Skip to content

Commit

Permalink
feat: add explicit support for provenance
Browse files Browse the repository at this point in the history
  • Loading branch information
mcous committed May 1, 2023
1 parent 69c6427 commit 3595ed5
Show file tree
Hide file tree
Showing 17 changed files with 157 additions and 49 deletions.
13 changes: 13 additions & 0 deletions .github/workflows/ci-cd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,11 @@ jobs:
name: Publish
runs-on: ubuntu-latest
timeout-minutes: 10

permissions:
contents: read
id-token: write

needs:
- test
- build
Expand All @@ -202,6 +207,14 @@ jobs:
- name: Checkout source
uses: actions/checkout@v3

- name: Install Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: "18"

- name: Install latest npm
run: npm install -g npm

- name: Download publish artifact
uses: actions/download-artifact@v3
with:
Expand Down
65 changes: 39 additions & 26 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,9 @@ The v1 to v2 upgrade brought a few notable **breaking changes**. To migrate, mak

- The `type` output is now an empty string instead of `none` when no release occurs
```diff
- - if: ${{ steps.publish.outputs.type != 'none' }}
+ - if: ${{ steps.publish.outputs.type }}
run: echo "Version changed!"
- run: echo "Version changed!"
- if: ${{ steps.publish.outputs.type != 'none' }}
+ if: ${{ steps.publish.outputs.type }}
```
- The `check-version` and `greater-version-only` options have been removed and replaced with `strategy`.
- Use `strategy: all` (default) to publish all versions that do not yet exist in the registry.
Expand Down Expand Up @@ -73,7 +73,9 @@ See the [change log][] for more details and other changes in the v2 release.
To use the GitHub Action, you'll need to add it as a step in your [workflow file][]. By default, the only thing you need to do is set the `token` parameter to your [npm authentication token][].

```yaml
on: push
on:
push:
branches: main

jobs:
publish:
Expand All @@ -82,7 +84,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: 18
node-version: "18"
- run: npm ci
- run: npm test
- uses: JS-DevTools/npm-publish@v2
Expand All @@ -97,15 +99,18 @@ jobs:

You can set any or all of the following input parameters using `with`:

| Name | Type | Default | Description |
| ---------- | ---------------------- | ----------------------------- | ----------------------------------------------------------------------------- |
| `token` | string | **required** | Authentication token to use with the configured registry. |
| `registry` | string | `https://registry.npmjs.org/` | Registry URL to use. |
| `package` | string | Current working directory | Path to a package directory, a `package.json`, or a packed `.tgz` to publish |
| `tag` | string | `latest` | [Distribution tag][npm-tag] to publish to. |
| `access` | `public`, `restricted` | [npm defaults][npm-access] | Whether the package should be publicly visible or restricted. |
| `strategy` | `all`, `upgrade` | `all` | Use `all` to publish all unique versions, `upgrade` for only semver upgrades. |
| `dry-run` | boolean | `false` | Run `npm publish` with the `--dry-run` flag to prevent publication. |
| Name | Type | Default | Description |
| ------------ | ---------------------- | -------------------------------- | ----------------------------------------------------------------------------- |
| `token` | string | **required** | Authentication token to use with the configured registry. |
| `registry` | string | `https://registry.npmjs.org/` \* | Registry URL to use. |
| `package` | string | Current working directory | Path to a package directory, a `package.json`, or a packed `.tgz` to publish |
| `tag` | string | `latest` \* | [Distribution tag][npm-tag] to publish to. |
| `access` | `public`, `restricted` | [npm defaults][npm-access] \* | Whether the package should be publicly visible or restricted. |
| `provenance` | boolean | `false` \* | Run `npm publish` with the `--provenance` flag to add provenance statements. |
| `strategy` | `all`, `upgrade` | `all` | Use `all` to publish all unique versions, `upgrade` for only semver upgrades. |
| `dry-run` | boolean | `false` | Run `npm publish` with the `--dry-run` flag to prevent publication. |

\* Default values for these options may be specified using `publishConfig` in `package.json`.

[npm-tag]: https://docs.npmjs.com/cli/v9/commands/npm-publish#tag
[npm-access]: https://docs.npmjs.com/cli/v9/commands/npm-publish#access
Expand Down Expand Up @@ -135,6 +140,7 @@ steps:
| `old-version` | string | Previously published version on `tag` or empty if no previous version on tag. |
| `tag` | string | [Distribution tag][npm-tag] the package was published to. |
| `access` | string | [Access level][npm-access] the package was published with, or `default` if scoped-package defaults were used. |
| `registry` | string | Registry the package was published to. |
| `dry-run` | boolean | Whether `npm publish` was run in "dry run" mode. |

[semver release type]: https://github.com/npm/node-semver#release_types
Expand Down Expand Up @@ -166,17 +172,20 @@ As shown in the example above, you should pass an options object to the `npmPubl
import type { Options } from "@jsdevtools/npm-publish";
```

| Name | Type | Default | Description |
| -------------------- | ---------------------- | ----------------------------- | ----------------------------------------------------------------------------- |
| `token` | string | **required** | Authentication token to use with the configured registry. |
| `registry` | string, `URL` | `https://registry.npmjs.org/` | Registry URL to use. |
| `package` | string | Current working directory | Path to a package directory, a `package.json`, or a packed `.tgz` to publish |
| `tag` | string | `latest` | [Distribution tag][npm-tag] to publish to. |
| `access` | `public`, `restricted` | [npm defaults][npm-access] | Whether the package should be publicly visible or restricted. |
| `strategy` | `all`, `upgrade` | `all` | Use `all` to publish all unique versions, `upgrade` for only semver upgrades. |
| `dryRun` | boolean | `false` | Run `npm publish` with the `--dry-run` flag to prevent publication. |
| `logger` | object | `undefined` | Logging interface with `debug`, `info`, and `error` log methods. |
| `temporaryDirectory` | string | `os.tmpdir()` | Temporary directory to hold a generated `.npmrc` file |
| Name | Type | Default | Description |
| -------------------- | ---------------------- | -------------------------------- | ----------------------------------------------------------------------------- |
| `token` | string | **required** | Authentication token to use with the configured registry. |
| `registry` | string, `URL` | `https://registry.npmjs.org/` \* | Registry URL to use. |
| `package` | string | Current working directory | Path to a package directory, a `package.json`, or a packed `.tgz` to publish |
| `tag` | string | `latest` \* | [Distribution tag][npm-tag] to publish to. |
| `access` | `public`, `restricted` | [npm defaults][npm-access] \* | Whether the package should be publicly visible or restricted. |
| `provenance` | boolean | `false` \* | Run `npm publish` with the `--provenance` flag to add provenance statements. |
| `strategy` | `all`, `upgrade` | `all` | Use `all` to publish all unique versions, `upgrade` for only semver upgrades. |
| `dryRun` | boolean | `false` | Run `npm publish` with the `--dry-run` flag to prevent publication. |
| `logger` | object | `undefined` | Logging interface with `debug`, `info`, and `error` log methods. |
| `temporaryDirectory` | string | `os.tmpdir()` | Temporary directory to hold a generated `.npmrc` file |

\* Default values for these options may be specified using `publishConfig` in `package.json`.

### Output

Expand All @@ -195,6 +204,7 @@ import type { Results } from "@jsdevtools/npm-publish";
| `oldVersion` | Optional string | Previously published version on `tag` or `undefined` if no previous version. |
| `tag` | string | [Distribution tag][npm-tag] that the package was published to. |
| `access` | Optional string | [Access level][npm-access] the package was published with, or `undefined` if scoped-package defaults were used. |
| `registry` | `URL` | Registry the package was published to. |
| `dryRun` | boolean | Whether `npm publish` was run in "dry run" mode. |

## Command Line Interface
Expand Down Expand Up @@ -243,7 +253,10 @@ Options:
Defaults to "latest".

--access <access> Package access, may be "public" or "restricted".
See documentation for details.
See npm documentation for details.

--provenance Publish with provenance statements.
See npm documentation for details.

--strategy <strategy> Publish strategy, may be "all" or "upgrade".
Defaults to "all", see documentation for details.
Expand Down
4 changes: 4 additions & 0 deletions action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,10 @@ inputs:
or restricted to members of your NPM organization.
required: false

provenance:
description: Attach provenance statements when publishing.
required: false

strategy:
description: >
Version check and release strategy.
Expand Down
28 changes: 20 additions & 8 deletions dist/main.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 3595ed5

Please sign in to comment.