ci: harden npm trusted publishing workflow #910
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: validate | |
| on: | |
| push: | |
| branches: | |
| # Match SemVer major release branches | |
| # e.g. "12.x" or "8.x" | |
| - '[0-9]+.x' | |
| - 'main' | |
| - 'beta' | |
| - 'alpha' | |
| - '!all-contributors/**' | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| main: | |
| permissions: | |
| contents: read # to fetch code (actions/checkout) | |
| # ignore all-contributors PRs | |
| if: ${{ !contains(github.head_ref, 'all-contributors') }} | |
| strategy: | |
| # Otherwise we would not know if the problem is tied to the Node.js version | |
| fail-fast: false | |
| matrix: | |
| node: [18, 24] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| with: | |
| # required by codecov/codecov-action | |
| fetch-depth: 0 | |
| - name: Setup node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node }} | |
| - name: Download deps | |
| uses: bahmutov/npm-install@v1 | |
| with: | |
| useLockFile: false | |
| # TODO: Can be removed if https://github.com/kentcdodds/kcd-scripts/pull/146 is released | |
| - name: Verify format (`npm run format` committed?) | |
| run: npm run format -- --check --no-write | |
| - name: Run validate script | |
| run: npm run validate | |
| - name: Upload coverage report | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| fail_ci_if_error: true | |
| flags: node-${{ matrix.node }} | |
| token: ${{ secrets.CODECOV_TOKEN }} # required | |
| build-release-artifact: | |
| needs: main | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| if: ${{ github.repository == 'testing-library/dom-testing-library' && github.event_name == 'push' }} | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Setup node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 24 | |
| - name: Install dependencies | |
| run: npm install --ignore-scripts | |
| - name: Run build script | |
| run: npm run build | |
| - name: Upload package artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: npm-package-dist | |
| path: dist | |
| if-no-files-found: error | |
| retention-days: 7 | |
| release: | |
| needs: build-release-artifact | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| issues: write | |
| pull-requests: write | |
| if: ${{ github.repository == 'testing-library/dom-testing-library' && github.event_name == 'push' }} | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Setup node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 24 | |
| registry-url: 'https://registry.npmjs.org/' | |
| - name: Download package artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: npm-package-dist | |
| path: dist | |
| - name: Release | |
| uses: cycjimmy/semantic-release-action@v5 | |
| with: | |
| semantic_version: 25 | |
| branches: | | |
| [ | |
| '+([0-9])?(.{+([0-9]),x}).x', | |
| 'main', | |
| {name: 'beta', prerelease: true}, | |
| {name: 'alpha', prerelease: true} | |
| ] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |