Skip to content

Commit 4f03853

Browse files
patches-krollpatches-kroll
committed
Pulled back to dead simple publish
1 parent 67c8fe3 commit 4f03853

1 file changed

Lines changed: 7 additions & 110 deletions

File tree

.github/workflows/release.yml

Lines changed: 7 additions & 110 deletions
Original file line numberDiff line numberDiff line change
@@ -1,122 +1,19 @@
1-
name: Release to npm
2-
3-
on:
4-
release:
5-
types: [published]
6-
workflow_dispatch:
7-
inputs:
8-
version:
9-
description: 'Version to publish (e.g., 0.8.6). If not provided, uses git tag.'
10-
required: false
11-
type: string
12-
131
jobs:
142
publish:
153
runs-on: ubuntu-latest
164
permissions:
175
contents: read
18-
id-token: write
6+
id-token: write # Needed for --provenance signing
197

208
steps:
21-
- name: Checkout code
22-
uses: actions/checkout@v5
23-
with:
24-
submodules: recursive
25-
26-
- name: Setup Node.js
27-
uses: actions/setup-node@v4
9+
- uses: actions/checkout@v4
10+
- uses: actions/setup-node@v4
2811
with:
29-
node-version: '22'
30-
registry-url: 'https://registry.npmjs.org'
12+
node-version: "22"
13+
registry-url: "https://registry.npmjs.org"
3114

32-
- name: Set version from tag or input
33-
run: |
34-
# Check if version was provided via workflow_dispatch input
35-
if [[ -n "${{ inputs.version }}" ]]; then
36-
INPUT_VERSION="${{ inputs.version }}"
37-
# Remove 'v' prefix if present
38-
VERSION=${INPUT_VERSION#v}
39-
echo "Using version from workflow input: $VERSION"
40-
elif [[ "$GITHUB_REF" == refs/tags/* ]]; then
41-
TAG_VERSION=${GITHUB_REF#refs/tags/}
42-
# Remove 'v' prefix if present
43-
VERSION=${TAG_VERSION#v}
44-
echo "Using version from git tag: $VERSION"
45-
else
46-
echo "No version provided and not building from a tag, using default version"
47-
VERSION="0.0.0"
48-
fi
49-
50-
echo "Setting version to: $VERSION"
51-
npm --no-git-tag-version version "$VERSION" || exit 1
52-
echo "PACKAGE_VERSION=$VERSION" >> $GITHUB_ENV
53-
54-
- name: Build
55-
run: |
56-
echo "Publishing version: $PACKAGE_VERSION"
57-
cat package.json | grep -A2 '"name"'
58-
npm ci
59-
npm run codegen
60-
npm run build:release
61-
62-
- name: Get NPM token via OIDC
63-
uses: actions/github-script@v7
64-
with:
65-
script: |
66-
const https = require('https');
67-
const fs = require('fs');
68-
69-
// Get OIDC token from GitHub
70-
console.log('Getting OIDC token from GitHub...');
71-
const token = await core.getIDToken('https://registry.npmjs.org');
72-
console.log('Successfully got OIDC token');
73-
74-
// Exchange it with NPM
75-
console.log('Exchanging OIDC token for NPM access token...');
76-
return new Promise((resolve, reject) => {
77-
const postData = JSON.stringify({});
78-
const options = {
79-
hostname: 'registry.npmjs.org',
80-
path: '/-/npm/v1/security/oidc/login',
81-
method: 'POST',
82-
headers: {
83-
'Authorization': `Bearer ${token}`,
84-
'Content-Type': 'application/json',
85-
'Content-Length': Buffer.byteLength(postData)
86-
}
87-
};
88-
89-
const req = https.request(options, (res) => {
90-
let body = '';
91-
res.on('data', chunk => body += chunk);
92-
res.on('end', () => {
93-
try {
94-
const data = JSON.parse(body);
95-
if (res.statusCode !== 200) {
96-
console.log('NPM returned status:', res.statusCode);
97-
console.log('Response:', body);
98-
throw new Error(`NPM returned ${res.statusCode}`);
99-
}
100-
if (!data.token) {
101-
throw new Error('No token in NPM response');
102-
}
103-
console.log('Got NPM token, updating .npmrc');
104-
const npmrcPath = `${process.env.HOME}/.npmrc`;
105-
let npmrc = fs.readFileSync(npmrcPath, 'utf8');
106-
npmrc += `\n//registry.npmjs.org/:_authToken=${data.token}\n`;
107-
fs.writeFileSync(npmrcPath, npmrc);
108-
console.log('Updated .npmrc with auth token');
109-
resolve();
110-
} catch (err) {
111-
reject(err);
112-
}
113-
});
114-
});
115-
116-
req.on('error', reject);
117-
req.write(postData);
118-
req.end();
119-
});
15+
- run: npm ci
16+
- run: npm run build:release
12017

12118
- name: Publish to NPM
12219
run: npm publish --provenance --access public

0 commit comments

Comments
 (0)