Publish to npm #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish to npm | |
| on: | |
| push: | |
| tags: | |
| - 'v*' # Triggers on version tags like v1.0.0 | |
| workflow_dispatch: # Manual trigger | |
| jobs: | |
| publish: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # Required to create releases | |
| id-token: write # Required for OIDC trusted publishing | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Fetch all history and tags | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| registry-url: 'https://registry.npmjs.org' | |
| # Use token for authentication (update NPM_TOKEN secret if expired) | |
| # After first publish, you can switch to OIDC by: | |
| # 1. Setting up trusted publisher on npmjs.com (Settings → Access Tokens → Add Trusted Publisher) | |
| # 2. Removing the token line below | |
| token: ${{ secrets.NPM_TOKEN }} | |
| - name: Enable Corepack (for Yarn) | |
| run: corepack enable | |
| - name: Install dependencies | |
| run: yarn install --frozen-lockfile | |
| - name: Build package | |
| run: yarn build:package | |
| - name: Determine version and tag | |
| id: version-info | |
| run: | | |
| if [[ "${{ github.ref_type }}" == "tag" ]]; then | |
| # If triggered by tag push, use the tag (remove 'refs/tags/' prefix and 'v' prefix) | |
| TAG_NAME="${{ github.ref_name }}" | |
| VERSION="${TAG_NAME#v}" # Remove 'v' prefix if present | |
| echo "Using existing tag: $TAG_NAME" | |
| else | |
| # If triggered manually, get version from package.json | |
| VERSION=$(node -p "require('./package.json').version") | |
| TAG_NAME="v$VERSION" | |
| echo "Using version from package.json: $VERSION" | |
| fi | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| echo "tag=$TAG_NAME" >> $GITHUB_OUTPUT | |
| - name: Publish to npm | |
| run: npm publish --access public | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| # Token is also set in setup-node step above, but npm publish may need it in env too | |
| # After first publish, set up OIDC trusted publishing on npmjs.com | |
| # Then remove both token references | |
| - name: Create git tag if it doesn't exist | |
| id: create-tag | |
| run: | | |
| TAG="${{ steps.version-info.outputs.tag }}" | |
| if git rev-parse "$TAG" >/dev/null 2>&1; then | |
| echo "Tag $TAG already exists (triggered by tag push)" | |
| else | |
| echo "Creating tag $TAG after successful npm publish" | |
| git tag "$TAG" | |
| git push origin "$TAG" | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create GitHub Release | |
| run: | | |
| gh release create "${{ steps.version-info.outputs.tag }}" \ | |
| --title "Release ${{ steps.version-info.outputs.tag }}" \ | |
| --notes "Published to npm as \`audio-ml@${{ steps.version-info.outputs.version }}\`" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |