CD #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'CD' | |
| on: | |
| workflow_run: # see https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#workflow_run | |
| workflows: [CI] | |
| branches: [main] | |
| # see also: https://docs.github.com/en/webhooks/webhook-events-and-payloads#workflow_run | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| on-success: | |
| runs-on: ubuntu-latest | |
| if: github.event.workflow_run.conclusion == 'success' && github.repository == 'skalt/geo-xml' | |
| permissions: | |
| contents: read | |
| id-token: write # required for using OIDC to authorize publication to npm | |
| steps: | |
| # TODO: check committer signature | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-tags: true | |
| - name: check commit is tagged | |
| run: git --no-pager tag --points-at HEAD | grep -q '/v' | |
| - name: set up pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 9 | |
| - name: Install Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 # LTS as of 2025-01 | |
| cache: 'pnpm' | |
| - name: Install dependencies | |
| run: pnpm install | |
| - name: rebuild | |
| run: make build | |
| - name: publish | |
| run: pnpm publish --recursive --provenance --access public | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_ACCESS_TOKEN }} | |
| # see also: https://github.blog/security/supply-chain-security/introducing-npm-package-provenance/ |