From bb462ccc67876f6f8969e0c35c48dabbe113ed88 Mon Sep 17 00:00:00 2001 From: Haoqun Jiang Date: Mon, 25 Nov 2024 22:41:12 +0800 Subject: [PATCH] workflow: add automated release with provenance --- .github/MAINTENANCE.md | 10 ++++++++++ .github/workflows/publish.yml | 25 +++++++++++++++++++++++++ package.json | 3 ++- 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 .github/MAINTENANCE.md create mode 100644 .github/workflows/publish.yml diff --git a/.github/MAINTENANCE.md b/.github/MAINTENANCE.md new file mode 100644 index 0000000..4ca916d --- /dev/null +++ b/.github/MAINTENANCE.md @@ -0,0 +1,10 @@ +This document explains how to perform the project's maintenance tasks. + +### Creating a new release + +Anyone with write access to the repository can request a new release. To do so, follow these steps: + +1. Run `pnpm version ` locally to bump the version number and create a new commit / tag. +2. Push the commit and tag to the repository by running `git push --follow-tags`. +3. The release will be automatically published to npm by GitHub Actions once approved by an administrator. +4. Go to and create a new release with the tag that was just created. Describe the notable changes in the release notes. diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..9c8ed19 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,25 @@ +name: Publish + +on: + push: + tags: + - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10 + +jobs: + release: + # Use Publish environment for deployment protection + environment: Publish + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 'lts/*' + registry-url: 'https://registry.npmjs.org' + - run: pnpm install + - run: pnpm publish + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/package.json b/package.json index e3abfb1..12368b5 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,8 @@ "prepublishOnly": "pkgroll --clean-dist" }, "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "repository": { "type": "git",