: ubuntu-latest
steps:
- name: Code Checkout
uses: actions/checkout@v4
- name: Install NodeJS
uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
- name: Restore Dependencies
uses: actions/cache@v3
with:
path: '**/node_modules'
key: cd-${{ hashFiles('**/package-lock.json') }}
- name: Code Building
run: npm run build
- name: Upload Artifact
uses: actions/upload-artifact@v3
with:
name: ${{ env.ARTIFACT_NAME }}
path: ${{ env.ARTIFACT_PATH }}
npm-publish:
name: NPM Publish
needs: build
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- name: Code Checkout
uses: actions/checkout@v4
- name: Install NodeJS
uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
registry-url: https://registry.npmjs.org
- name: Download Artifact
uses: actions/download-artifact@v3
with:
name: ${{ env.ARTIFACT_NAME }}
path: ${{ env.ARTIFACT_PATH }}
- name: Publish
working-directory: ${{ env.ARTIFACT_PATH }}
run: npm publish --provenance --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
gpr-publish:
name: GPR Publish
needs: build
runs-on: ubuntu-latest
steps:
- name: Code Checkout
uses: actions/checkout@v4
- name: Install NodeJS
uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
registry-url: https://npm.pkg.github.com
- name: Download Artifact
uses: actions/download-artifact@v3
with:
name: ${{ env.ARTIFACT_NAME }}
path: ${{ env.ARTIFACT_PATH }}
- name: Publish
working-directory: ${{ env.ARTIFACT_PATH }}
run: |
npm init -y --scope=@${{ github.repository_owner }}
npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}