Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Publish npm packages with provenance #1615

Merged
merged 2 commits into from
May 10, 2024
Merged

Publish npm packages with provenance #1615

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
10fb8b9
Publish npm packages with provenance
May 9, 2024
8fac950
Set version to 0.0.0 because we dynamically generate it now
koddsson May 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 13 additions & 6 deletions .github/workflows/npm-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages

name: Node.js Package
name: Publish to npm

on:
release:
Expand All @@ -14,7 +14,7 @@ jobs:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
node-version: 22
- run: npm ci
- run: npx playwright install --with-deps
- run: npm run build --if-present
Expand All @@ -23,13 +23,20 @@ jobs:
publish-npm:
needs: build
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
registry-url: https://registry.npmjs.org/
node-version: 22.x
registry-url: "https://registry.npmjs.org"
cache: "npm"
- run: npm ci
- run: npm publish
- run: npm run build --if-present
- run: npm version ${TAG_NAME} --git-tag-version=false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this mean we can create releases without having to push a version bump to main?

Will we lose the tags and version in our package file by doing this? Sounds nice being able to release without the extra push but also I like having tags and the right version in the JSON 😅

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this mean we can create releases without having to push a version bump to main?

Yes.

Will we lose the tags and version in our package file by doing this? Sounds nice being able to release without the extra push but also I like having tags and the right version in the JSON 😅

Also yes. Typically I set package.json version to 0.0.0-development so it's clear that the version is generated.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No worries I think that makes sense. @koddsson can you update the package version so that is clear?

env:
TAG_NAME: ${{ github.ref_name }}
- run: npm publish --provenance --access public
env:
NODE_AUTH_TOKEN: ${{secrets.npm_secret}}
NODE_AUTH_TOKEN: ${{ secrets.npm_secret }}