Skip to content

ci: Publish releases using OIDC instead of npm token #1336

ci: Publish releases using OIDC instead of npm token

ci: Publish releases using OIDC instead of npm token #1336

Workflow file for this run

name: test-and-publish
on: [push]
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
- name: Restore cache
uses: actions/cache@v4
with:
path: '**/node_modules'
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
- run: yarn install
- run: yarn lint
env:
CI: true
unit-test:
name: Run Unit Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
- name: Restore cache
uses: actions/cache@v4
with:
path: '**/node_modules'
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
- run: yarn install
- run: yarn test
env:
CI: true
type-test:
name: Type test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
- name: Restore cache
uses: actions/cache@v4
with:
path: '**/node_modules'
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
- run: yarn install
- run: yarn test:types
publish:
name: Publish
runs-on: ubuntu-latest
needs: unit-test
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/beta'
permissions:
contents: write # to be able to publish a GitHub release
issues: write # to be able to comment on released issues
pull-requests: write # to be able to comment on released pull requests
id-token: write # to enable use of OIDC for trusted publishing and npm provenance
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
- name: Update npm # Trusted Publishing requires npm >=11.5.1
run: npm i -g npm@latest
- name: Restore cache
uses: actions/cache@v4
with:
path: '**/node_modules'
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
- name: Build and publish release.
run: yarn install
- name: Publish via Semantic Release
run: yarn semantic-release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}