name: 🚀 pkg-pr-new on: push: paths: - "packages/**" pull_request: paths: - "packages/**" permissions: contents: read concurrency: group: ${{ github.repository }}-${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true env: NX_VERBOSE_LOGGING: true NX_CI_EXECUTION_ID: ${{ github.head_ref }}-${{ github.sha }}-${{ github.run_attempt }} NX_CI_EXECUTION_ENV: "Publish Commit" jobs: build: runs-on: ubuntu-latest timeout-minutes: 15 # NOTE: deliberately NOT in the `npm` environment. pkg-pr-new publishes to # pkg.pr.new (not the npm registry) and uses no environment-scoped secrets, # and this job runs on every push/PR touching packages/** — the npm # environment's deployment-branch policy (main, canary/*, # release/publish/*) would block it. permissions: contents: read # pkg-pr-new posts snapshot comments on the PR using the workflow token pull-requests: write steps: # persist-credentials required: pkg-pr-new uses repo token to post snapshot comments on the PR - name: Checkout code uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - name: Install pnpm uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9 - run: corepack enable - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: "package.json" # setup-node built-in cache is fork-safe (fork PRs can't write to base repo cache) cache: "pnpm" cache-dependency-path: "**/pnpm-lock.yaml" - name: Install dependencies run: pnpm install --frozen-lockfile - name: Configure Nx Cloud environment run: | echo "NX_CI_EXECUTION_ID=${{ github.run_id }}-${{ github.run_attempt }}-pkg-pr-new" >> $GITHUB_ENV echo "NX_CLOUD_NO_TIMEOUTS=true" >> $GITHUB_ENV echo "NX_CLOUD_DISTRIBUTED_EXECUTION=false" >> $GITHUB_ENV echo "NX_NO_CLOUD=true" >> $GITHUB_ENV - name: Build run: pnpm run build - run: npx pkg-pr-new publish --pnpm --packageManager pnpm "./packages/*"