diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index bcec686..130578e 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -15,17 +15,24 @@ on: required: true type: string description: 'A json array of releases. Required fields: publish: tagName, publishTag. publish check: pkgName, version' + secrets: + PUBLISH_TOKEN: + required: true jobs: publish: - name: Check Publish + name: Publish runs-on: ubuntu-latest defaults: run: shell: bash + permissions: + id-token: write steps: - name: Checkout uses: actions/checkout@v4 + with: + ref: ${{ fromJSON(inputs.releases)[0].tagName }} - name: Setup Git User run: | git config --global user.email "npm-cli+bot@github.com" @@ -42,21 +49,21 @@ jobs: node: ${{ steps.node.outputs.node-version }} - name: Install Dependencies run: npm i --ignore-scripts --no-audit --no-fund - - name: Check If Published + - name: Set npm authToken + run: npm config set '//registry.npmjs.org/:_authToken'=\${PUBLISH_TOKEN} + - name: Publish env: + PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} RELEASES: ${{ inputs.releases }} run: | EXIT_CODE=0 for release in $(echo $RELEASES | jq -r '.[] | @base64'); do - SPEC="$(echo "$release" | base64 --decode | jq -r .pkgName)@$(echo "$release" | base64 --decode | jq -r .version)" - npm view "$SPEC" --json + PUBLISH_TAG=$(echo "$release" | base64 --decode | jq -r .publishTag) + npm publish --provenance --tag="$PUBLISH_TAG" STATUS=$? if [[ "$STATUS" -eq 1 ]]; then EXIT_CODE=$STATUS - echo "$SPEC ERROR" - else - echo "$SPEC OK" fi done diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2761782..75acebb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -131,7 +131,7 @@ jobs: id: comment-text env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: npm exec --offline -- template-oss-release-manager --pr="${{ needs.release.outputs.pr-number }}" --backport="" --defaultTag="latest" + run: npm exec --offline -- template-oss-release-manager --pr="${{ needs.release.outputs.pr-number }}" --backport="" --defaultTag="latest" --publish - name: Append Release Manager Comment uses: peter-evans/create-or-update-comment@v3 with: @@ -243,6 +243,10 @@ jobs: name: Release Integration if: needs.release.outputs.releases uses: ./.github/workflows/release-integration.yml + permissions: + id-token: write + secrets: + PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }} with: releases: ${{ needs.release.outputs.releases }} diff --git a/package.json b/package.json index b76d193..ecc30bf 100644 --- a/package.json +++ b/package.json @@ -43,6 +43,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.23.3" + "version": "4.23.3", + "publish": true } }