Skip to content

ci: enhance npm publish workflow #2753

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Nov 3, 2025
+63 −57
Merged

ci: enhance npm publish workflow #2753

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a7f79fa
ci(publish-npm): clarify that the `package` input is the `package_dir`
Alenar Oct 27, 2025
814a4ce
ci: clarify wasm test-publish/publish/promote steps name
Alenar Oct 27, 2025
6af6550
ci: make `scope` in npm publications transparents
Alenar Oct 27, 2025
2e3ba37
ci(npm-publish): rework auth using `actions/setup-node`
Alenar Oct 27, 2025
008bdcd
ci(publish-npm): wrap build step in a group
Alenar Oct 27, 2025
110e896
ci(publish-npm): add a 'dry-run' version of the promote step
Alenar Oct 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 51 additions & 37 deletions .github/workflows/actions/publish-npm-package/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,8 @@ inputs:
dry_run:
description: Dry run will not publish to npm, just test it.
required: true
package:
description: npm package name.
required: true
scope:
description: npm package scope (must not include '@' prefix).
package_dir:
description: directory containing the package.json file.
required: true
tag:
description: npm package tag.
Expand All @@ -26,40 +23,53 @@ inputs:
runs:
using: "composite"
steps:
- uses: actions/setup-node@v6
with:
node-version: "lts/*"
package-manager-cache: "false"
# Note: setting up the registry allows auth to be passed via env.NODE_AUTH_TOKEN
registry-url: https://registry.npmjs.org

- name: Prepare
id: prepare
shell: bash
run: |
echo "package_name=$(jq -r ".name" < "${{ inputs.package_dir }}"/package.json)" >> $GITHUB_OUTPUT
echo "package_local_version=$(jq -r ".version" < "${{ inputs.package_dir }}"/package.json)" >> $GITHUB_OUTPUT

- name: Check npm latest version
id: check_version
shell: bash
run: |
echo "Check crate latest published version for '${{ inputs.package }}' package"
echo "Check npmjs.com latest published version for '${{ steps.prepare.outputs.package_name }}' package"

if [ "${{ inputs.tag }}" != "latest" -a "${{ inputs.tag }}" != "next" ]; then
echo "Tag '${{ inputs.tag }}' is not valid. It should be one of 'latest' or 'next'"
exit 1
fi

LOCAL_VERSION=$(cat ${{ inputs.package }}/package.json | jq -r '.version')
NEXT_REMOTE_VERSION=$(npm view @${{ inputs.scope }}/${{ inputs.package }} dist-tags.next 2> /dev/null || true)
LATEST_REMOTE_VERSION=$(npm view @${{ inputs.scope }}/${{ inputs.package }} dist-tags.latest 2> /dev/null || true)
NEXT_REMOTE_VERSION=$(npm view ${{ steps.prepare.outputs.package_name }} dist-tags.next 2> /dev/null || true)
LATEST_REMOTE_VERSION=$(npm view ${{ steps.prepare.outputs.package_name }} dist-tags.latest 2> /dev/null || true)

echo "Latest crate.io version: '$LATEST_REMOTE_VERSION'"
echo "Next crate.io version: '$NEXT_REMOTE_VERSION'"
echo "Local version: '$LOCAL_VERSION'"
echo "Latest npmjs.com version: '$LATEST_REMOTE_VERSION'"
echo "Next npmjs.com version: '$NEXT_REMOTE_VERSION'"
echo "Local version: '${{ steps.prepare.outputs.package_local_version }}'"

if [ "${{ inputs.tag }}" == "latest" ]; then
if [ "$LOCAL_VERSION" == "$LATEST_REMOTE_VERSION" ]; then
if [ "${{ steps.prepare.outputs.package_local_version }}" == "$LATEST_REMOTE_VERSION" ]; then
echo "Local version and remote version are the same: no need to publish to npm registry"
DEPLOY_MODE='none'
elif [ "$LOCAL_VERSION" == "$NEXT_REMOTE_VERSION" ]; then
elif [ "${{ steps.prepare.outputs.package_local_version }}" == "$NEXT_REMOTE_VERSION" ]; then
DEPLOY_MODE='promote'
else
DEPLOY_MODE='publish'
fi
else # input.tag == 'next'
if [ "$LOCAL_VERSION" == "$LATEST_REMOTE_VERSION" ]; then
if [ "${{ steps.prepare.outputs.package_local_version }}" == "$LATEST_REMOTE_VERSION" ]; then
# A latest already published: no need to tag with next
echo "Local version and remote version are the same: no need to publish to npm registry"
DEPLOY_MODE='none'
elif [ "$LOCAL_VERSION" == "$NEXT_REMOTE_VERSION" ]; then
elif [ "${{ steps.prepare.outputs.package_local_version }}" == "$NEXT_REMOTE_VERSION" ]; then
echo "Local version and remote version are the same: no need to publish to npm registry"
DEPLOY_MODE='none'
else
Expand All @@ -70,43 +80,43 @@ runs:
echo "Deploy mode: '$DEPLOY_MODE'"
echo "Dry run: '${{ inputs.dry_run }}'"
echo "deploy_mode=$DEPLOY_MODE" >> $GITHUB_OUTPUT
echo "package_version=$LOCAL_VERSION" >> $GITHUB_OUTPUT

- name: Build package
shell: bash
working-directory: ${{ inputs.package }}
working-directory: ${{ inputs.package_dir }}
env:
WASM_PACK_ARGS: --release --scope ${{ inputs.scope }}
WASM_PACK_ARGS: --release
run: |
echo "Build '@${{ inputs.scope }}/${{ inputs.package }}' package"
echo "::group::Build '${{ steps.prepare.outputs.package_name }}' package"
make build
echo "::endgroup::"

- name: Prepare publish
shell: bash
run: |
cp ./LICENSE ${{ inputs.package }}
cp -f ${{ inputs.package }}/npm/README.md ${{ inputs.package }}/
cp ./LICENSE ${{ inputs.package_dir }}
cp -f ${{ inputs.package_dir }}/npm/README.md ${{ inputs.package_dir }}/

- name: List package
shell: bash
run: |
echo "List '@${{ inputs.scope }}/${{ inputs.package }}' package"
ls -al -R ${{ inputs.package }}/dist
echo "List '${{ steps.prepare.outputs.package_name }}' package"
ls -al -R ${{ inputs.package_dir }}/dist

- name: Publish package new version
if: steps.check_version.outputs.deploy_mode == 'publish'
shell: bash
working-directory: ${{ inputs.package_dir }}
env:
NPM_TOKEN: ${{ inputs.api_token }}
NODE_AUTH_TOKEN: ${{ inputs.api_token }}
run: |
echo "Publish '@${{ inputs.scope }}/${{ inputs.package }}' package"
npm set "//registry.npmjs.org/:_authToken=${NPM_TOKEN}"
if [ -z "${NPM_TOKEN}" -a "${{ inputs.dry_run }}" == "true" ]; then
echo "Publish '${{ steps.prepare.outputs.package_name }}' package"
if [ -z "${NODE_AUTH_TOKEN}" -a "${{ inputs.dry_run }}" == "true" ]; then
echo "Warning: An NPM access token is required for authentication and has not been provided."
else
npm whoami
fi
cd ${{ inputs.package }}/

if [ "${{ inputs.dry_run }}" == "false" ]; then
dry_run_option=""
else
Expand All @@ -115,14 +125,18 @@ runs:
npm publish --tag ${{ inputs.tag }} --access ${{ inputs.access }} $dry_run_option

- name: Promote package distribution tag to 'latest'
if: inputs.dry_run == 'false' && steps.check_version.outputs.deploy_mode == 'promote'
if: steps.check_version.outputs.deploy_mode == 'promote'
shell: bash
working-directory: ${{ inputs.package_dir }}
env:
NPM_TOKEN: ${{ inputs.api_token }}
NODE_AUTH_TOKEN: ${{ inputs.api_token }}
run: |
echo "Publish '@${{ inputs.scope }}/${{ inputs.package }}' package"
npm set "//registry.npmjs.org/:_authToken=${NPM_TOKEN}"
npm whoami
cd ${{ inputs.package }}/
npm dist-tag add @${{ inputs.scope }}/${{ inputs.package }}@${{ steps.check_version.outputs.package_version }} latest
npm dist-tag rm @${{ inputs.scope }}/${{ inputs.package }}@${{ steps.check_version.outputs.package_version }} next
echo "Promote '${{ steps.prepare.outputs.package_name }}' package version '${{ steps.prepare.outputs.package_local_version }}' from 'next' to 'latest'"
if [ "${{ inputs.dry_run }}" == "false" ]; then
npm whoami
npm dist-tag add ${{ steps.prepare.outputs.package_name }}"@${{ steps.prepare.outputs.package_local_version }} latest
npm dist-tag rm ${{ steps.prepare.outputs.package_name }}"@${{ steps.prepare.outputs.package_local_version }} next
else
echo "Dry run: npm dist-tag add ${{ steps.prepare.outputs.package_name }}"@${{ steps.prepare.outputs.package_local_version }} latest
echo "Dry run: npm dist-tag rm ${{ steps.prepare.outputs.package_name }}"@${{ steps.prepare.outputs.package_local_version }} next
fi
8 changes: 3 additions & 5 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ jobs:
shell: bash
working-directory: mithril-client-wasm
env:
WASM_PACK_ARGS: --release --scope mithril-dev
WASM_PACK_ARGS: --release
run: make build

- name: Prepare 'mithril-client-wasm' package
Expand Down Expand Up @@ -594,7 +594,6 @@ jobs:
package: [mithril-client-wasm]
include:
- package: mithril-client-wasm
scope: mithril-dev
tag: latest
access: public
api_token_secret_name: NPM_API_TOKEN_MITHRIL_CLIENT_WASM
Expand All @@ -613,12 +612,11 @@ jobs:
cargo-tools: wasm-pack
github-token: ${{ secrets.GITHUB_TOKEN }}

- name: Publish package to npm
- name: Publish package to npm (dry-run)
uses: ./.github/workflows/actions/publish-npm-package
with:
dry_run: "true"
package: ${{ matrix.package }}
scope: ${{ matrix.scope }}
package_dir: ${{ matrix.package }}
access: ${{ matrix.access }}
api_token: ${{ secrets[matrix.api_token_secret_name] }}

Expand Down
4 changes: 1 addition & 3 deletions .github/workflows/manual-publish-npm.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@ jobs:
package: [mithril-client-wasm]
include:
- package: mithril-client-wasm
scope: mithril-dev
tag: latest
access: public
api_token_secret_name: NPM_API_TOKEN_MITHRIL_CLIENT_WASM
Expand All @@ -65,8 +64,7 @@ jobs:
uses: ./.github/workflows/actions/publish-npm-package
with:
dry_run: ${{ inputs.dry_run }}
package: ${{ matrix.package }}
scope: ${{ matrix.scope }}
package_dir: ${{ matrix.package }}
tag: ${{ matrix.tag }}
access: ${{ matrix.access }}
api_token: ${{ secrets[matrix.api_token_secret_name] }}
6 changes: 2 additions & 4 deletions .github/workflows/pre-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -316,15 +316,14 @@ jobs:
dry_run: "true"
package: ${{ matrix.package }}

publish-wasm-test:
publish-next-wasm-package:
strategy:
fail-fast: false
max-parallel: 1
matrix:
package: [mithril-client-wasm]
include:
- package: mithril-client-wasm
scope: mithril-dev
tag: next
access: public
api_token_secret_name: NPM_API_TOKEN_MITHRIL_CLIENT_WASM
Expand All @@ -345,8 +344,7 @@ jobs:
uses: ./.github/workflows/actions/publish-npm-package
with:
dry_run: "false"
package: ${{ matrix.package }}
scope: ${{ matrix.scope }}
package_dir: ${{ matrix.package }}
tag: next
access: ${{ matrix.access }}
api_token: ${{ secrets[matrix.api_token_secret_name] }}
8 changes: 3 additions & 5 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -248,15 +248,14 @@ jobs:
package: ${{ matrix.package }}
api_token: ${{ secrets[matrix.api_token_secret_name] }}

publish-wasm:
promote-wasm-package-to-latest:
strategy:
fail-fast: false
max-parallel: 1
matrix:
package: [mithril-client-wasm]
include:
- package: mithril-client-wasm
scope: mithril-dev
tag: latest
access: public
api_token_secret_name: NPM_API_TOKEN_MITHRIL_CLIENT_WASM
Expand All @@ -273,12 +272,11 @@ jobs:
cargo-tools: wasm-pack
github-token: ${{ secrets.GITHUB_TOKEN }}

- name: Publish package to npm
- name: Promote npm package
uses: ./.github/workflows/actions/publish-npm-package
with:
dry_run: "false"
package: ${{ matrix.package }}
scope: ${{ matrix.scope }}
package_dir: ${{ matrix.package }}
tag: latest
access: ${{ matrix.access }}
api_token: ${{ secrets[matrix.api_token_secret_name] }}
6 changes: 3 additions & 3 deletions mithril-client-wasm/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,11 @@
"types": "dist/node/mithril_client_wasm.d.ts",
"scripts": {
"build": "npm run build:node && npm run build:web && npm run build:bundler",
"build:bundler": "wasm-pack build --target bundler --out-dir dist/bundler $WASM_PACK_ARGS",
"build:bundler": "wasm-pack build --target bundler --out-dir dist/bundler --scope mithril-dev $WASM_PACK_ARGS",
"postbuild:bundler": "rm dist/bundler/.gitignore",
"build:node": "wasm-pack build --target nodejs --out-dir dist/node $WASM_PACK_ARGS",
"build:node": "wasm-pack build --target nodejs --out-dir dist/node --scope mithril-dev $WASM_PACK_ARGS",
"postbuild:node": "rm dist/node/.gitignore",
"build:web": "wasm-pack build --target web --out-dir dist/web $WASM_PACK_ARGS",
"build:web": "wasm-pack build --target web --out-dir dist/web --scope mithril-dev $WASM_PACK_ARGS",
"postbuild:web": "rm dist/web/.gitignore"
}
}
Loading