# adapted from https://github.com/googleapis/release-please-action#automating-publication-to-npm name: release-please on: push: branches: - master workflow_dispatch: # `id-token` for publishing: https://docs.npmjs.com/trusted-publishers#github-actions-configuration # the rest for release-please: https://github.com/googleapis/release-please-action#basic-configuration permissions: id-token: write # Required for OIDC contents: write # Required by release-please to create a release pull-requests: write # Required by release-please to open a release PR issues: write # Required by release-please to comment on release-related issues jobs: release-please: runs-on: ubuntu-latest steps: - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0 id: release if: ${{ github.event_name == 'push' }} with: release-type: node # The logic below handles the npm publication: - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 # these if statements ensure that a publication only occurs when # a new release is created, or when manually triggered: if: ${{ steps.release.outputs.release_created || github.event_name == 'workflow_dispatch' }} - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: 24 # npm >= 11.5.1 (ships with Node 24) required for OIDC trusted publishing cache: yarn if: ${{ steps.release.outputs.release_created || github.event_name == 'workflow_dispatch' }} # yarn install triggers the `prepare` lifecycle script which runs the full build - run: yarn install --frozen-lockfile if: ${{ steps.release.outputs.release_created || github.event_name == 'workflow_dispatch' }} - run: npm publish --provenance --access public env: NODE_AUTH_TOKEN: '' # Clear the secret, if provided, so npm publishes via OIDC if: ${{ steps.release.outputs.release_created || github.event_name == 'workflow_dispatch' }}