Skip to content
Release

chore(release): 发布 2.0.4b1 预发布版本 #60

Sign in to view logs

chore(release): 发布 2.0.4b1 预发布版本

chore(release): 发布 2.0.4b1 预发布版本 #60

Workflow file for this run

.github/workflows/release.yml at fd94783
# 自动发布 npm 包 @opensec/secbot(以 2.0.3 / 标签 v2.0.3 为例)
# 1. 确认根目录 package.json 的 version 与即将打的标签一致(如 2.0.3 对应标签 v2.0.3)。
# 2. NPM_TOKEN(npm 账号若开启 2FA,必须二选一,否则会报 403:需 bypass 2FA 才能 publish):
# · Granular Access Token:Packages 选 Read and write;创建时勾选「允许发布时绕过双因素认证」
# (英文界面类似 "Bypass two-factor authentication (2FA) for writes",以 npm 网站为准)。
# · 或 Classic Token:类型必须选 Automation(勿用需 OTP 的 Publish 类令牌)。
# 权限须覆盖 @opensec;GitHub Secret 名仍为 NPM_TOKEN。
# 勿在仓库根目录提交含 //registry.../:_authToken 的 .npmrc(已 .gitignore);与 PyPI 勿提交 .pypirc 同理。
# 3. git tag v2.0.3 && git push origin v2.0.3
# 将触发:构建 → 校验版本 → 打 GitHub Release 并上传 tgz → npm publish(npmjs)+
# GitHub Packages(仓库 Settings → Packages 可见;包名为 @<仓库所有者>/secbot,与 @opensec/secbot 并存)。
# 工作流 permissions 需含 packages: write(已配置);使用 GITHUB_TOKEN 认证 npm.pkg.github.com。
name: Release
on:
push:
tags:
- 'v*.*.*'
workflow_dispatch:
permissions:
contents: write
packages: write
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '24'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Match package.json version to git tag
if: startsWith(github.ref, 'refs/tags/v')
run: |
set -e
REF_NAME="${GITHUB_REF_NAME#refs/tags/}"
REF_NAME="${REF_NAME#v}"
PKG_VER="$(node -p "require('./package.json').version")"
if [ "$REF_NAME" != "$PKG_VER" ]; then
echo "::error::package.json version is $PKG_VER but tag resolves to $REF_NAME (expected v$PKG_VER)"
exit 1
fi
- name: CI checks
run: npm run typecheck && npm run lint && npm run format:check && npm test
- name: Build package
run: npm run release:pack
- name: Upload package artifact
uses: actions/upload-artifact@v4
with:
name: secbot-npm-package
path: '*.tgz'
upload-assets:
name: GitHub Release assets
needs: build
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/v')
steps:
- name: Download built package
uses: actions/download-artifact@v4
with:
name: secbot-npm-package
path: artifacts
- name: Create or update release and upload .tgz
uses: softprops/action-gh-release@v2
with:
files: artifacts/*.tgz
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
publish-npm:
name: Publish to npm registry
needs: build
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/v')
steps:
- uses: actions/checkout@v4
- name: Set up Node.js for npm
uses: actions/setup-node@v4
with:
node-version: '24'
registry-url: 'https://registry.npmjs.org'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Verify npm registry authentication
run: npm whoami
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Publish to npm
run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
publish-github-packages:
name: Publish to GitHub Packages
needs: build
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/v')
steps:
- uses: actions/checkout@v4
# GitHub Packages 要求作用域小写,与 apply-github-packages-name.js 中 pkg.name 一致
- name: Normalize npm scope owner (lowercase)
run: echo "NPM_SCOPE_OWNER=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
- name: Set up Node.js for GitHub Packages
uses: actions/setup-node@v4
with:
node-version: '24'
registry-url: 'https://npm.pkg.github.com'
scope: '${{ env.NPM_SCOPE_OWNER }}'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Apply scoped name for GitHub Packages registry
run: node scripts/apply-github-packages-name.js
env:
GITHUB_REPOSITORY_OWNER: ${{ env.NPM_SCOPE_OWNER }}
- name: Publish to GitHub Packages
run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}