From 3db5c1283907f52d648b0161accc75b7d03bfa98 Mon Sep 17 00:00:00 2001 From: Vojtech Novak Date: Sun, 26 Oct 2025 11:46:48 +0100 Subject: [PATCH] chore(ci): add trusted publishing --- .circleci/config.yml | 29 -------------------------- .github/workflows/publish.yml | 39 +++++++++++++++++++++++++++++++++++ package.json | 3 ++- 3 files changed, 41 insertions(+), 30 deletions(-) create mode 100644 .github/workflows/publish.yml diff --git a/.circleci/config.yml b/.circleci/config.yml index 8a190842..dfc659b4 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -183,25 +183,6 @@ jobs: - store_artifacts: path: ./artifacts - publish: - executor: - name: rn/linux_js - node_version: 'lts' - resource_class: large - steps: - - checkout - # - rn/yarn_install - # fails with Error untarring cache: Error extracting tarball /var/folders/bq/mjrgbpkx5h1g_b22fpv0tlzc0000gn/T/cache376822577 : tmp/yarn/: Cannot extract through symlink tmp/yarn tmp/yarn/v6/: Cannot extract through symlink tmp/yarn/v6 tmp/yarn/v6/.tmp/: Cannot extract through symlink tmp/yarn/v6/.tmp tmp/yarn/v6/npm-@babel-code-frame-7.8.3-33e25903d7481181534e12ec0a25f16b6fcf419e-integrity/: Cannot extract through symlink tmp/yarn/v6/npm-@babel-code-frame-7.8.3-33e25903d7481181534e12ec0a25f16b6fcf419e-integrity tmp/yarn/v6/npm-@babel-code-frame-7.8.3-33e25903d7481181534e12ec0a25f16b6fcf419e-integrity/node_modules/: Cannot extract through symlink tmp/yarn/v6/npm-@babel-code-frame-7.8.3-33e25903d7481181534e12ec0a25f16b6fcf419e-integrity/node_modules tmp/yarn/v6/npm-@babel-code-frame-7.8.3-33e25903d7481181534e12ec0a25f16b6fcf419e-integrity/node_modules/@babel/: Cannot extract through symlink tmp/yarn/v6/npm-@babel-code-frame-7.8.3-33e25903d7481181534e12ec0a25f16b6fcf419e-integrity/node_modules/@babel tmp/yarn/v6/npm-@babel-code-frame-7.8.3-33e25903d7481181534e12ec0a25f16b6fcf419e-integrity/node_modules/@babel/code-frame/: Cannot extract: exit status 1 - - run: - command: yarn install --immutable - name: yarn install - - run: - command: yarn plugin:build - name: build expo config plugin - - run: - command: npx semantic-release - name: Publish to NPM - workflows: test: jobs: @@ -210,13 +191,3 @@ workflows: - e2e_release_android - new_arch_android_build_only - new_arch_ios_build_only - - publish: - requires: - - analyse_js - - e2e_release_android - - e2e_release_ios - - new_arch_android_build_only - - new_arch_ios_build_only - filters: - branches: - only: master diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..86ee2738 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,39 @@ +name: release-please + +on: + push: + branches: + - master + +permissions: + id-token: write # Required for kOIDC + contents: write + pull-requests: write + issues: write + +jobs: + release-please: + runs-on: ubuntu-latest + steps: + - uses: googleapis/release-please-action@v4 + id: release + with: + release-type: node + # The logic below handles the npm publication: + - uses: actions/checkout@v4 + # these if statements ensure that a publication only occurs when + # a new release is created: + if: ${{ steps.release.outputs.release_created }} + - uses: actions/setup-node@v4 + with: + node-version: 22 + registry-url: 'https://registry.npmjs.org' + if: ${{ steps.release.outputs.release_created }} + - run: | + yarn install --immutable + yarn plugin:build + if: ${{ steps.release.outputs.release_created }} + - run: | + npm install -g npm@latest + npm publish + if: ${{ steps.release.outputs.release_created }} diff --git a/package.json b/package.json index eccb0a73..32d011a4 100644 --- a/package.json +++ b/package.json @@ -21,7 +21,8 @@ "app.plugin.js" ], "publishConfig": { - "access": "public" + "access": "public", + "provenance": true }, "scripts": { "start": "react-native start",