Skip to content
Publish NPM packages

Add workflow to publish npm packages #2

Sign in to view logs

Add workflow to publish npm packages

Add workflow to publish npm packages #2

Workflow file for this run

.github/workflows/publish.yml at 3f02348
name: Publish NPM packages
on:
pull_request:
branches: ["main"]
paths-ignore:
- "**"
- "!**/package.json"
- "!**/package-lock.json"
types:
- opened
- reopened
- synchronize
push:
branches: ["main"]
paths-ignore:
- "**"
- "!**/package.json"
- "!**/package-lock.json"
defaults:
run:
shell: bash
jobs:
publish:
if: >-
${{
(
github.event_name == 'pull_request' &&
startsWith(github.event.pull_request.title, 'Publish v') &&
endsWith(github.event.pull_request.title, 'of the @tektoncd/dashboard-* packages')
) ||
(
github.event_name == 'push' &&
startsWith(github.event.head_commit.message, 'Publish v') &&
endsWith(github.event.head_commit.message, 'of the @tektoncd/dashboard-* packages')
)
}}
runs-on: ubuntu-24.04
permissions:
contents: read
# required for npm package provenance
id-token: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# for PRs checkout the head rather than the merge commit so we can get the original commit message
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Validate PR title and commit message match
if: ${{ github.event_name == 'pull_request' }}
run: |
PR_TITLE="${{ github.event.pull_request.title }}"
COMMIT_MESSAGE="$(git log --pretty=%s -n 1)"
if [ "$PR_TITLE" != "$COMMIT_MESSAGE" ]; then
echo "::error::PR title and commit message mismatch"
echo "Expected format: Publish <version> of the @tektoncd/dashboard-* packages"
echo "PR_TITLE: $PR_TITLE"
echo "COMMIT_MESSAGE: $COMMIT_MESSAGE"
exit 1
else
echo "PR title and commit message match, continuing…"
fi
- name: Get version
id: get-version
run: |
echo "Extracting version from commit message"
VERSION=$(echo ${{ github.event.pull_request.title || github.event.head_commit.message }} | grep -Po '(v\d+\.\d+\.\d+(\S)*)')
echo "VERSION: $VERSION"
echo "newPackageVersion=${VERSION}" >> $GITHUB_OUTPUT
- name: Check version matches package.json
run: |
EXPECTED_VERSION="${{ steps.get-version.outputs.newPackageVersion }}"
mismatch=false
for packageJson in ./packages/*/package.json; do
VERSION="v$(jq -r .version $packageJson)"
PRIVATE="$(jq -r .private)"
if [ "$PRIVATE" == "false" ] && [ "$VERSION" != "$EXPECTED_VERSION" ]; then
echo "::error::Version mismatch found in $packageJson: ${VERSION}"
mismatch=true
fi
done
if [ "$mismatch" == "true" ]; then
exit 1
fi
- name: Check PR is up-to-date
if: ${{ github.event_name == 'pull_request' }}
env:
GH_TOKEN: ${{ github.token }}
run: |
BASE_REF="${{github.event.pull_request.base.repo.owner.login}}:${{github.event.pull_request.base.ref}}"
HEAD_REF="${{github.event.pull_request.head.repo.owner.login}}:${{github.event.pull_request.head.ref}}"
STATUS=$(gh api \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
/repos/${{ github.repository }}/compare/${BASE_REF}...${HEAD_REF} | jq -r .status)
if [ "$STATUS" != "ahead" ]; then
echo "::error::Pull request not up-to-date with base branch, please rebase"
exit 1
else
echo "Pull request is up-to-date with base branch, continuing…"
fi
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version-file: .nvmrc
- name: Publish dry run
if: ${{ github.event_name == 'pull_request' }}
run: npm publish --workspaces --provenance --access public --dry-run
- name: Publish
if: ${{ github.event_name == 'push' }}
run: npm publish --workspaces --provenance --access public
# env:
# NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}