chore(deps): bump getrandom from 0.2.14 to 0.2.15 (#14) #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish `npm` packages | |
| on: | |
| workflow_dispatch: | |
| push: | |
| # NOTE: if you want to add a branch here other than `main`, please | |
| # consider whether it will cause an unnecessary Nix build on a | |
| # GitHub runner! See the note below. | |
| branches: | |
| - main | |
| jobs: | |
| tidyt-wasm-npm-publish: | |
| name: Publish tidyt-wasm `npm` package | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4.1.3 | |
| with: | |
| # Required by flakes | |
| fetch-depth: 0 | |
| - name: Import secrets from Vault | |
| uses: hashicorp/vault-action@v3.0.0 | |
| id: secrets | |
| with: | |
| url: https://vault.hackworth-corp.com | |
| path: "github-actions" | |
| role: tidyt-workflow-npmjs | |
| method: jwt | |
| secrets: | | |
| secret/data/npmjs/@hackworthltd/tidyt-wasm token | NPM_TOKEN ; | |
| - name: Install & configure Nix | |
| uses: cachix/install-nix-action@v26 | |
| with: | |
| extra_nix_config: | | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= hackworthltd.cachix.org-1:0JTCI0qDo2J+tonOalrSQP3yRNleN6bQucJ05yDltRI= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= loony-tools:pr9m4BkM/5/eSTZlkQyRt57Jz7OMBxNSUiMC4FkcNfk= | |
| substituters = https://cache.nixos.org?priority=10 https://hackworthltd.cachix.org?priority=30 https://cache.iog.io?priority=40 https://cache.zw3rk.com?priority=50 | |
| # Note: if this Nix derivation hasn't been built yet, it will | |
| # kick off a Nix build on a GitHub runner, which isn't ideal. | |
| # However, because we use GitHub merge queues with this repo, | |
| # and because this workflow is only configured to run | |
| # automatically on pushes to `main`, we can be confident that | |
| # it will already have been built and can be pulled from our | |
| # Cachix cache without kicking off any builds. | |
| - name: Fetch Nix `npm` package | |
| run: | | |
| nix build -L .#packages.x86_64-linux.tidyt-wasm-crate-wasm-npm | |
| - name: Setup nodejs | |
| uses: actions/setup-node@v4.0.2 | |
| with: | |
| node-version: 20.x | |
| - name: Publish `npm` package | |
| uses: JS-DevTools/npm-publish@v3.1.1 | |
| with: | |
| access: public | |
| token: '${{ env.NPM_TOKEN }}' | |
| package: result/pkg | |
| strategy: upgrade |