Skip to content
Release

chore(deps): bump github/codeql-action from 4.31.4 to 4.31.5 #311

Sign in to view logs

chore(deps): bump github/codeql-action from 4.31.4 to 4.31.5

chore(deps): bump github/codeql-action from 4.31.4 to 4.31.5 #311

Workflow file for this run

.github/workflows/release.yml at 2629258
name: Release
on:
pull_request:
types: [closed]
branches: [main]
env:
NODE_VERSION: 24.x
permissions:
contents: read
jobs:
build:
name: Build
if: ${{ github.event.pull_request.merged }}
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # actions/attest-build-provenance
attestations: write # actions/attest-build-provenance
steps:
- name: Checkout repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: ${{ env.NODE_VERSION }}
registry-url: https://registry.npmjs.org
- name: Set env
run: |
tag=$(npm pkg get version | xargs)
echo "tag=${tag}" >> "$GITHUB_ENV"
echo "prerelease=$([ ${tag##*-*} ] && echo false || echo true)" >> "$GITHUB_ENV"
- name: Install dependencies
run: |
npm ci
- name: Build
run: |
npm run build --if-present
- name: Pack
id: pack
run: |
{
echo "packages<<EOF"
npm pack --workspaces --json
echo EOF
} >> "$GITHUB_OUTPUT"
- name: Build Attestations
uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
with:
subject-path: |
**/*.tgz
- name: Upload artifact
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ env.tag }}
path: |
**/package.json
**/*.tgz
outputs:
tag: ${{ env.tag }}
prerelease: ${{ env.prerelease }}
release:
name: Release
needs: build
runs-on: ubuntu-latest
permissions:
contents: write # softprops/action-gh-release
steps:
- name: Setup Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: ${{ env.NODE_VERSION }}
registry-url: https://registry.npmjs.org
- name: Download artifact
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # 6.0.0
with:
name: ${{ needs.build.outputs.tag }}
- name: Release
# Replaces actions/create-release & actions/upload-release-asset (deprecated)
uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe # v2.4.2
with:
draft: true
prerelease: ${{ needs.build.outputs.prerelease }}
tag_name: ${{ needs.build.outputs.tag }}
generate_release_notes: true
# Disabled, covered by GitHub Attestations & npm
#files: |
# **/*.tgz
outputs:
tag: ${{ needs.build.outputs.tag }}
prerelease: ${{ needs.build.outputs.prerelease }}
publish:
name: Publish
needs: release
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # npm publish
steps:
- name: Setup Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: ${{ env.NODE_VERSION }}
registry-url: https://registry.npmjs.org
- name: Download artifact
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # 6.0.0
with:
name: ${{ needs.release.outputs.tag }}
- name: npm publish (next)
if: ${{ needs.release.outputs.prerelease == 'true' }}
run: |
find . -name '*.tgz' -exec npm publish --tag next --provenance --access public {} \;
- name: npm publish (latest)
if: ${{ needs.release.outputs.prerelease == 'false' }}
run: |
find . -name '*.tgz' -exec npm publish --tag latest --provenance --access public {} \;