release.yml

name: Release

on:
  release:
    types: [published]

jobs:
  version:
    runs-on: ubuntu-latest
    outputs:
      result: ${{ steps.version.outputs.result }}
    steps:
      - id: version
        uses: actions/github-script@c713e510dbd7d213d92d41b7a7805a986f4c5c66 # tag=v6.2.0
        with:
          script: |
            const semver = context.ref.replace('refs/tags/v', '')
            if (semver.match(/^[0-9]+\.[0-9]+\.[0-9]+$/)) {
                return semver
            }
            throw new Error('not semver')
          result-encoding: string

  npm:
    name: Release NPM
    runs-on: ubuntu-latest
    needs: Version
    env:
      NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
    steps:
      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2

      - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3.4.1
        with:
          node-version: 18
          registry-url: 'https://registry.npmjs.org/'
          cache: yarn

      - run: yarn install --frozen-lockfile

      - run: yarn compile

      - run: npm version ${{ needs.version.outputs.result }} --git-tag-version=false

      - run: npm config set "//registry.npmjs.org/:_authToken" "\${NPM_AUTH_TOKEN}" --location=project

      - run: yarn publish --tag latest --no-git-checks

      - run: npm config delete "//registry.npmjs.org/:_authToken" --location=project
        if: always()