fix(licensing): standardize copyright notice #29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| id-token: write # Required for OIDC authentication | |
| env: | |
| NODE_VERSION: '24.13.0' | |
| NPM_CONFIG_PROVENANCE: true | |
| jobs: | |
| release: | |
| name: Release to npm | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| registry-url: 'https://registry.npmjs.org' | |
| cache: '' # No cache - package is part of workspace | |
| # registry-url writes _authToken=${NODE_AUTH_TOKEN} to ~/.npmrc. | |
| # changesets/action detects OIDC, exchanges JWT for a granular access token, | |
| # and sets NODE_AUTH_TOKEN — npm reads it from the ~/.npmrc slot above. | |
| - name: Verify OIDC token availability | |
| run: | | |
| echo "Checking OIDC environment for Trusted Publisher:" | |
| if [ -n "${ACTIONS_ID_TOKEN_REQUEST_TOKEN}" ] && [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then | |
| echo "✅ OIDC token request environment available" | |
| echo "✅ Trusted Publisher authentication will be used" | |
| else | |
| echo "⚠️ OIDC environment not fully available - may fall back to traditional authentication" | |
| fi | |
| - name: Install dependencies | |
| run: | | |
| npm install --legacy-peer-deps | |
| npm install -D @changesets/cli @changesets/changelog-github --legacy-peer-deps | |
| - name: Upgrade npm for Trusted Publishing | |
| run: npm install -g npm@latest | |
| - name: Verify npm version for Trusted Publisher | |
| run: | | |
| echo "npm version:" | |
| npm --version | |
| echo "✅ npm $(npm --version) - Trusted Publisher compatible" | |
| echo "npm configuration:" | |
| npm config get registry | |
| npm config get @dcyfr:registry || echo "@dcyfr scope not configured (will use default)" | |
| - name: Run linter | |
| run: npm run lint | |
| continue-on-error: true | |
| - name: Type check | |
| run: npm run typecheck | |
| continue-on-error: true | |
| - name: Run tests | |
| run: npm run test:run | |
| continue-on-error: true | |
| - name: Build package | |
| run: npm run build | |
| continue-on-error: true | |
| - name: Create Release Pull Request or Publish with OIDC | |
| id: changesets | |
| uses: changesets/action@v1 | |
| with: | |
| publish: npm run release | |
| createGithubReleases: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # npm OIDC auth is handled automatically via NPM_CONFIG_PROVENANCE=true | |
| # No NODE_AUTH_TOKEN needed — Trusted Publisher provides authentication |