matrix/matrix-js-sdk
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-js-sdk.git synced 2025-08-09 10:22:46 +03:00
Code Activity

Attest npm package provenance (#4724)

Browse Source 
Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
This commit is contained in:
Michael Telatynski
2025-02-19 12:31:09 +00:00
committed by GitHub
parent 2d381ade22
commit 5b939287cc
2 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/release-make.yml vendored
View File

@@ -279,6 +279,9 @@ jobs:
needs: release needs: release
if: inputs.npm if: inputs.npm
uses: matrix-org/matrix-js-sdk/.github/workflows/release-npm.yml@develop uses: matrix-org/matrix-js-sdk/.github/workflows/release-npm.yml@develop
permissions:
contents: read
id-token: write
secrets: secrets:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

23
.github/workflows/release-npm.yml vendored
View File

@@ -8,11 +8,14 @@ on:
id: id:
description: "The npm package@version string we published" description: "The npm package@version string we published"
value: ${{ jobs.npm.outputs.id }} value: ${{ jobs.npm.outputs.id }}
permissions: {} # No permissions required permissions: {}
jobs: jobs:
npm: npm:
name: Publish to npm name: Publish to npm
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
permissions:
contents: read
id-token: write
outputs: outputs:
id: ${{ steps.npm-publish.outputs.id }} id: ${{ steps.npm-publish.outputs.id }}
steps: steps:
@@ -32,21 +35,15 @@ jobs:
run: "yarn install --frozen-lockfile" run: "yarn install --frozen-lockfile"
- name: 🚀 Publish to npm - name: 🚀 Publish to npm
id: npm-publish run: npm publish --provenance --access public --tag next
uses: JS-DevTools/npm-publish@19c28f1ef146469e409470805ea4279d47c3d35c # v3.1.1 env:
with: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
token: ${{ secrets.NPM_TOKEN }}
access: public
tag: next
ignore-scripts: false
- name: Check npm package was published
if: steps.npm-publish.outputs.id == ''
run: exit 1
- name: 🎖️ Add `latest` dist-tag to final releases - name: 🎖️ Add `latest` dist-tag to final releases
if: steps.npm-publish.outputs.id && !contains(steps.npm-publish.outputs.id, '-rc.') if: steps.npm-publish.outputs.id && !contains(steps.npm-publish.outputs.id, '-rc.')
run: npm dist-tag add "$release" latest run: |
release=$(jq -r '"\(.name)@\(.version)"' package.json)
npm dist-tag add "$release" latest
env: env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
release: ${{ steps.npm-publish.outputs.id }} release: ${{ steps.npm-publish.outputs.id }}