Skip to content

Release

Release #1

Workflow file for this run

name: Release
on:
workflow_dispatch:
inputs:
publish:
description: Publish the package to npm
required: true
default: false
type: boolean
npm_tag:
description: npm dist-tag to publish under (for example latest or beta)
required: true
default: latest
type: string
push:
tags:
- "v*"
env:
SKIP_INSTALL_SIMPLE_GIT_HOOKS: "1"
permissions:
contents: read
concurrency:
group: release-${{ github.ref }}
cancel-in-progress: false
jobs:
validate:
name: Validate release package
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v6
- name: Set up Node
uses: actions/setup-node@v6
with:
node-version: 22
cache: npm
- name: Use npm with dependency-age gates
run: npm install -g npm@11.17.0
- name: Install dependencies without lifecycle scripts
run: npm ci --ignore-scripts
- name: Audit dependencies
run: npm run security:audit
- name: Verify tag matches package version
if: github.event_name == 'push'
run: node scripts/check-release-version.ts "${{ github.ref_name }}"
- name: Format check
run: npm run format:check
- name: Lint
run: npm run lint
- name: Typecheck
run: npm run typecheck
- name: Test suite
run: npm test
- name: Pack npm tarball
run: npm pack
- name: Smoke-test packed CLI
run: |
npm install -g --ignore-scripts ./sideshow-*.tgz
sideshow help
publish:
name: Publish npm package
runs-on: ubuntu-latest
needs:
- validate
if: github.event_name == 'push' || inputs.publish == true
environment: npm
permissions:
contents: read
id-token: write
steps:
- name: Check out repository
uses: actions/checkout@v6
- name: Set up Node
uses: actions/setup-node@v6
with:
node-version: 22
cache: npm
registry-url: https://registry.npmjs.org
- name: Use npm with dependency-age gates
run: npm install -g npm@11.17.0
- name: Install dependencies without lifecycle scripts
run: npm ci --ignore-scripts
- name: Audit dependencies
run: npm run security:audit
- name: Verify tag matches package version
if: github.event_name == 'push'
run: node scripts/check-release-version.ts "${{ github.ref_name }}"
- name: Verify npm auth
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm whoami
- name: Publish package
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_TAG: ${{ github.event_name == 'workflow_dispatch' && inputs.npm_tag || ((contains(github.ref_name, '-alpha') || contains(github.ref_name, '-beta') || contains(github.ref_name, '-rc')) && 'beta' || 'latest') }}
run: npm publish --tag "$NPM_TAG" --provenance
create-github-release:
name: Create GitHub release
runs-on: ubuntu-latest
needs:
- publish
if: github.event_name == 'push'
permissions:
contents: write
steps:
- name: Check out repository
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Set up Node
uses: actions/setup-node@v6
with:
node-version: 22
- name: Extract changelog release notes
run: |
mkdir -p dist/release
node scripts/extract-release-notes.ts "${{ github.ref_name }}" > dist/release/notes.md
- name: Create or update GitHub release
env:
GH_TOKEN: ${{ github.token }}
TAG_NAME: ${{ github.ref_name }}
run: |
prerelease_args=()
case "$TAG_NAME" in
*-alpha*|*-beta*|*-rc*)
prerelease_args+=(--prerelease)
;;
esac
if gh release view "$TAG_NAME" >/dev/null 2>&1; then
gh release edit "$TAG_NAME" --title "$TAG_NAME" --notes-file dist/release/notes.md "${prerelease_args[@]}"
else
gh release create "$TAG_NAME" --title "$TAG_NAME" --notes-file dist/release/notes.md "${prerelease_args[@]}"
fi