Merge pull request #138 from muhammedaksam/develop #17
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Package (Trusted Publishing) | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| permissions: | |
| id-token: write # Required for OIDC trusted publishing | |
| contents: read | |
| jobs: | |
| publish: | |
| name: Publish to npm with Trusted Publishing | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v5 | |
| with: | |
| node-version: '22.x' | |
| registry-url: 'https://registry.npmjs.org' | |
| package-manager-cache: false | |
| # npm >= 11.5.1 is required for OIDC trusted publishing | |
| # npm self-upgrade is broken on ubuntu-24.04 runners (missing promise-retry) | |
| # Use npx to bootstrap a fresh npm copy that can perform the upgrade | |
| - name: Update npm for trusted publishing | |
| run: npx -y npm@latest install -g npm@latest | |
| - name: Install pnpm | |
| run: | | |
| npm install -g pnpm@10.23.0 | |
| pnpm --version | |
| - name: Get pnpm store directory | |
| shell: bash | |
| run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV | |
| - name: Setup pnpm cache | |
| uses: actions/cache@v5 | |
| with: | |
| path: ${{ env.STORE_PATH }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run linting | |
| run: pnpm run lint | |
| - name: Check formatting | |
| run: pnpm run format:check | |
| - name: Run tests | |
| run: pnpm run test | |
| - name: Build project | |
| run: pnpm run build | |
| - name: Verify build artifacts | |
| run: | | |
| if [ ! -f "dist/index.js" ]; then | |
| echo "ERROR: Build artifacts missing in dist/" | |
| exit 1 | |
| fi | |
| echo "✓ Build artifacts verified" | |
| # Publish using OIDC authentication (no NPM_TOKEN needed) | |
| # Provenance is automatically generated for public packages from public repos | |
| - name: Publish to npm | |
| run: pnpm publish --access public --no-git-checks |