Publish NPM packages #164
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish NPM packages | |
| permissions: | |
| id-token: write # Required for OIDC | |
| contents: read # Recommended security best practice | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| package: | |
| description: "Package to publish" | |
| required: true | |
| type: choice | |
| options: | |
| - react-ui | |
| - react-headless | |
| - react-lang | |
| - react-email | |
| - lang-core | |
| - openui-cli | |
| - svelte-lang | |
| - vue-lang | |
| jobs: | |
| publish: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: pnpm/action-setup@v2 | |
| with: | |
| version: 9.15.4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| registry-url: "https://registry.npmjs.org" | |
| cache: pnpm | |
| cache-dependency-path: "**/pnpm-lock.yaml" | |
| # CRITICAL: npm 11.5.1+ required for trusted publishing | |
| - name: Install npm 11.6.4 | |
| run: npm install -g npm@11.6.4 | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run package checks | |
| working-directory: ./packages/${{ inputs.package }} | |
| run: pnpm run ci | |
| - name: Publish package | |
| working-directory: ./packages/${{ inputs.package }} | |
| run: pnpm publish --access public | |
| # Note: provenance is automatically generated with trusted publishing |