build #2279
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
| # | |
| # NOTE: This workflow is named "build" to maintain compatibility with legacy | |
| # maintenance branches (1.9-maintenance, 1.8-maintenance, etc.) which have | |
| # their own build.yaml that directly publishes to npm. | |
| # | |
| # IMPORTANT: This workflow MUST be the sole entry point for npm publishing | |
| # to work with npm's trusted publishing (OIDC). npm validates the workflow | |
| # that is directly triggered, not reusable workflows called via workflow_call. | |
| # See: https://docs.npmjs.com/trusted-publishers/ | |
| # | |
| # This workflow is triggered via workflow_dispatch from: | |
| # 1. main.yaml's publish-npm job (for regular releases) | |
| # 2. publish-pr.yaml (for PR pre-releases) | |
| name: build | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| run_id: | |
| description: 'Run ID of the workflow that created the npm-packages artifact' | |
| required: true | |
| type: string | |
| tag: | |
| description: 'npm dist-tag to use (e.g., "latest", "dev", "pr-123")' | |
| required: true | |
| type: string | |
| jobs: | |
| npm-publish: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/download-artifact@v8 | |
| with: | |
| name: npm-packages | |
| run-id: ${{ inputs.run_id }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - run: ls -la | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: lts/* | |
| registry-url: https://registry.npmjs.org | |
| - run: sudo npm install -g npm@latest && npm --version | |
| - name: Publish packages | |
| run: | | |
| set -ex | |
| TAG="${{ inputs.tag }}" | |
| for pkg in fedify-*.tgz; do | |
| # Skip private packages | |
| if tar -xOzf "$pkg" package/package.json | jq -e '.private == true' > /dev/null 2>&1; then | |
| echo "Skipping private package: $pkg" | |
| continue | |
| fi | |
| PKG_NAME=$(tar -xOzf "$pkg" package/package.json | jq -r .name) | |
| PKG_VERSION=$(tar -xOzf "$pkg" package/package.json | jq -r .version) | |
| # Skip if this version is already published | |
| if npm view "$PKG_NAME@$PKG_VERSION" version > /dev/null 2>&1; then | |
| echo "Skipping already published: $PKG_NAME@$PKG_VERSION" | |
| continue | |
| fi | |
| # Publish with retry (up to 3 attempts) | |
| success=false | |
| for attempt in 1 2 3; do | |
| echo "Publishing $PKG_NAME@$PKG_VERSION (attempt $attempt/3)" | |
| if npm publish \ | |
| --logs-dir=. \ | |
| --provenance \ | |
| --access public \ | |
| --tag "$TAG" \ | |
| "$pkg"; then | |
| echo "Successfully published $PKG_NAME@$PKG_VERSION" | |
| success=true | |
| break | |
| fi | |
| # Check if version was published by another concurrent run | |
| if npm view "$PKG_NAME@$PKG_VERSION" version > /dev/null 2>&1; then | |
| echo "Version $PKG_VERSION already exists on npm (published by another run)" | |
| success=true | |
| break | |
| fi | |
| echo "Failed to publish $PKG_NAME@$PKG_VERSION, waiting 30 seconds..." | |
| sleep 30 | |
| done | |
| if [ "$success" = false ]; then | |
| echo "ERROR: Failed to publish $PKG_NAME@$PKG_VERSION after 3 attempts" | |
| exit 1 | |
| fi | |
| rm -f *.log | |
| done |