This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish test package to NPM | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| publish: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| defaults: | |
| run: | |
| working-directory: ./ | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Install dependencies | |
| run: npm install | |
| - name: Run publish command | |
| id: publish | |
| run: npx . publish "./test" --webhook "${{ secrets.DISCORD_WEBHOOK_TEST_RELEASE }}" --access-token "${{ secrets.NPM_TOKEN }}" --version+hash --tag github --version+tag --create-tag "test/" --llm-api-key "${{ secrets.LLM_API_KEY }}" | |
| - name: Print output | |
| run: | | |
| echo "Package version: ${{ steps.publish.outputs.package-version }}" | |
| - name: Run publish without tag | |
| run: npx . publish "./test" --webhook "${{ secrets.DISCORD_WEBHOOK_TEST_RELEASE }}" --access-token "${{ secrets.NPM_TOKEN }}" --version+hash | |
| - name: Run publish without commit hash | |
| run: npx . publish "./test" --webhook "${{ secrets.DISCORD_WEBHOOK_TEST_RELEASE }}" --access-token "${{ secrets.NPM_TOKEN }}" | |
| - name: Just add a tag | |
| run: npx . publish "./test" --webhook "${{ secrets.DISCORD_WEBHOOK_TEST_RELEASE }}" --access-token "${{ secrets.NPM_TOKEN }}" --tag github-2 | |
| # OIDC-based publishing (Trusted Publishing) | |
| # NOTE: First publish of a package MUST use --access-token. OIDC only works for existing packages. | |
| # | |
| # To enable OIDC for this package: | |
| # 1. Ensure the package exists on npmjs.com (publish once with --access-token) | |
| # 2. Go to https://www.npmjs.com/package/publish-helper-test-package/access | |
| # 3. Click "Settings" → "Trusted Publisher" → "GitHub Actions" | |
| # 4. Configure: owner (needle-tools), repository (npm-publish-helper), workflow (test.yml) | |
| publish-oidc: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| permissions: | |
| contents: read | |
| id-token: write # Required for OIDC authentication | |
| defaults: | |
| run: | |
| working-directory: ./ | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| # Note: Do NOT set registry-url here for OIDC - it creates .npmrc expecting NODE_AUTH_TOKEN | |
| # which conflicts with OIDC. Let npm use its default registry. | |
| - name: Update npm to latest (OIDC requires npm >= 11.5) | |
| run: | | |
| echo "Current npm version: $(npm --version)" | |
| npm install -g npm@latest | |
| echo "Updated npm version: $(npm --version)" | |
| - name: Check environment for OIDC | |
| run: | | |
| echo "=== Node/npm versions ===" | |
| echo "npm version: $(npm --version)" | |
| echo "node version: $(node --version)" | |
| echo "" | |
| echo "=== OIDC Environment Variables ===" | |
| echo "GITHUB_ACTIONS: $GITHUB_ACTIONS" | |
| echo "ACTIONS_ID_TOKEN_REQUEST_URL: ${ACTIONS_ID_TOKEN_REQUEST_URL:-(not set)}" | |
| echo "ACTIONS_ID_TOKEN_REQUEST_TOKEN: ${ACTIONS_ID_TOKEN_REQUEST_TOKEN:+****(set)}" | |
| echo "" | |
| echo "=== npmrc contents (if any) ===" | |
| cat ~/.npmrc 2>/dev/null || echo "(no ~/.npmrc)" | |
| cat .npmrc 2>/dev/null || echo "(no ./.npmrc)" | |
| - name: Install dependencies | |
| run: npm install | |
| - name: Run publish with OIDC | |
| id: publish-oidc | |
| run: npx . publish "./test" --webhook "${{ secrets.DISCORD_WEBHOOK_TEST_RELEASE }}" --oidc --version+hash --tag oidc --version+tag | |
| - name: Print output | |
| run: | | |
| echo "Package version: ${{ steps.publish-oidc.outputs.package-version }}" |