Skip to content

Commit

Permalink
fix!(action): update runtime to Node.js v20 (#150)
Browse files Browse the repository at this point in the history
BREAKING CHANGE: action will now run on Node.js v20
  • Loading branch information
mcous authored Oct 18, 2023
1 parent 7f426c9 commit 6fd3bc8
Show file tree
Hide file tree
Showing 5 changed files with 663 additions and 674 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/ci-cd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ jobs:
- name: Install Node.js
uses: actions/setup-node@v3
with:
node-version: "18"
node-version: "20"
cache: npm

- name: Install development dependencies
Expand Down
244 changes: 143 additions & 101 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,23 +6,29 @@
[![License](https://img.shields.io/npm/l/@jsdevtools/npm-publish.svg)](LICENSE)
[![Buy us a tree](https://img.shields.io/badge/Treeware-%F0%9F%8C%B3-lightgreen)](https://plant.treeware.earth/JS-DevTools/npm-publish)

Publish your packages to npm automatically in GitHub Actions by updating the version number.
Publish packages to npm automatically in GitHub Actions by updating the version number.

- [Change log][releases]
- [v2 to v3 migration guide](#v2-to-v3)
- [v1 to v3 migration guide](#v1-to-v3)

[releases]: https://github.com/JS-DevTools/npm-publis/releases

## Features

- 🧠 **Smart**<br>
- 🧠 **Smart**
Only publishes if the version number in `package.json` differs from the latest on npm.

- 🛠 **Configurable**<br>
- 🛠 **Configurable**
Customize the version-checking behavior, the registry URL, and path of your package.

- 🔐 **Secure**<br>
Keeps your npm authentication token secret. Doesn't read from or write to `~/.npmrc`.
- 🔐 **Secure**
Keeps your npm authentication token secret. Doesn't read nor write to `~/.npmrc`.

-**Fast**<br>
-**Fast**
100% JavaScript (which is faster than Docker) and bundled to optimize loading time.

- 📤 **Outputs**<br>
- 📤 **Outputs**
Exposes the old and new version numbers, and the type of change (major, minor, patch, etc.) as variables that you can use in your workflow.

## Usage
Expand All @@ -35,78 +41,6 @@ This package can be used three different ways:

- 🖥 A [**CLI**](#command-line-interface) that you run in your terminal

## v2 Migration Guide

The v1 to v2 upgrade brought a few notable **breaking changes**. To migrate, make the following updates:

- The `type` output is now an empty string instead of `'none'` when no release occurs
```diff
- run: echo "Version changed!"
- if: ${{ steps.publish.outputs.type != 'none' }}
+ if: ${{ steps.publish.outputs.type }}
```
- The `--ignore-scripts` option is now passed to `npm publish` as a security precaution. If you define any publish lifecycle scripts - `prepublishOnly`, `prepack`, `prepare`, `postpack`, `publish`, `postpublish` - run them explicitly or set the `ignore-scripts` input to `false`.
```diff
with:
token: ${{ secrets.NPM_TOKEN }}
+ ignore-scripts: false
```
- The workflow's `.npmrc` file is no longer modified. If you have any workarounds to adjust for this misbehavior - for example, if you're using `actions/setup-node` to configure `.npmrc` - you should remove them.

```diff
- uses: actions/setup-node@v3
with:
node-version: '18'
registry-url: https://registry.npmjs.org/

- uses: JS-DevTools/npm-publish@v1
with:
token: ${{ secrets.NPM_TOKEN }}

- name: Do some more stuff with npm
run: npm whoami
env:
- INPUT_TOKEN: ${{ secrets.NPM_TOKEN }}
+ NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
```

- The `check-version` and `greater-version-only` options have been removed and replaced with `strategy`.
- Use `strategy: all` (default) to publish all versions that do not yet exist in the registry.
```diff
with:
token: ${{ secrets.NPM_TOKEN }}
- check-version: true
- greater-version-only: false
+ strategy: all
```
- Use `strategy: upgrade` to only publish versions that upgrade the selected tag.
```diff
with:
token: ${{ secrets.NPM_TOKEN }}
- check-version: true
- greater-version-only: true
+ strategy: upgrade
```
- `check-version: false` has been removed. You may not need this action if you're not checking already published versions; [you can `npm` directly][publishing-nodejs-packages], instead.
```diff
- - uses: JS-DevTools/npm-publish@v1
- with:
- token: ${{ secrets.NPM_TOKEN }}
- check-version: false
+ - uses: actions/setup-node@v3
+ with:
+ node-version: '18'
+ registry-url: https://registry.npmjs.org/
+ - run: npm publish
+ env:
+ NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
```

See the [change log][] for more details and other changes in the v2 release.

[publishing-nodejs-packages]: https://docs.github.com/actions/publishing-packages/publishing-nodejs-packages
[change log]: https://github.com/JS-DevTools/npm-publish/releases

## GitHub Action

To use the GitHub Action, you'll need to add it as a step in your [workflow file][]. By default, the only thing you need to do is set the `token` parameter to your [npm authentication token][].
Expand All @@ -120,13 +54,13 @@ jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: "18"
node-version: "20"
- run: npm ci
- run: npm test
- uses: JS-DevTools/npm-publish@v2
- uses: JS-DevTools/npm-publish@v3
with:
token: ${{ secrets.NPM_TOKEN }}
```
Expand All @@ -145,13 +79,13 @@ jobs:
contents: read
packages: write # allow GITHUB_TOKEN to publish packages
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: "18"
node-version: "20"
- run: npm ci
- run: npm test
- uses: JS-DevTools/npm-publish@v2
- uses: JS-DevTools/npm-publish@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
registry: "https://npm.pkg.github.com"
Expand All @@ -161,7 +95,7 @@ jobs:
[npm authentication token]: https://docs.npmjs.com/creating-and-viewing-authentication-tokens
[GitHub Package Registry]: https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-npm-registry

### Usage
### Action usage

You can set any or all of the following input parameters using `with`:

Expand All @@ -184,19 +118,19 @@ You can set any or all of the following input parameters using `with`:
[npm-access]: https://docs.npmjs.com/cli/v9/commands/npm-publish#access
[provenance]: https://docs.npmjs.com/generating-provenance-statements

### Output
### Action output

npm-publish exposes some output variables, which you can use in later steps of your workflow. To access the output variables, you'll need to set an `id` for the npm-publish step.
npm-publish exposes several output variables, which you can use in later steps of your workflow if you provide an `id` for the npm-publish step.

```yaml
steps:
- id: publish
uses: JS-DevTools/npm-publish@v2
with:
token: ${{ secrets.NPM_TOKEN }}
```diff
steps:
- uses: JS-DevTools/npm-publish@v3
+ id: publish
with:
token: ${{ secrets.NPM_TOKEN }}
- if: ${{ steps.publish.outputs.type }}
run: echo "Version changed!"
+ - if: ${{ steps.publish.outputs.type }}
+ run: echo "Version changed!"
```

| Name | Type | Description |
Expand Down Expand Up @@ -232,7 +166,7 @@ await npmPublish({ token: "YOUR_NPM_AUTH_TOKEN_HERE" });

[npm]: https://docs.npmjs.com/about-npm/

### Usage
### API usage

As shown in the example above, you should pass an options object to the `npmPublish` function. In TypeScript, the `Options` interface is available as an import.

Expand All @@ -257,7 +191,7 @@ import type { Options } from "@jsdevtools/npm-publish";
1. May be specified using `publishConfig` in `package.json`.
2. Provenance requires npm `>=9.5.0`.

### Output
### API output

The `npmPublish()` function returns a promise of a `Results` object. In TypeScript, the `Results` interface is available as an import.

Expand Down Expand Up @@ -301,7 +235,7 @@ npx npm-publish --token YOUR_NPM_AUTH_TOKEN_HERE --registry http://example.com .

Run `npm-publish --help` to see the full list of options available.

```
```text
Usage:
npm-publish <options> [package]
Expand Down Expand Up @@ -346,6 +280,116 @@ Examples:
$ npm-publish --token abc123 ./my-package
```

## Migration guides

Major releases of the action and libraries may contain breaking changes, documented here.
For more detailed change logs, see [releases][].

### v2 to v3

The v3 release does not require any changes to how you use `npm-publish` from `v2`. The version of Node.js used by the action was updated to v20 due to GitHub Action's [deprecation of Node.js v16][node16-deprecation]. The minimum required version of Node.js for the library and CLI remains v16.

[node16-deprecation]: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/

### v1 to v3

The v2 release made several breaking changes to inputs, outputs, and behaviors that were present in `v1`. The examples below focus on the action, but the same changes are applicable to the library and CLI, too.

#### v2 option changes

The `check-version` and `greater-version-only` boolean options were replaced with the `strategy` option:

- `strategy: all` (default) will publish any version that does not yet exist in the registry
- `strategy: upgrade` will publish only if the version is a semver upgrade of the requested `dist-tag`

```diff
with:
token: ${{ secrets.NPM_TOKEN }}
- check-version: true
- greater-version-only: false
+ strategy: all
with:
token: ${{ secrets.NPM_TOKEN }}
- check-version: true
- greater-version-only: true
+ strategy: upgrade
```

`check-version: false` has been removed. If you only need to publish, without first checking whether the version exists in the registry, you can [use `npm` directly][publishing-nodejs-packages] instead:

```diff
- uses: actions/setup-node@v3
with:
node-version: '18'
+ registry-url: https://registry.npmjs.org/
- - uses: JS-DevTools/npm-publish@v1
- with:
- token: ${{ secrets.NPM_TOKEN }}
- check-version: false
+ - run: npm publish
+ env:
+ NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
```

[publishing-nodejs-packages]: https://docs.github.com/actions/publishing-packages/publishing-nodejs-packages

#### v2 output changes

The `type` output is now an empty string instead of `'none'` when no release occurs

```diff
- run: echo "Version changed!"
- if: ${{ steps.publish.outputs.type != 'none' }}
+ if: ${{ steps.publish.outputs.type }}
```

#### v2 behavior changes

The `--ignore-scripts` option is now passed to `npm publish` as a security precaution. If you define any publish lifecycle scripts - `prepublishOnly`, `prepack`, `prepare`, `postpack`, `publish`, `postpublish` - we recommend you run that logic as a separate explicit build step.

```diff
+ - run: npm run build
- - uses: JS-DevTools/npm-publish@v1
+ - uses: JS-DevTools/npm-publish@v3
with:
token: ${{ secrets.NPM_TOKEN }}
```

If you can't change your build, you can set the `ignore-scripts` input to `false` as a workaround. Be aware that failures during a lifecycle script can be difficult to debug, and any `stdout`/`stderr` output from your build script could interfere with how `npm-publish` interprets results from the `npm` CLI.

```diff
- - uses: JS-DevTools/npm-publish@v1
+ - uses: JS-DevTools/npm-publish@v3
with:
token: ${{ secrets.NPM_TOKEN }}
+ ignore-scripts: false
```

The global `.npmrc` file is no longer read nor modified. This means the `token` option is now required for the library and CLI. (It was already required for the action.) You may have workarounds in place referencing `INPUT_TOKEN`, which v1 [erroneously wrote][#15] to `.npmrc`. These workarounds should be removed.

```diff
- uses: actions/setup-node@v3
with:
node-version: '18'
registry-url: https://registry.npmjs.org/
- - uses: JS-DevTools/npm-publish@v1
+ - uses: JS-DevTools/npm-publish@v3
with:
token: ${{ secrets.NPM_TOKEN }}
- name: Do some more stuff with npm
run: npm whoami
env:
- INPUT_TOKEN: ${{ secrets.NPM_TOKEN }}
+ NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
```

[#15]: https://github.com/JS-DevTools/npm-publish/issues/15

## License

npm-publish is 100% free and open-source, under the [MIT license](LICENSE). Use it however you want.
Expand All @@ -359,5 +403,3 @@ Thanks to these awesome companies for their support of Open Source developers
[![GitHub](https://jstools.dev/img/badges/github.svg)](https://github.com/open-source)
[![NPM](https://jstools.dev/img/badges/npm.svg)](https://www.npmjs.com/)
[![Coveralls](https://jstools.dev/img/badges/coveralls.svg)](https://coveralls.io)
[![Travis CI](https://jstools.dev/img/badges/travis-ci.svg)](https://travis-ci.com)
[![SauceLabs](https://jstools.dev/img/badges/sauce-labs.svg)](https://saucelabs.com)
2 changes: 1 addition & 1 deletion action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -92,5 +92,5 @@ outputs:
If not configured for a scoped package, will be "default".
runs:
using: node16
using: node20
main: action.js
Loading

0 comments on commit 6fd3bc8

Please sign in to comment.