Skip to content
Release

Set up provenance #682

Sign in to view logs

Set up provenance

Set up provenance #682

Workflow file for this run

.github/workflows/release.yml at bd749f2
name: Release
on:
pull_request:
types: [opened, synchronize, reopened]
release:
# "released" events are emitted either when directly be released or be edited from pre-released.
types: [prereleased, released]
jobs:
deploy:
runs-on: ubuntu-latest
continue-on-error: true
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
- uses: pnpm/[email protected]
- uses: actions/setup-node@v4
with:
# https://nodejs.org/en/about/previous-releases
node-version: '22.x'
registry-url: 'https://registry.npmjs.org'
cache: pnpm
cache-dependency-path: pnpm-lock.yaml
- name: install and build
run: |
pnpm install
pnpm build
- name: Set tag rc
if: github.event_name == 'pull_request'
run: |
git config user.email "dummy@dummy"
git config user.name "dummy"
current_version=$(pnpm version from-git) # like 'v1.0.0'
git tag "${current_version}-rc.${GITHUB_RUN_NUMBER}"
- name: set git tag version
run: |
# https://docs.npmjs.com/generating-provenance-statements
# This may not work properly. dynamic versioning may cause a problem.
git config user.email "dummy@dummy"
git config user.name "dummy"
pnpm version from-git --allow-same-version --no-git-tag-version -ws || true
pnpm format
- name: deploy
run: NPM_CONFIG_PROVENANCE=true pnpm publish --access=public --no-git-checks --recursive
if: github.event_name == 'release' && !github.event.release.prerelease
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: deploy (dry-run)
run: NPM_CONFIG_PROVENANCE=true pnpm publish --access=public --no-git-checks --dry-run --recursive
if: github.event_name != 'release' || github.event.release.prerelease
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}