docs: finalize launch surfaces and packaging #58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| release: | |
| name: Test & Release | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| issues: write | |
| pull-requests: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - name: Install dev dependencies | |
| run: npm ci | |
| - name: Run tests | |
| run: npm run test:gsdd | |
| - name: Audit packed tarball surface | |
| run: npm pack --dry-run --json | |
| - name: Authenticate to npm via OIDC trusted publisher | |
| run: | | |
| OIDC_TOKEN=$(curl -fsSL \ | |
| -H "Authorization: Bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN}" \ | |
| "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=npm" \ | |
| | jq -r '.value') | |
| NPM_TOKEN=$(curl -fsSL \ | |
| -X POST "https://registry.npmjs.org/-/npm/v1/loginoauth" \ | |
| -H "Content-Type: application/json" \ | |
| -d "{\"oidcToken\": \"${OIDC_TOKEN}\"}" \ | |
| | jq -r '.token') | |
| echo "::add-mask::${NPM_TOKEN}" | |
| npm config set //registry.npmjs.org/:_authToken "${NPM_TOKEN}" | |
| echo "NPM_TOKEN=${NPM_TOKEN}" >> "${GITHUB_ENV}" | |
| - name: Release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NPM_CONFIG_PROVENANCE: "true" | |
| run: npx semantic-release |