Add npm package provenance support (#256) #95

Workflow file for this run

.github/workflows/release.yml at 29955fd

	name: Release

	on:
	push:
	branches: [master]

	jobs:
	build:
	runs-on: ubuntu-latest
	timeout-minutes: 15
	permissions:
	contents: read
	id-token: write # Required for provenance
	packages: write # Required for publishing

	strategy:
	matrix:
	node-version: [14.x]

	steps:
	- name: Checkout
	uses: actions/checkout@v2
	with:
	fetch-depth: 0
	- name: Cache NPM
	uses: actions/cache@v2
	env:
	cache-name: cache-npm
	with:
	path: ~/.npm
	key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/yarn-lock.json') }}
	restore-keys: \|
	${{ runner.os }}-build-${{ env.cache-name }}-
	- name: Setup Node.js ${{ matrix.node-version }}
	uses: actions/setup-node@v1
	with:
	node-version: ${{ matrix.node-version }}
	registry-url: "https://npm.pkg.github.com"
	- name: Install dependencies
	run: yarn
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
	- name: Build project
	run: yarn build
	- name: Serve example app
	continue-on-error: false
	run: yarn run serve
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
	- name: Build project and run tests
	continue-on-error: false
	run: yarn run run-tests
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

	release-npm:
	needs: build
	name: Release npm
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v1
	- uses: actions/setup-node@v1
	with:
	node-version: ${{ matrix.node-version }}
	registry-url: https://registry.npmjs.org/
	- run: yarn install
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
	- name: Build project
	continue-on-error: false
	run: yarn build
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
	- run: npm publish --provenance --access public
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	NPM_TOKEN: ${{ secrets.NPMJS_TOKEN }}
	GIT_COMMIT: ${{ github.sha }}
	GIT_AUTHOR_NAME: ${{ secrets.GIT_AUTHOR_NAME }}
	GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }}
	GIT_COMMITTER_NAME: ${{ secrets.GIT_COMMITTER_NAME }}
	GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }}

	release-gpr:
	needs: build
	name: Release gpr
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v1
	- uses: actions/setup-node@v1
	with:
	node-version: ${{ matrix.node-version }}
	registry-url: https://npm.pkg.github.com/
	scope: "@lottiefiles"
	- run: yarn install
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
	- name: Build project
	continue-on-error: false
	run: yarn build
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
	- run:
	echo "//npm.pkg.github.com:_authToken=${{ secrets.GITHUB_TOKEN }}" >
	~/.npmrc
	- run: npm publish --@lottiefiles:registry=https://npm.pkg.github.com/
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	NPM_TOKEN: ${{ secrets.NPMJS_TOKEN }}
	GIT_COMMIT: ${{ github.sha }}
	GIT_AUTHOR_NAME: ${{ secrets.GIT_AUTHOR_NAME }}
	GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }}
	GIT_COMMITTER_NAME: ${{ secrets.GIT_COMMITTER_NAME }}
	GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add npm package provenance support (#256) #95

Workflow file

Add npm package provenance support (#256) #95

Jobs

Run details

Workflow file for this run