release #45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_run: | |
| workflows: ["build"] | |
| branches: [main] | |
| types: | |
| - completed | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| id-token: write # Required for OIDC | |
| concurrency: ${{ github.workflow }}-${{ github.ref }} | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| # Setup Node.js to enable trusted publishing with OIDC authentication. | |
| # The registry-url configures npm to use GitHub Actions OIDC tokens for | |
| # authentication, eliminating the need for NPM_TOKEN secrets. When | |
| # changeset publish runs npm publish, it will automatically use OIDC | |
| # and generate provenance attestations. | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: "24" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: 1.3.6 | |
| - name: Install dependencies | |
| run: bun install --frozen-lockfile | |
| - name: Build project | |
| run: bun run build | |
| - name: Configure npm authentication | |
| run: echo '//registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}' >> .npmrc | |
| - name: Create Release Pull Request or Publish to npm | |
| id: changesets | |
| uses: changesets/action@v1 | |
| with: | |
| publish: bun run release | |
| version: bun run version | |
| title: "chore: release" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |