-
Notifications
You must be signed in to change notification settings - Fork 1
49 lines (46 loc) · 1.52 KB
/
cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
name: NPM Publish
on:
release:
types: [ created ]
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
publish-npm:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: 🔐 Harden Runner
uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v2.3.0
with:
disable-sudo: true
egress-policy: audit
# allowed-endpoints: >
# api.github.com:443
# fulcio.sigstore.dev:443
# rekor.sigstore.dev:443
# github.com:443
# nodejs.org:443
# registry.npmjs.org:443
# nodejs.org:443
# *.actions.githubusercontent.com:443
# actions.githubusercontent.com:443
# *.githubapp.com:443
# githubapp.com:443
- name: ⚙️ Git Checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
- name: ⚙️ Install Node@20
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: 20
registry-url: https://registry.npmjs.org
- name: ⚙️ Install NPM last version
run: npm install -g npm
- name: ⚙️ Install dependencies
run: npm ci
- name: 📦 Publish in NPM registry
run: |
npm publish --provenance --ignore-scripts --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}