8cb1f9f479
Publish SDK (PyPI) / publish (push) Waiting to run
Publish SDK (npm) / publish (@aionui/officecli-sdk) (push) Waiting to run
Publish SDK (npm) / publish (@officecli/officecli-sdk) (push) Waiting to run
Publish SDK (npm) / publish (@officecli/sdk) (push) Waiting to run
Publish SDK (npm) / publish (officecli-sdk) (push) Waiting to run
SDK smoke / smoke (windows-latest) (push) Waiting to run
SDK smoke / smoke (macos-latest) (push) Waiting to run
SDK smoke / smoke (ubuntu-latest) (push) Waiting to run
Skill parity / diff (push) Waiting to run
96 lines
3.5 KiB
YAML
96 lines
3.5 KiB
YAML
name: Publish npm
|
|
|
|
# Fires when a GitHub Release is PUBLISHED (not on the draft created by
|
|
# build.yml). By then the release assets — the platform binaries and
|
|
# SHA256SUMS the npm postinstall downloads — are publicly live, so a user who
|
|
# `npm install`s immediately can fetch them.
|
|
#
|
|
# Auth: npm Trusted Publishing (OIDC). No NPM_TOKEN / secret required — the
|
|
# `id-token: write` permission below lets the runner mint a short-lived token.
|
|
# Configure the trusted publisher for BOTH packages on npmjs.com:
|
|
# org/user: iOfficeAI repo: OfficeCLI workflow: publish-npm.yml action: npm publish
|
|
|
|
on:
|
|
release:
|
|
types: [published]
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: 'Version to publish (X.Y.Z, or X.Y.Z-pre for a test build). Required for manual runs.'
|
|
required: false
|
|
dist_tag:
|
|
description: 'npm dist-tag (default: latest). Use e.g. "test" for a prerelease that must not move latest.'
|
|
required: false
|
|
default: 'latest'
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
publish:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
id-token: write # OIDC token for npm trusted publishing
|
|
contents: read
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
package:
|
|
- '@officecli/officecli'
|
|
- '@aionui/officecli'
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
|
|
- uses: actions/setup-node@v6
|
|
with:
|
|
node-version: '24'
|
|
registry-url: 'https://registry.npmjs.org'
|
|
|
|
- name: Upgrade npm (trusted publishing + provenance need >= 11.5.1)
|
|
# Pinned to 11.x: npm 12.0.0 ships a broken provenance path
|
|
# ("Cannot find module 'sigstore'" in libnpmpublish). Unpin once fixed.
|
|
run: npm install -g npm@11
|
|
|
|
- name: Resolve version
|
|
id: ver
|
|
run: |
|
|
if [ "${{ github.event_name }}" = "release" ]; then
|
|
V="${{ github.event.release.tag_name }}"
|
|
else
|
|
V="${{ github.event.inputs.version }}"
|
|
fi
|
|
V="${V#v}"
|
|
if ! printf '%s' "$V" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+([.-].*)?$'; then
|
|
echo "Invalid or missing version: '$V'"
|
|
exit 1
|
|
fi
|
|
echo "version=$V" >> "$GITHUB_OUTPUT"
|
|
echo "Publishing ${{ matrix.package }}@$V"
|
|
|
|
- name: Set package name, version, and match the README to this package
|
|
id: pkg
|
|
working-directory: npm
|
|
run: |
|
|
npm pkg set name='${{ matrix.package }}'
|
|
npm pkg set version='${{ steps.ver.outputs.version }}'
|
|
# Only the package name differs per scope; links stay officecli.ai.
|
|
# Rewrite the install/npx commands to this package's name. No-op for
|
|
# @officecli/officecli.
|
|
sed -i "s|@officecli/officecli|${{ matrix.package }}|g" README.md
|
|
# A brand-new package can't be created by trusted publishing (OIDC) —
|
|
# skip (green) until its one-time manual first publish creates it.
|
|
if npm view '${{ matrix.package }}' version >/dev/null 2>&1; then
|
|
echo "exists=true" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "exists=false" >> "$GITHUB_OUTPUT"
|
|
echo "::notice::${{ matrix.package }} does not exist on npm yet — first publish must be manual; skipping."
|
|
fi
|
|
|
|
- name: Publish to npm
|
|
if: steps.pkg.outputs.exists == 'true'
|
|
working-directory: npm
|
|
run: |
|
|
TAG='${{ github.event.inputs.dist_tag }}'
|
|
[ -z "$TAG" ] && TAG='latest'
|
|
npm publish --provenance --access public --tag "$TAG"
|