# This workflow will run tests using node and then publish a package to npm when a release is published # For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages name: Publish to npm on: release: types: [published] # Prevent multiple concurrent publish workflows concurrency: group: npm-publish-${{ github.ref }} cancel-in-progress: false # Set permissions for the workflow permissions: contents: read id-token: write # Required for npm provenance jobs: build: name: Build and Test runs-on: ubuntu-latest timeout-minutes: 10 steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: 20 cache: 'npm' - name: Install dependencies run: npm ci - name: Run tests run: npm test --if-present - name: Build package run: npm run build --if-present - name: Cache build artifacts uses: actions/cache/save@v4 with: path: | node_modules dist build key: build-${{ github.sha }} publish-npm: name: Publish to npm Registry needs: build runs-on: ubuntu-latest timeout-minutes: 10 steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: 20 registry-url: https://registry.npmjs.org/ cache: 'npm' - name: Restore build artifacts uses: actions/cache/restore@v4 with: path: | node_modules dist build key: build-${{ github.sha }} - name: Verify package version matches release tag run: | PACKAGE_VERSION=$(node -p "require('./package.json').version") RELEASE_TAG=${GITHUB_REF#refs/tags/} # Remove 'v' prefix if present in tag RELEASE_VERSION=${RELEASE_TAG#v} echo "Package version: $PACKAGE_VERSION" echo "Release version: $RELEASE_VERSION" if [ "$PACKAGE_VERSION" != "$RELEASE_VERSION" ]; then echo "Error: Package version ($PACKAGE_VERSION) does not match release tag ($RELEASE_VERSION)" exit 1 fi - name: Publish to npm with provenance run: npm publish --provenance --access public env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}