name: Publish npm on: push: tags: - "v*.*.*" release: types: [published] workflow_dispatch: inputs: tag: description: "Release tag to publish, for example v1.0.0." required: true type: string permissions: contents: read id-token: write jobs: publish: runs-on: ubuntu-latest environment: npm steps: - name: Checkout release tag uses: actions/checkout@v4 with: ref: ${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref }} - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: 22 cache: npm registry-url: https://registry.npmjs.org - name: Setup Zig uses: mlugg/setup-zig@v2 with: version: 0.15.2 - name: Install dependencies run: npm ci - name: Verify package run: | npm run ci npm run demo:build npm pack --dry-run - name: Validate release metadata and npm authentication env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} RELEASE_TAG: ${{ github.event_name == 'workflow_dispatch' && inputs.tag || github.ref_name }} run: | PACKAGE_NAME="$(node -p "require('./package.json').name")" PACKAGE_VERSION="$(node -p "require('./package.json').version")" EXPECTED_PACKAGE_NAME="@paramission-lab/phantom" EXPECTED_TAG="v${PACKAGE_VERSION}" NPM_USER="$(npm whoami)" echo "Authenticated to npm as ${NPM_USER}." if [[ "${PACKAGE_NAME}" != "${EXPECTED_PACKAGE_NAME}" ]]; then echo "::error title=Unexpected package name::Expected ${EXPECTED_PACKAGE_NAME}, but the checked-out ref contains ${PACKAGE_NAME}. Create a new release tag from the commit that contains the corrected package scope." exit 1 fi if [[ "${RELEASE_TAG}" != "${EXPECTED_TAG}" ]]; then echo "::error title=Release tag mismatch::Expected tag ${EXPECTED_TAG} for ${PACKAGE_NAME}@${PACKAGE_VERSION}, but the workflow requested ${RELEASE_TAG:-no tag}." exit 1 fi echo "Validated ${PACKAGE_NAME}@${PACKAGE_VERSION} from ${EXPECTED_TAG}." - name: Publish to npmjs.com run: | PACKAGE_NAME="$(node -p "require('./package.json').name")" PACKAGE_VERSION="$(node -p "require('./package.json').version")" if npm view "${PACKAGE_NAME}@${PACKAGE_VERSION}" version >/dev/null 2>&1; then echo "${PACKAGE_NAME}@${PACKAGE_VERSION} is already published. Skipping." exit 0 fi npm publish --access public --provenance env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}