-
Notifications
You must be signed in to change notification settings - Fork 255
74 lines (71 loc) · 2.39 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
name: Release
# Workflow name based on selected inputs.
# Fallback to default GitHub naming when expression evaluates to empty string
run-name: >
${{ inputs.release && 'Release ➤ Publish to NPM' || inputs.dryrun && 'Release ➤ Dry-run' || '' }}
on:
pull_request:
push:
branches: [main]
workflow_dispatch:
inputs:
release:
description: 'Publish new release'
default: false
type: boolean
dryrun:
description: 'Dry run'
default: false
type: boolean
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
dryrun:
# only run if opt-in during workflow_dispatch
name: 'Release: Dry-run release process'
if: always() && github.event.inputs.dryrun == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
# Need to fetch entire commit history to
# analyze every commit since last release
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: lts/*
cache: npm
- run: npm ci
- run: npx semantic-release --dry-run
if: always()
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
release:
name: 'Release: Publish to NPM'
permissions:
issues: write # for release notes, comments…
contents: write # for checkout + push + release creation
id-token: write # to enable use of OIDC for npm provenanc
if: always() && github.event.inputs.release == 'true' && github.event.inputs.dryrun == 'false'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
# Need to fetch entire commit history to
# analyze every commit since last release
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: lts/*
cache: npm
- run: npm ci
- run: npx semantic-release
# Don't allow interrupting the release step if the job is cancelled, as it can lead to an inconsistent state
# e.g. git tags were pushed but it exited before `npm publish`
if: always() && github.event.inputs.release == 'true'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
NPM_CONFIG_PROVENANCE: true