Release #7

	name: Release

	on:
	push:
	tags:
	- "v*"

	jobs:
	release:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	id-token: write # needed for npm provenance

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Setup Node.js
	uses: actions/setup-node@v4
	with:
	node-version: "20"
	registry-url: "https://registry.npmjs.org"

	- name: Setup pnpm
	uses: pnpm/action-setup@v4
	with:
	version: 9

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Build
	run: pnpm build

	- name: Run tests
	run: pnpm test
	continue-on-error: true # Don't fail if no tests exist yet

	- name: Publish to npm
	run: pnpm publish --access public --provenance
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

	- name: Create GitHub Release
	uses: actions/create-release@v1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	tag_name: ${{ github.ref_name }}
	release_name: Release ${{ github.ref_name }}
	body: \|
	Release ${{ github.ref_name }}

	See [CHANGELOG.md](https://github.com/statico/lockfile-guardian/blob/main/CHANGELOG.md) for details.
	draft: false
	prerelease: ${{ contains(github.ref_name, '-') }}

Provide feedback