Skip to content

fix: bundle node icon in published package #4

fix: bundle node icon in published package

fix: bundle node icon in published package #4

Workflow file for this run

name: Publish to npm
# Publishes the package to npm with an npm provenance statement.
# Provenance (a Sigstore build attestation) is required for n8n Cloud
# verification and can only be generated from a CI job with OIDC, so all
# releases must go through this workflow rather than a local `npm publish`.
#
# Trigger: push a version tag, e.g.
# git tag v1.3.2 && git push origin v1.3.2
# The tag must match the `version` in package.json.
on:
push:
tags:
- 'v*'
workflow_dispatch:
permissions:
contents: read
id-token: write # required for npm provenance (Sigstore OIDC)
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22'
registry-url: 'https://registry.npmjs.org'
- name: Verify tag matches package.json version
# Runs for both tag pushes and manual dispatch. A manual dispatch from a
# branch ref fails here (its ref name is not v<version>), so the only way
# to publish is from a tag whose name matches package.json — keeping every
# provenance-backed release tied to a tagged commit.
run: |
PKG_VERSION="v$(node -p "require('./package.json').version")"
if [ "$PKG_VERSION" != "$GITHUB_REF_NAME" ]; then
echo "::error::Ref $GITHUB_REF_NAME does not match package.json version $PKG_VERSION (publish only from a matching tag)"
exit 1
fi
- name: Install dependencies
run: npm install
- name: Build
run: npm run build
- name: Verify icon assets are bundled
run: |
test -f dist/nodes/Hedy/hedy.png || { echo "::error::dist/nodes/Hedy/hedy.png is missing — the build did not bundle the node icon"; exit 1; }
- name: Publish to npm with provenance
run: npm publish --provenance --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}