ci(release): use npm trusted publishing via OIDC #6
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| push: | |
| tags: | |
| - "v*.*.*" | |
| permissions: | |
| contents: write | |
| jobs: | |
| build-binaries: | |
| name: build (${{ matrix.target }}) | |
| runs-on: ${{ matrix.runs-on }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - target: darwin-arm64 | |
| runs-on: macos-14 | |
| - target: darwin-x64 | |
| runs-on: macos-15-intel | |
| - target: linux-x64 | |
| runs-on: ubuntu-latest | |
| - target: linux-arm64 | |
| runs-on: ubuntu-24.04-arm | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: "1.3.5" | |
| - name: Install deps | |
| run: bun install --frozen-lockfile | |
| - name: Install darwin-x64 OpenTUI runtime package | |
| if: matrix.target == 'darwin-x64' | |
| run: bun add --no-save @opentui/core-darwin-x64@0.1.77 | |
| - name: Build binary | |
| run: | | |
| VERSION="${GITHUB_REF_NAME#v}" | |
| GITPREFLIGHT_VERSION="$VERSION" bun scripts/build-release-assets.ts --official --targets=${{ matrix.target }} --outdir dist/release/${{ matrix.target }} | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: gitpreflight-${{ matrix.target }} | |
| path: dist/release/${{ matrix.target }}/* | |
| github-release: | |
| name: github release | |
| runs-on: ubuntu-latest | |
| needs: [build-binaries] | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| path: dist/artifacts | |
| - name: Collect assets + checksums | |
| run: | | |
| mkdir -p dist/release | |
| find dist/artifacts -maxdepth 4 -type f -name 'gitpreflight-v*' -print -exec cp '{}' dist/release/ ';' | |
| cd dist/release | |
| sha256sum gitpreflight-v* | awk '{print $1" "$2}' > checksums.txt | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| files: | | |
| dist/release/gitpreflight-v* | |
| dist/release/checksums.txt | |
| npm-publish: | |
| name: npm publish | |
| runs-on: ubuntu-latest | |
| needs: [github-release] | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Set package version | |
| run: | | |
| VERSION="${GITHUB_REF_NAME#v}" | |
| VERSION="$VERSION" node -e "const fs=require('node:fs'); const p='packages/gitpreflight/package.json'; const j=JSON.parse(fs.readFileSync(p,'utf8')); j.version=process.env.VERSION; fs.writeFileSync(p, JSON.stringify(j, null, 2) + '\n');" | |
| - name: Publish | |
| run: | | |
| cd packages/gitpreflight | |
| npm publish --access public --provenance |