Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 0 additions & 56 deletions .github/workflows/dev-publish.yml

This file was deleted.

54 changes: 54 additions & 0 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,19 @@
name: Publish to npm

# Two publish paths share this one file because npm trusted publishing (OIDC) allows only one
# workflow filename per package:
# - publish (manual) : workflow_dispatch → stable release under `latest`, gated on PUBLISH env.
# - dev-publish (auto): merged PR to main → ephemeral <next-patch>-dev-<sha> under `dev`, unattended.

on:
workflow_dispatch:
pull_request:
types: [closed]
branches: [main]

jobs:
publish:
if: github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
environment: PUBLISH
permissions:
Expand Down Expand Up @@ -73,3 +82,48 @@ jobs:
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

dev-publish:
if: github.event_name == 'pull_request' && github.event.pull_request.merged == true
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write

steps:
- name: Check out repository
uses: actions/checkout@v6

- name: Set up pnpm
uses: pnpm/action-setup@v6
with:
version: 11

- name: Set up Node.js
uses: actions/setup-node@v6
with:
node-version: '24'
registry-url: 'https://registry.npmjs.org'
cache: 'pnpm'

- name: Compute ephemeral dev version
id: version
run: |
base="$(node -p "require('./package.json').version")"
# Next patch: split on '.', bump the last field. No semver dependency needed.
next="$(node -p "const [a,b,c]=require('./package.json').version.split('.'); [a,b,Number(c)+1].join('.')")"
sha="$(git rev-parse --short HEAD)"
devver="${next}-dev-${sha}"
# Edits the runner's copy only; --no-git-tag-version makes no commit and no tag.
npm version --no-git-tag-version "$devver"
echo "devver=$devver" >> "$GITHUB_OUTPUT"
echo "Publishing dev release \`$devver\` (base $base)" >> "$GITHUB_STEP_SUMMARY"

- name: Install dependencies
run: pnpm install --frozen-lockfile

- name: Build package
run: pnpm build

- name: Publish to npm
run: pnpm publish --no-git-checks --access public --tag dev
Loading