name: release on: release: types: [published] permissions: contents: read jobs: publish: runs-on: ubuntu-latest environment: npm permissions: contents: read id-token: write # npm provenance steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 22 cache: pnpm registry-url: https://registry.npmjs.org - run: pnpm install --frozen-lockfile - run: pnpm typecheck - run: pnpm test - run: pnpm build - run: pnpm validate - run: pnpm publish --provenance --access public --no-git-checks