fix: declare n8n-workflow peer dependency as '*' for n8n Cloud verifi… #3
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish to npm | |
| # Publishes the package to npm with an npm provenance statement. | |
| # Provenance (a Sigstore build attestation) is required for n8n Cloud | |
| # verification and can only be generated from a CI job with OIDC, so all | |
| # releases must go through this workflow rather than a local `npm publish`. | |
| # | |
| # Trigger: push a version tag, e.g. | |
| # git tag v1.3.2 && git push origin v1.3.2 | |
| # The tag must match the `version` in package.json. | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| id-token: write # required for npm provenance (Sigstore OIDC) | |
| jobs: | |
| publish: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Verify tag matches package.json version | |
| if: github.event_name == 'push' | |
| run: | | |
| PKG_VERSION="v$(node -p "require('./package.json').version")" | |
| if [ "$PKG_VERSION" != "$GITHUB_REF_NAME" ]; then | |
| echo "::error::Tag $GITHUB_REF_NAME does not match package.json version $PKG_VERSION" | |
| exit 1 | |
| fi | |
| - name: Install dependencies | |
| run: npm install | |
| - name: Build | |
| run: npm run build | |
| - name: Publish to npm with provenance | |
| run: npm publish --provenance --access public | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |