Release #20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| # Runs automatically only AFTER the CI workflow succeeds on main, so a red | |
| # main never publishes. The changesets flow then takes over: | |
| # 1. add a changeset in your PR, merge to main | |
| # 2. CI passes -> this opens/updates a "Version Packages" PR | |
| # 3. merging THAT PR re-runs CI -> this publishes to npm | |
| on: | |
| workflow_run: | |
| workflows: [CI] | |
| branches: [main] | |
| types: [completed] | |
| concurrency: ${{ github.workflow }}-${{ github.ref }} | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| id-token: write | |
| jobs: | |
| release: | |
| # Only release when CI on a push to main actually passed. | |
| if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v7 | |
| with: | |
| fetch-depth: 0 | |
| # Installs Node and pnpm at the exact versions pinned in mise.toml. | |
| - name: Setup toolchain (mise) | |
| uses: jdx/mise-action@v4 | |
| with: | |
| cache: true | |
| # Configure npm auth for changesets publish. | |
| - name: Configure npm registry | |
| run: | | |
| echo "//registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}" > ~/.npmrc | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - run: pnpm install --frozen-lockfile | |
| - run: pnpm build | |
| # When changesets exist, this opens or updates a "Version Packages" PR. | |
| # When none remain (after that PR merges), it publishes to npm. | |
| - uses: changesets/action@v1 | |
| with: | |
| version: pnpm exec changeset version | |
| publish: pnpm exec changeset publish | |
| commit: "chore: version packages" | |
| title: "chore: version packages" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| # changesets/action looks for NPM_TOKEN specifically; without it the | |
| # action falls back to OIDC trusted publishing. Set both so npm auth | |
| # is deterministic regardless of which path the action takes. | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} |