From 11b8c8fe2440a06c02f96284fb770ae605480be6 Mon Sep 17 00:00:00 2001 From: "David L. Day" Date: Thu, 26 Mar 2026 06:47:30 -0400 Subject: [PATCH 1/2] feat: add npm publish workflow --- .github/workflows/npm-release.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/workflows/npm-release.yaml diff --git a/.github/workflows/npm-release.yaml b/.github/workflows/npm-release.yaml new file mode 100644 index 0000000..d8570b8 --- /dev/null +++ b/.github/workflows/npm-release.yaml @@ -0,0 +1,18 @@ +name: Bump Version and Create Release + +on: + push: + branches: + - main + +concurrency: + group: tag-and-release-${{ github.ref }} + cancel-in-progress: true + +jobs: + release: + if: "!startsWith(github.event.head_commit.message, 'bump:')" + # Don't run 'bump:' + uses: prosegrinder/.github/.github/workflows/cz-bump-release.yaml@main + secrets: + VERSION_BUMP_TAG_TOKEN: "${{ secrets.VERSION_BUMP_TAG_TOKEN }}" From ffed6b56fcdd757469195ac582015d4eec45113b Mon Sep 17 00:00:00 2001 From: "David L. Day" Date: Thu, 26 Mar 2026 06:47:58 -0400 Subject: [PATCH 2/2] feat: use OIDC for publishing --- .github/workflows/npm-publish.yaml | 59 +++++++++--------------------- 1 file changed, 17 insertions(+), 42 deletions(-) diff --git a/.github/workflows/npm-publish.yaml b/.github/workflows/npm-publish.yaml index b14a060..9429476 100644 --- a/.github/workflows/npm-publish.yaml +++ b/.github/workflows/npm-publish.yaml @@ -1,36 +1,17 @@ -name: Bump, Release, and Publish +name: Publish to NPM on: - workflow_call: - inputs: - newversion: - description: "Bump Type (major minor patch)" - default: "patch" - required: true - type: string - secrets: - VERSION_BUMP_TAG_TOKEN: - required: true - NPM_ACCESS_TOKEN: - required: true + push: + tags: + - "v*" -# Note: Use this for your workflow -# on: -# workflow_dispatch: -# inputs: -# newversion: -# description: "Bump Type (major minor patch)" -# required: true -# default: "patch" -# type: choice -# options: -# - patch -# - minor -# - major +permissions: + id-token: write + contents: read -# concurrency: -# group: tag-and-release -# cancel-in-progress: true +concurrency: + group: npm-publish-${{ github.ref }} + cancel-in-progress: true jobs: lint: @@ -40,17 +21,16 @@ jobs: needs: lint uses: prosegrinder/.github/.github/workflows/npm-test.yaml@main - build-publish-tag-release: + publish: needs: test runs-on: ubuntu-latest steps: - name: "Checkout source code" - uses: "actions/checkout@v6" + uses: actions/checkout@v6 with: fetch-depth: 0 - token: ${{ secrets.VERSION_BUMP_TAG_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@v6.2.0 + uses: actions/setup-node@v6 with: node-version: lts/* registry-url: https://registry.npmjs.org/ @@ -58,12 +38,7 @@ jobs: run: npm ci - name: NPM Run Build run: npm run build --if-present - - name: Bump, Release, and Publish - uses: bcomnes/npm-bump@v2 - with: - git_email: david@davidlday.com - git_username: ${{ github.actor }} - newversion: ${{ inputs.newversion }} - push_version_commit: true - github_token: ${{ secrets.VERSION_BUMP_TAG_TOKEN }} - npm_token: ${{secrets.NPM_ACCESS_TOKEN}} + - name: NPM Publish Dry Run + run: npm publish --dry-run + - name: NPM Publish + run: npm publish