Publish to npm #3
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Publish @mieweb/ychart to npm registry | |
| # Triggered on GitHub releases only | |
| # Uses npm provenance for supply chain security | |
| # Requires Node.js 24+ as specified in package.json engines | |
| name: Publish to npm | |
| on: | |
| release: | |
| types: [published] | |
| permissions: | |
| contents: read | |
| id-token: write # Required for npm provenance | |
| jobs: | |
| publish: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js 24 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '24' | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: latest | |
| - name: Get pnpm store directory | |
| shell: bash | |
| run: | | |
| echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV | |
| - name: Setup pnpm cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ${{ env.STORE_PATH }} | |
| key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pnpm-store- | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Build package | |
| run: pnpm run build | |
| - name: Verify package contents | |
| run: | | |
| echo "📦 Package contents:" | |
| pnpm pack --dry-run | |
| echo "" | |
| echo "📄 Package info:" | |
| cat package.json | grep -E '"name"|"version"' | |
| - name: Publish to npm with provenance | |
| run: pnpm publish --provenance --access public --no-git-checks | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |