You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Only publishes if the version number in `package.json` differs from the latest on npm.
15
21
16
-
- 🛠 **Configurable**<br>
22
+
- 🛠 **Configurable**
17
23
Customize the version-checking behavior, the registry URL, and path of your package.
18
24
19
-
- 🔐 **Secure**<br>
20
-
Keeps your npm authentication token secret. Doesn't read from or write to `~/.npmrc`.
25
+
- 🔐 **Secure**
26
+
Keeps your npm authentication token secret. Doesn't read nor write to `~/.npmrc`.
21
27
22
-
- ⚡ **Fast**<br>
28
+
- ⚡ **Fast**
23
29
100% JavaScript (which is faster than Docker) and bundled to optimize loading time.
24
30
25
-
- 📤 **Outputs**<br>
31
+
- 📤 **Outputs**
26
32
Exposes the old and new version numbers, and the type of change (major, minor, patch, etc.) as variables that you can use in your workflow.
27
33
28
34
## Usage
@@ -35,78 +41,6 @@ This package can be used three different ways:
35
41
36
42
- 🖥 A [**CLI**](#command-line-interface) that you run in your terminal
37
43
38
-
## v2 Migration Guide
39
-
40
-
The v1 to v2 upgrade brought a few notable **breaking changes**. To migrate, make the following updates:
41
-
42
-
- The `type` output is now an empty string instead of `'none'` when no release occurs
43
-
```diff
44
-
- run: echo "Version changed!"
45
-
- if: ${{ steps.publish.outputs.type != 'none' }}
46
-
+ if: ${{ steps.publish.outputs.type }}
47
-
```
48
-
- The `--ignore-scripts` option is now passed to `npm publish` as a security precaution. If you define any publish lifecycle scripts - `prepublishOnly`, `prepack`, `prepare`, `postpack`, `publish`, `postpublish` - run them explicitly or set the `ignore-scripts` input to `false`.
49
-
```diff
50
-
with:
51
-
token: ${{ secrets.NPM_TOKEN }}
52
-
+ ignore-scripts: false
53
-
```
54
-
- The workflow's `.npmrc` file is no longer modified. If you have any workarounds to adjust for this misbehavior - for example, if you're using `actions/setup-node` to configure `.npmrc` - you should remove them.
55
-
56
-
```diff
57
-
- uses: actions/setup-node@v3
58
-
with:
59
-
node-version: '18'
60
-
registry-url: https://registry.npmjs.org/
61
-
62
-
- uses: JS-DevTools/npm-publish@v1
63
-
with:
64
-
token: ${{ secrets.NPM_TOKEN }}
65
-
66
-
- name: Do some more stuff with npm
67
-
run: npm whoami
68
-
env:
69
-
- INPUT_TOKEN: ${{ secrets.NPM_TOKEN }}
70
-
+ NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
71
-
```
72
-
73
-
- The `check-version` and `greater-version-only` options have been removed and replaced with `strategy`.
74
-
- Use `strategy: all` (default) to publish all versions that do not yet exist in the registry.
75
-
```diff
76
-
with:
77
-
token: ${{ secrets.NPM_TOKEN }}
78
-
- check-version: true
79
-
- greater-version-only: false
80
-
+ strategy: all
81
-
```
82
-
- Use `strategy: upgrade` to only publish versions that upgrade the selected tag.
83
-
```diff
84
-
with:
85
-
token: ${{ secrets.NPM_TOKEN }}
86
-
- check-version: true
87
-
- greater-version-only: true
88
-
+ strategy: upgrade
89
-
```
90
-
- `check-version: false` has been removed. You may not need this action if you're not checking already published versions; [you can `npm` directly][publishing-nodejs-packages], instead.
91
-
```diff
92
-
- - uses: JS-DevTools/npm-publish@v1
93
-
- with:
94
-
- token: ${{ secrets.NPM_TOKEN }}
95
-
- check-version: false
96
-
+ - uses: actions/setup-node@v3
97
-
+ with:
98
-
+ node-version: '18'
99
-
+ registry-url: https://registry.npmjs.org/
100
-
+ - run: npm publish
101
-
+ env:
102
-
+ NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
103
-
```
104
-
105
-
See the [change log][] for more details and other changes in the v2 release.
To use the GitHub Action, you'll need to add it as a step in your [workflow file][]. By default, the only thing you need to do is set the `token` parameter to your [npm authentication token][].
@@ -120,13 +54,13 @@ jobs:
120
54
publish:
121
55
runs-on: ubuntu-latest
122
56
steps:
123
-
- uses: actions/checkout@v3
57
+
- uses: actions/checkout@v4
124
58
- uses: actions/setup-node@v3
125
59
with:
126
-
node-version: "18"
60
+
node-version: "20"
127
61
- run: npm ci
128
62
- run: npm test
129
-
- uses: JS-DevTools/npm-publish@v2
63
+
- uses: JS-DevTools/npm-publish@v3
130
64
with:
131
65
token: ${{ secrets.NPM_TOKEN }}
132
66
```
@@ -145,13 +79,13 @@ jobs:
145
79
contents: read
146
80
packages: write # allow GITHUB_TOKEN to publish packages
npm-publish exposes some output variables, which you can use in later steps of your workflow. To access the output variables, you'll need to set an `id` for the npm-publish step.
123
+
npm-publish exposes several output variables, which you can use in later steps of your workflow if you provide an `id` for the npm-publish step.
As shown in the example above, you should pass an options object to the `npmPublish` function. In TypeScript, the `Options` interface is available as an import.
238
172
@@ -257,7 +191,7 @@ import type { Options } from "@jsdevtools/npm-publish";
257
191
1. May be specified using `publishConfig` in `package.json`.
258
192
2. Provenance requires npm `>=9.5.0`.
259
193
260
-
### Output
194
+
### API output
261
195
262
196
The `npmPublish()` function returns a promise of a `Results` object. In TypeScript, the `Results` interface is available as an import.
Run `npm-publish --help` to see the full list of options available.
303
237
304
-
```
238
+
```text
305
239
Usage:
306
240
307
241
npm-publish <options> [package]
@@ -346,6 +280,116 @@ Examples:
346
280
$ npm-publish --token abc123 ./my-package
347
281
```
348
282
283
+
## Migration guides
284
+
285
+
Major releases of the action and libraries may contain breaking changes, documented here.
286
+
For more detailed change logs, see [releases][].
287
+
288
+
### v2 to v3
289
+
290
+
The v3 release does not require any changes to how you use `npm-publish` from `v2`. The version of Node.js used by the action was updated to v20 due to GitHub Action's [deprecation of Node.js v16][node16-deprecation]. The minimum required version of Node.js for the library and CLI remains v16.
The v2 release made several breaking changes to inputs, outputs, and behaviors that were present in `v1`. The examples below focus on the action, but the same changes are applicable to the library and CLI, too.
297
+
298
+
#### v2 option changes
299
+
300
+
The `check-version` and `greater-version-only` boolean options were replaced with the `strategy` option:
301
+
302
+
- `strategy: all` (default) will publish any version that does not yet exist in the registry
303
+
- `strategy: upgrade` will publish only if the version is a semver upgrade of the requested `dist-tag`
304
+
305
+
```diff
306
+
with:
307
+
token: ${{ secrets.NPM_TOKEN }}
308
+
- check-version: true
309
+
- greater-version-only: false
310
+
+ strategy: all
311
+
312
+
with:
313
+
token: ${{ secrets.NPM_TOKEN }}
314
+
- check-version: true
315
+
- greater-version-only: true
316
+
+ strategy: upgrade
317
+
```
318
+
319
+
`check-version: false` has been removed. If you only need to publish, without first checking whether the version exists in the registry, you can [use `npm` directly][publishing-nodejs-packages] instead:
The `type` output is now an empty string instead of `'none'` when no release occurs
341
+
342
+
```diff
343
+
- run: echo "Version changed!"
344
+
- if: ${{ steps.publish.outputs.type != 'none' }}
345
+
+ if: ${{ steps.publish.outputs.type }}
346
+
```
347
+
348
+
#### v2 behavior changes
349
+
350
+
The `--ignore-scripts` option is now passed to `npm publish` as a security precaution. If you define any publish lifecycle scripts - `prepublishOnly`, `prepack`, `prepare`, `postpack`, `publish`, `postpublish` - we recommend you run that logic as a separate explicit build step.
351
+
352
+
```diff
353
+
+ - run: npm run build
354
+
355
+
- - uses: JS-DevTools/npm-publish@v1
356
+
+ - uses: JS-DevTools/npm-publish@v3
357
+
with:
358
+
token: ${{ secrets.NPM_TOKEN }}
359
+
```
360
+
361
+
If you can't change your build, you can set the `ignore-scripts` input to `false` as a workaround. Be aware that failures during a lifecycle script can be difficult to debug, and any `stdout`/`stderr` output from your build script could interfere with how `npm-publish` interprets results from the `npm` CLI.
362
+
363
+
```diff
364
+
- - uses: JS-DevTools/npm-publish@v1
365
+
+ - uses: JS-DevTools/npm-publish@v3
366
+
with:
367
+
token: ${{ secrets.NPM_TOKEN }}
368
+
+ ignore-scripts: false
369
+
```
370
+
371
+
The global `.npmrc` file is no longer read nor modified. This means the `token` option is now required for the library and CLI. (It was already required for the action.) You may have workarounds in place referencing `INPUT_TOKEN`, which v1 [erroneously wrote][#15] to `.npmrc`. These workarounds should be removed.
0 commit comments