1d18e50c68
The release tag check stripped only a lowercase 'v', so a tag like V17.0.0 failed against package.json 17.0.0. Strip a leading v OR V. Claude-Session: https://claude.ai/code/session_016JWn5jRD5tcEFKrubjQ6Px Co-authored-by: Claude <noreply@anthropic.com>
51 lines
1.7 KiB
YAML
51 lines
1.7 KiB
YAML
name: Publish to npm
|
|
|
|
# Publishes the package to npm when you publish a GitHub Release (or run this
|
|
# workflow manually). No local npm needed — set one repo secret, NPM_TOKEN, and
|
|
# every release ships `npx pm-claude-skills` to the world.
|
|
#
|
|
# One-time setup:
|
|
# 1. Create a free npm account at https://www.npmjs.com/signup
|
|
# 2. Profile -> Access Tokens -> Generate New Token -> "Automation"
|
|
# 3. In this repo: Settings -> Secrets and variables -> Actions -> New repository
|
|
# secret named NPM_TOKEN with that token.
|
|
# Then: publish a GitHub Release tagged vX.Y.Z (matching package.json version).
|
|
|
|
on:
|
|
release:
|
|
types: [published]
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: read
|
|
id-token: write # enables npm provenance (a verified "published from this repo" badge)
|
|
|
|
jobs:
|
|
publish:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
registry-url: 'https://registry.npmjs.org'
|
|
|
|
- name: Verify release tag matches package.json version
|
|
if: github.event_name == 'release'
|
|
run: |
|
|
TAG="${GITHUB_REF_NAME#[vV]}" # strip a leading v or V (v17.0.0 / V17.0.0)
|
|
PKG="$(node -p "require('./package.json').version")"
|
|
echo "release tag: $TAG | package.json: $PKG"
|
|
if [ "$TAG" != "$PKG" ]; then
|
|
echo "::error::Release tag ($TAG) does not match package.json version ($PKG). Bump package.json or fix the tag."
|
|
exit 1
|
|
fi
|
|
|
|
- name: Publish to npm (public, with provenance)
|
|
run: npm publish --provenance --access public
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|