feat: implement automated NPM publishing with GitHub Actions #9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test & Publish | |
| # Explicit permissions for security | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| id-token: write | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| workflow_dispatch: | |
| jobs: | |
| test-and-build: | |
| name: Test, Lint & Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js 22.15.1 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22.15.1 | |
| - name: Get number of CPU cores | |
| id: cpu-cores | |
| uses: SimenB/github-actions-cpu-cores@97ba232459a8e02ff6121db9362b09661c875ab8 # v2.0.0 | |
| - name: Get yarn cache directory path | |
| id: yarn-cache-dir-path | |
| run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT | |
| - uses: actions/cache@v3 | |
| id: yarn-cache | |
| with: | |
| path: | | |
| ${{ steps.yarn-cache-dir-path.outputs.dir }} | |
| node_modules | |
| key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }} | |
| - name: Install dependencies | |
| run: yarn install --frozen-lockfile | |
| - name: Unit tests | |
| run: yarn test --max-workers ${{ steps.cpu-cores.outputs.count }} | |
| - name: Generate component props | |
| run: yarn docs:generate-component-props | |
| - name: Lint | |
| run: yarn lint | |
| - name: Build packages | |
| run: yarn build | |
| publish: | |
| name: Publish to NPM | |
| runs-on: ubuntu-latest | |
| needs: [test-and-build] | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| permissions: | |
| contents: write # Needed to create releases and tags | |
| pull-requests: write # Needed to create Release PRs | |
| id-token: write # Needed for NPM provenance | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| # This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits | |
| fetch-depth: 0 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22.15.1 | |
| cache: 'yarn' | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Install Dependencies | |
| run: yarn install --frozen-lockfile | |
| - name: Configure npm for public publishing | |
| run: | | |
| echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc | |
| echo "@ag.ds-next:registry=https://registry.npmjs.org" >> ~/.npmrc | |
| echo "access=public" >> ~/.npmrc | |
| env: | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - name: Publish to NPM | |
| run: | | |
| echo "Publishing packages to NPM registry..." | |
| yarn publish-changed | |
| env: | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - name: Display notification if a publish happens | |
| run: echo "Packages published to NPM successfully!" |