Files
wehub-resource-sync 8cb1f9f479
Publish SDK (PyPI) / publish (push) Waiting to run
Publish SDK (npm) / publish (@aionui/officecli-sdk) (push) Waiting to run
Publish SDK (npm) / publish (@officecli/officecli-sdk) (push) Waiting to run
Publish SDK (npm) / publish (@officecli/sdk) (push) Waiting to run
Publish SDK (npm) / publish (officecli-sdk) (push) Waiting to run
SDK smoke / smoke (windows-latest) (push) Waiting to run
SDK smoke / smoke (macos-latest) (push) Waiting to run
SDK smoke / smoke (ubuntu-latest) (push) Waiting to run
Skill parity / diff (push) Waiting to run
chore: import upstream snapshot with attribution
2026-07-13 13:09:29 +08:00

96 lines
3.5 KiB
YAML

name: Publish npm
# Fires when a GitHub Release is PUBLISHED (not on the draft created by
# build.yml). By then the release assets — the platform binaries and
# SHA256SUMS the npm postinstall downloads — are publicly live, so a user who
# `npm install`s immediately can fetch them.
#
# Auth: npm Trusted Publishing (OIDC). No NPM_TOKEN / secret required — the
# `id-token: write` permission below lets the runner mint a short-lived token.
# Configure the trusted publisher for BOTH packages on npmjs.com:
# org/user: iOfficeAI repo: OfficeCLI workflow: publish-npm.yml action: npm publish
on:
release:
types: [published]
workflow_dispatch:
inputs:
version:
description: 'Version to publish (X.Y.Z, or X.Y.Z-pre for a test build). Required for manual runs.'
required: false
dist_tag:
description: 'npm dist-tag (default: latest). Use e.g. "test" for a prerelease that must not move latest.'
required: false
default: 'latest'
permissions:
contents: read
jobs:
publish:
runs-on: ubuntu-latest
permissions:
id-token: write # OIDC token for npm trusted publishing
contents: read
strategy:
fail-fast: false
matrix:
package:
- '@officecli/officecli'
- '@aionui/officecli'
steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v6
with:
node-version: '24'
registry-url: 'https://registry.npmjs.org'
- name: Upgrade npm (trusted publishing + provenance need >= 11.5.1)
# Pinned to 11.x: npm 12.0.0 ships a broken provenance path
# ("Cannot find module 'sigstore'" in libnpmpublish). Unpin once fixed.
run: npm install -g npm@11
- name: Resolve version
id: ver
run: |
if [ "${{ github.event_name }}" = "release" ]; then
V="${{ github.event.release.tag_name }}"
else
V="${{ github.event.inputs.version }}"
fi
V="${V#v}"
if ! printf '%s' "$V" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+([.-].*)?$'; then
echo "Invalid or missing version: '$V'"
exit 1
fi
echo "version=$V" >> "$GITHUB_OUTPUT"
echo "Publishing ${{ matrix.package }}@$V"
- name: Set package name, version, and match the README to this package
id: pkg
working-directory: npm
run: |
npm pkg set name='${{ matrix.package }}'
npm pkg set version='${{ steps.ver.outputs.version }}'
# Only the package name differs per scope; links stay officecli.ai.
# Rewrite the install/npx commands to this package's name. No-op for
# @officecli/officecli.
sed -i "s|@officecli/officecli|${{ matrix.package }}|g" README.md
# A brand-new package can't be created by trusted publishing (OIDC) —
# skip (green) until its one-time manual first publish creates it.
if npm view '${{ matrix.package }}' version >/dev/null 2>&1; then
echo "exists=true" >> "$GITHUB_OUTPUT"
else
echo "exists=false" >> "$GITHUB_OUTPUT"
echo "::notice::${{ matrix.package }} does not exist on npm yet — first publish must be manual; skipping."
fi
- name: Publish to npm
if: steps.pkg.outputs.exists == 'true'
working-directory: npm
run: |
TAG='${{ github.event.inputs.dist_tag }}'
[ -z "$TAG" ] && TAG='latest'
npm publish --provenance --access public --tag "$TAG"