Try fix npm provenance complaining about url not matching #27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test, Build, Publish | |
on: | |
# Workflow dispatch only works when version has not been published yet | |
workflow_dispatch: | |
push: | |
branches: ["main"] | |
tags: | |
# Publish npm package when a new tag is pushed | |
- "*.*.*" | |
# Allow one concurrent deployment | |
concurrency: | |
group: "workflow" | |
cancel-in-progress: true | |
permissions: | |
id-token: write | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
outputs: | |
IS_RELEASE: ${{ steps.check-tag.outputs.IS_RELEASE }} | |
PACKAGE: ${{ steps.pack.outputs.PACKAGE }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: pnpm/action-setup@v3 | |
with: | |
version: 9 | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
cache: pnpm | |
- run: pnpm install | |
- name: Build @material/material-color-utilites bundled dependency | |
run: pnpm run build:bundle | |
- name: Test and ensure dependencies were built as expected | |
run: pnpm test | |
- name: Check if tag is release tag | |
id: check-tag | |
run: | | |
echo ${{ github.event.ref }} | |
if [[ ${{ github.event.ref }} =~ ^refs/tags/[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
echo "IS_RELEASE=true" >> "$GITHUB_OUTPUT" | |
else | |
echo "IS_RELEASE=false" >> "$GITHUB_OUTPUT" | |
fi | |
- name: Bump version | |
if: ${{ steps.check-tag.outputs.IS_RELEASE == 'true' }} | |
# Bump ephemeral version based on git tag which we previously confirmed to be set | |
run: npm --no-git-tag-version version from-git | |
- name: Pack up package | |
id: pack | |
if: ${{ steps.check-tag.outputs.IS_RELEASE == 'true' }} | |
# Write the output of the pack command to the PACKAGE environment variable | |
# The output of the pack command is the path to generated the tarball | |
# Used later to upload the artifact | |
run: echo "PACKAGE=$(pnpm pack)" >> "$GITHUB_OUTPUT" | |
- name: Archive production artifacts | |
uses: actions/upload-artifact@v4 | |
if: ${{ steps.check-tag.outputs.IS_RELEASE == 'true' }} | |
with: | |
name: package-file | |
# Now we only need to upload the tarball which should have all the files npm cares for | |
path: ${{ steps.pack.outputs.PACKAGE }} | |
publish-npm: | |
# Only publish when a release tag is pushed | |
needs: build | |
if: ${{ needs.build.outputs.IS_RELEASE == 'true' }} | |
runs-on: ubuntu-latest | |
steps: | |
# The npmrc is created here and is not the same as in the repository as that does not exist here | |
- name: Setup .npmrc file to publish to npm | |
run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > .npmrc | |
- name: Download build artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: package-file | |
- name: Publish artifacts to npm | |
# Need to add --access public to publish scoped package | |
run: npm publish ${{ needs.build.outputs.PACKAGE }} --provenance --access public |