Skip to content

Try fix npm provenance complaining about url not matching #27

Try fix npm provenance complaining about url not matching

Try fix npm provenance complaining about url not matching #27

Workflow file for this run

name: Test, Build, Publish
on:
# Workflow dispatch only works when version has not been published yet
workflow_dispatch:
push:
branches: ["main"]
tags:
# Publish npm package when a new tag is pushed
- "*.*.*"
# Allow one concurrent deployment
concurrency:
group: "workflow"
cancel-in-progress: true
permissions:
id-token: write
jobs:
build:
runs-on: ubuntu-latest
outputs:
IS_RELEASE: ${{ steps.check-tag.outputs.IS_RELEASE }}
PACKAGE: ${{ steps.pack.outputs.PACKAGE }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- uses: pnpm/action-setup@v3
with:
version: 9
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: lts/*
cache: pnpm
- run: pnpm install
- name: Build @material/material-color-utilites bundled dependency
run: pnpm run build:bundle
- name: Test and ensure dependencies were built as expected
run: pnpm test
- name: Check if tag is release tag
id: check-tag
run: |
echo ${{ github.event.ref }}
if [[ ${{ github.event.ref }} =~ ^refs/tags/[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "IS_RELEASE=true" >> "$GITHUB_OUTPUT"
else
echo "IS_RELEASE=false" >> "$GITHUB_OUTPUT"
fi
- name: Bump version
if: ${{ steps.check-tag.outputs.IS_RELEASE == 'true' }}
# Bump ephemeral version based on git tag which we previously confirmed to be set
run: npm --no-git-tag-version version from-git
- name: Pack up package
id: pack
if: ${{ steps.check-tag.outputs.IS_RELEASE == 'true' }}
# Write the output of the pack command to the PACKAGE environment variable
# The output of the pack command is the path to generated the tarball
# Used later to upload the artifact
run: echo "PACKAGE=$(pnpm pack)" >> "$GITHUB_OUTPUT"
- name: Archive production artifacts
uses: actions/upload-artifact@v4
if: ${{ steps.check-tag.outputs.IS_RELEASE == 'true' }}
with:
name: package-file
# Now we only need to upload the tarball which should have all the files npm cares for
path: ${{ steps.pack.outputs.PACKAGE }}
publish-npm:
# Only publish when a release tag is pushed
needs: build
if: ${{ needs.build.outputs.IS_RELEASE == 'true' }}
runs-on: ubuntu-latest
steps:
# The npmrc is created here and is not the same as in the repository as that does not exist here
- name: Setup .npmrc file to publish to npm
run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > .npmrc
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: package-file
- name: Publish artifacts to npm
# Need to add --access public to publish scoped package
run: npm publish ${{ needs.build.outputs.PACKAGE }} --provenance --access public