Merge pull request #6 from PPLEThai/changeset-release/main #23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: [main] | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| id-token: write | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: pnpm | |
| # Trusted publishing requires npm >= 11.5.1 (OIDC + provenance). | |
| - name: Install npm for trusted publishing | |
| run: npm install -g npm@11.5.1 | |
| - run: pnpm install --frozen-lockfile | |
| - name: Create Release Pull Request or Publish | |
| uses: changesets/action@v1 | |
| with: | |
| version: pnpm changeset version | |
| # Use a pnpm script so `&&` runs in a shell (changesets/action uses exec without shell). | |
| publish: pnpm run ci:publish | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Empty string prevents changesets/action from writing an npm token to .npmrc | |
| # so npm can authenticate via GitHub OIDC (trusted publishing). | |
| NPM_TOKEN: "" | |
| NPM_CONFIG_PROVENANCE: "true" |