diff --git a/.github/workflows/node.yaml b/.github/workflows/node.yaml index d771ea9..8164a84 100644 --- a/.github/workflows/node.yaml +++ b/.github/workflows/node.yaml @@ -11,6 +11,9 @@ env: BINDING_NAME: midi MACOSX_DEPLOYMENT_TARGET: "10.13" +permissions: + contents: read + jobs: build-and-test: name: Build ${{ matrix.docker-arch || matrix.arch }} on ${{ matrix.docker-image || matrix.container || matrix.os }} ${{ matrix.libc }} @@ -65,6 +68,8 @@ jobs: steps: - uses: actions/checkout@v4 + with: + persist-credentials: false - name: Checkout submodules shell: bash run: | @@ -169,3 +174,74 @@ jobs: name: all-prebuilds path: prebuilds retention-days: 7 + + publish: + name: Publish to npm + needs: bundle + runs-on: ubuntu-latest + + # only run for tags + if: contains(github.ref, 'refs/tags/') + + steps: + - uses: actions/checkout@v4 + with: + persist-credentials: false + fetch-depth: 0 + - name: Checkout submodules + shell: bash + run: | + auth_header="$(git config --local --get http.https://github.com/.extraheader)" + git submodule sync --recursive + git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 + + - name: Use Node.js 18.x + uses: actions/setup-node@v4 + with: + node-version: 18.x + - name: Check release is desired + id: do-publish + run: | + if [ -z "${{ secrets.NPM_TOKEN }}" ]; then + echo "No Token" + else + + PUBLISHED_VERSION=$(yarn npm info --json . | jq -c '.version' -r) + THIS_VERSION=$(node -p "require('./package.json').version") + # Simple bash helper to comapre version numbers + verlte() { + [ "$1" = "`echo -e "$1\n$2" | sort -V | head -n1`" ] + } + verlt() { + [ "$1" = "$2" ] && return 1 || verlte $1 $2 + } + if verlt $PUBLISHED_VERSION $THIS_VERSION + then + echo "Publishing latest" + echo "tag=latest" >> $GITHUB_OUTPUT + else + echo "Publishing hotfix" + echo "tag=hotfix" >> $GITHUB_OUTPUT + fi + + fi + - name: Prepare build + if: ${{ steps.do-publish.outputs.tag }} + run: | + corepack enable + yarn install + yarn build + env: + CI: true + - name: Publish to NPM + if: ${{ steps.do-publish.outputs.tag }} + run: | + npm set "//registry.npmjs.org/:_authToken" "$NPM_AUTH_TOKEN" + + npm publish --access=public --tag ${{ steps.do-publish.outputs.tag }} --provenance + + NEW_VERSION=$(node -p "require('./package.json').version") + echo "**Published:** $NEW_VERSION" >> $GITHUB_STEP_SUMMARY + env: + NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + CI: true