Automated npm publish via GitHub Actions (#30)
Lets the package ship to npm without a local npm install: publish a GitHub Release and CI runs `npm publish` using an NPM_TOKEN repo secret. - .github/workflows/npm-publish.yml: triggers on release published (and manual dispatch), verifies the release tag matches package.json version, then publishes with provenance (id-token: write) to the public registry. One-time setup by the maintainer: create an npm Automation token and add it as the NPM_TOKEN repository secret. Documented in the workflow header. Claude-Session: https://claude.ai/code/session_016JWn5jRD5tcEFKrubjQ6Px Co-authored-by: Claude <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,50 @@
|
||||
name: Publish to npm
|
||||
|
||||
# Publishes the package to npm when you publish a GitHub Release (or run this
|
||||
# workflow manually). No local npm needed — set one repo secret, NPM_TOKEN, and
|
||||
# every release ships `npx pm-claude-skills` to the world.
|
||||
#
|
||||
# One-time setup:
|
||||
# 1. Create a free npm account at https://www.npmjs.com/signup
|
||||
# 2. Profile -> Access Tokens -> Generate New Token -> "Automation"
|
||||
# 3. In this repo: Settings -> Secrets and variables -> Actions -> New repository
|
||||
# secret named NPM_TOKEN with that token.
|
||||
# Then: publish a GitHub Release tagged vX.Y.Z (matching package.json version).
|
||||
|
||||
on:
|
||||
release:
|
||||
types: [published]
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
id-token: write # enables npm provenance (a verified "published from this repo" badge)
|
||||
|
||||
jobs:
|
||||
publish:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Node
|
||||
uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: '20'
|
||||
registry-url: 'https://registry.npmjs.org'
|
||||
|
||||
- name: Verify release tag matches package.json version
|
||||
if: github.event_name == 'release'
|
||||
run: |
|
||||
TAG="${GITHUB_REF_NAME#v}"
|
||||
PKG="$(node -p "require('./package.json').version")"
|
||||
echo "release tag: $TAG | package.json: $PKG"
|
||||
if [ "$TAG" != "$PKG" ]; then
|
||||
echo "::error::Release tag ($TAG) does not match package.json version ($PKG). Bump package.json or fix the tag."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
- name: Publish to npm (public, with provenance)
|
||||
run: npm publish --provenance --access public
|
||||
env:
|
||||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
||||
+4
-1
@@ -9,7 +9,10 @@ each new wave of skills bumps the **major** version, extensions and fixes bump
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
_Nothing yet._
|
||||
### Added
|
||||
- **Automated npm publishing** — `.github/workflows/npm-publish.yml` publishes the package
|
||||
to npm (with provenance) when a GitHub Release is published. Requires a one-time
|
||||
`NPM_TOKEN` repo secret; no local npm needed.
|
||||
|
||||
## [17.0.0] — Agents, Commands & the npx CLI — 2026-06-17
|
||||
|
||||
|
||||
Reference in New Issue
Block a user