TEMPORARY: Remove registry-url to allow native OIDC #35
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Cofhe Contracts Package to npmjs | |
| on: | |
| release: | |
| types: [published] | |
| push: # TEMPORARY: for testing OIDC - remove before merge | |
| branches: [fix/npm-oidc-provenance] | |
| permissions: | |
| contents: read | |
| id-token: write # Required for NPM provenance | |
| jobs: | |
| publish: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20.x | |
| # Note: NOT setting registry-url so npm can use OIDC natively | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: latest | |
| run_install: false | |
| - name: Install deps | |
| run: cd contracts && pnpm install | |
| - name: Read package version | |
| id: package_version | |
| run: echo "VERSION=$(jq -r .version < ./contracts/package.json)" >> $GITHUB_ENV | |
| - name: Determine prerelease tag | |
| id: prerelease_check | |
| run: | | |
| if [[ "${{ env.VERSION }}" =~ \-(alpha|beta)\.[0-9]+$ ]]; then | |
| echo "PRERELEASE=--tag beta" >> $GITHUB_ENV | |
| else | |
| echo "PRERELEASE=" >> $GITHUB_ENV | |
| fi | |
| - run: cd contracts && npm publish --provenance --access public ${{ env.PRERELEASE }} # TEMPORARY: testing OIDC |