Files
pm-claude-skills/.github/workflows/npm-publish.yml
T
mohitagw15856 abdf20acf3 Automated npm publish via GitHub Actions (#30)
Lets the package ship to npm without a local npm install: publish a GitHub
Release and CI runs `npm publish` using an NPM_TOKEN repo secret.

- .github/workflows/npm-publish.yml: triggers on release published (and manual
  dispatch), verifies the release tag matches package.json version, then
  publishes with provenance (id-token: write) to the public registry.

One-time setup by the maintainer: create an npm Automation token and add it as
the NPM_TOKEN repository secret. Documented in the workflow header.


Claude-Session: https://claude.ai/code/session_016JWn5jRD5tcEFKrubjQ6Px

Co-authored-by: Claude <noreply@anthropic.com>
2026-06-17 15:22:04 +01:00

51 lines
1.7 KiB
YAML

name: Publish to npm
# Publishes the package to npm when you publish a GitHub Release (or run this
# workflow manually). No local npm needed — set one repo secret, NPM_TOKEN, and
# every release ships `npx pm-claude-skills` to the world.
#
# One-time setup:
# 1. Create a free npm account at https://www.npmjs.com/signup
# 2. Profile -> Access Tokens -> Generate New Token -> "Automation"
# 3. In this repo: Settings -> Secrets and variables -> Actions -> New repository
# secret named NPM_TOKEN with that token.
# Then: publish a GitHub Release tagged vX.Y.Z (matching package.json version).
on:
release:
types: [published]
workflow_dispatch:
permissions:
contents: read
id-token: write # enables npm provenance (a verified "published from this repo" badge)
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Node
uses: actions/setup-node@v4
with:
node-version: '20'
registry-url: 'https://registry.npmjs.org'
- name: Verify release tag matches package.json version
if: github.event_name == 'release'
run: |
TAG="${GITHUB_REF_NAME#v}"
PKG="$(node -p "require('./package.json').version")"
echo "release tag: $TAG | package.json: $PKG"
if [ "$TAG" != "$PKG" ]; then
echo "::error::Release tag ($TAG) does not match package.json version ($PKG). Bump package.json or fix the tag."
exit 1
fi
- name: Publish to npm (public, with provenance)
run: npm publish --provenance --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}