Skip to content

Commit 6fd3bc8

Browse files
authoredOct 18, 2023
fix!(action): update runtime to Node.js v20 (#150)
BREAKING CHANGE: action will now run on Node.js v20
1 parent 7f426c9 commit 6fd3bc8

File tree

5 files changed

+663
-674
lines changed

5 files changed

+663
-674
lines changed
 

‎.github/workflows/ci-cd.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@ jobs:
7474
- name: Install Node.js
7575
uses: actions/setup-node@v3
7676
with:
77-
node-version: "18"
77+
node-version: "20"
7878
cache: npm
7979

8080
- name: Install development dependencies

‎README.md

+143-101
Original file line numberDiff line numberDiff line change
@@ -6,23 +6,29 @@
66
[![License](https://img.shields.io/npm/l/@jsdevtools/npm-publish.svg)](LICENSE)
77
[![Buy us a tree](https://img.shields.io/badge/Treeware-%F0%9F%8C%B3-lightgreen)](https://plant.treeware.earth/JS-DevTools/npm-publish)
88

9-
Publish your packages to npm automatically in GitHub Actions by updating the version number.
9+
Publish packages to npm automatically in GitHub Actions by updating the version number.
10+
11+
- [Change log][releases]
12+
- [v2 to v3 migration guide](#v2-to-v3)
13+
- [v1 to v3 migration guide](#v1-to-v3)
14+
15+
[releases]: https://github.com/JS-DevTools/npm-publis/releases
1016

1117
## Features
1218

13-
- 🧠 **Smart**<br>
19+
- 🧠 **Smart**
1420
Only publishes if the version number in `package.json` differs from the latest on npm.
1521

16-
- 🛠 **Configurable**<br>
22+
- 🛠 **Configurable**
1723
Customize the version-checking behavior, the registry URL, and path of your package.
1824

19-
- 🔐 **Secure**<br>
20-
Keeps your npm authentication token secret. Doesn't read from or write to `~/.npmrc`.
25+
- 🔐 **Secure**
26+
Keeps your npm authentication token secret. Doesn't read nor write to `~/.npmrc`.
2127

22-
-**Fast**<br>
28+
-**Fast**
2329
100% JavaScript (which is faster than Docker) and bundled to optimize loading time.
2430

25-
- 📤 **Outputs**<br>
31+
- 📤 **Outputs**
2632
Exposes the old and new version numbers, and the type of change (major, minor, patch, etc.) as variables that you can use in your workflow.
2733

2834
## Usage
@@ -35,78 +41,6 @@ This package can be used three different ways:
3541

3642
- 🖥 A [**CLI**](#command-line-interface) that you run in your terminal
3743

38-
## v2 Migration Guide
39-
40-
The v1 to v2 upgrade brought a few notable **breaking changes**. To migrate, make the following updates:
41-
42-
- The `type` output is now an empty string instead of `'none'` when no release occurs
43-
```diff
44-
- run: echo "Version changed!"
45-
- if: ${{ steps.publish.outputs.type != 'none' }}
46-
+ if: ${{ steps.publish.outputs.type }}
47-
```
48-
- The `--ignore-scripts` option is now passed to `npm publish` as a security precaution. If you define any publish lifecycle scripts - `prepublishOnly`, `prepack`, `prepare`, `postpack`, `publish`, `postpublish` - run them explicitly or set the `ignore-scripts` input to `false`.
49-
```diff
50-
with:
51-
token: ${{ secrets.NPM_TOKEN }}
52-
+ ignore-scripts: false
53-
```
54-
- The workflow's `.npmrc` file is no longer modified. If you have any workarounds to adjust for this misbehavior - for example, if you're using `actions/setup-node` to configure `.npmrc` - you should remove them.
55-
56-
```diff
57-
- uses: actions/setup-node@v3
58-
with:
59-
node-version: '18'
60-
registry-url: https://registry.npmjs.org/
61-
62-
- uses: JS-DevTools/npm-publish@v1
63-
with:
64-
token: ${{ secrets.NPM_TOKEN }}
65-
66-
- name: Do some more stuff with npm
67-
run: npm whoami
68-
env:
69-
- INPUT_TOKEN: ${{ secrets.NPM_TOKEN }}
70-
+ NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
71-
```
72-
73-
- The `check-version` and `greater-version-only` options have been removed and replaced with `strategy`.
74-
- Use `strategy: all` (default) to publish all versions that do not yet exist in the registry.
75-
```diff
76-
with:
77-
token: ${{ secrets.NPM_TOKEN }}
78-
- check-version: true
79-
- greater-version-only: false
80-
+ strategy: all
81-
```
82-
- Use `strategy: upgrade` to only publish versions that upgrade the selected tag.
83-
```diff
84-
with:
85-
token: ${{ secrets.NPM_TOKEN }}
86-
- check-version: true
87-
- greater-version-only: true
88-
+ strategy: upgrade
89-
```
90-
- `check-version: false` has been removed. You may not need this action if you're not checking already published versions; [you can `npm` directly][publishing-nodejs-packages], instead.
91-
```diff
92-
- - uses: JS-DevTools/npm-publish@v1
93-
- with:
94-
- token: ${{ secrets.NPM_TOKEN }}
95-
- check-version: false
96-
+ - uses: actions/setup-node@v3
97-
+ with:
98-
+ node-version: '18'
99-
+ registry-url: https://registry.npmjs.org/
100-
+ - run: npm publish
101-
+ env:
102-
+ NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
103-
```
104-
105-
See the [change log][] for more details and other changes in the v2 release.
106-
107-
[publishing-nodejs-packages]: https://docs.github.com/actions/publishing-packages/publishing-nodejs-packages
108-
[change log]: https://github.com/JS-DevTools/npm-publish/releases
109-
11044
## GitHub Action
11145

11246
To use the GitHub Action, you'll need to add it as a step in your [workflow file][]. By default, the only thing you need to do is set the `token` parameter to your [npm authentication token][].
@@ -120,13 +54,13 @@ jobs:
12054
publish:
12155
runs-on: ubuntu-latest
12256
steps:
123-
- uses: actions/checkout@v3
57+
- uses: actions/checkout@v4
12458
- uses: actions/setup-node@v3
12559
with:
126-
node-version: "18"
60+
node-version: "20"
12761
- run: npm ci
12862
- run: npm test
129-
- uses: JS-DevTools/npm-publish@v2
63+
- uses: JS-DevTools/npm-publish@v3
13064
with:
13165
token: ${{ secrets.NPM_TOKEN }}
13266
```
@@ -145,13 +79,13 @@ jobs:
14579
contents: read
14680
packages: write # allow GITHUB_TOKEN to publish packages
14781
steps:
148-
- uses: actions/checkout@v3
82+
- uses: actions/checkout@v4
14983
- uses: actions/setup-node@v3
15084
with:
151-
node-version: "18"
85+
node-version: "20"
15286
- run: npm ci
15387
- run: npm test
154-
- uses: JS-DevTools/npm-publish@v2
88+
- uses: JS-DevTools/npm-publish@v3
15589
with:
15690
token: ${{ secrets.GITHUB_TOKEN }}
15791
registry: "https://npm.pkg.github.com"
@@ -161,7 +95,7 @@ jobs:
16195
[npm authentication token]: https://docs.npmjs.com/creating-and-viewing-authentication-tokens
16296
[GitHub Package Registry]: https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-npm-registry
16397

164-
### Usage
98+
### Action usage
16599

166100
You can set any or all of the following input parameters using `with`:
167101

@@ -184,19 +118,19 @@ You can set any or all of the following input parameters using `with`:
184118
[npm-access]: https://docs.npmjs.com/cli/v9/commands/npm-publish#access
185119
[provenance]: https://docs.npmjs.com/generating-provenance-statements
186120

187-
### Output
121+
### Action output
188122

189-
npm-publish exposes some output variables, which you can use in later steps of your workflow. To access the output variables, you'll need to set an `id` for the npm-publish step.
123+
npm-publish exposes several output variables, which you can use in later steps of your workflow if you provide an `id` for the npm-publish step.
190124

191-
```yaml
192-
steps:
193-
- id: publish
194-
uses: JS-DevTools/npm-publish@v2
195-
with:
196-
token: ${{ secrets.NPM_TOKEN }}
125+
```diff
126+
steps:
127+
- uses: JS-DevTools/npm-publish@v3
128+
+ id: publish
129+
with:
130+
token: ${{ secrets.NPM_TOKEN }}
197131
198-
- if: ${{ steps.publish.outputs.type }}
199-
run: echo "Version changed!"
132+
+ - if: ${{ steps.publish.outputs.type }}
133+
+ run: echo "Version changed!"
200134
```
201135

202136
| Name | Type | Description |
@@ -232,7 +166,7 @@ await npmPublish({ token: "YOUR_NPM_AUTH_TOKEN_HERE" });
232166

233167
[npm]: https://docs.npmjs.com/about-npm/
234168

235-
### Usage
169+
### API usage
236170

237171
As shown in the example above, you should pass an options object to the `npmPublish` function. In TypeScript, the `Options` interface is available as an import.
238172

@@ -257,7 +191,7 @@ import type { Options } from "@jsdevtools/npm-publish";
257191
1. May be specified using `publishConfig` in `package.json`.
258192
2. Provenance requires npm `>=9.5.0`.
259193

260-
### Output
194+
### API output
261195

262196
The `npmPublish()` function returns a promise of a `Results` object. In TypeScript, the `Results` interface is available as an import.
263197

@@ -301,7 +235,7 @@ npx npm-publish --token YOUR_NPM_AUTH_TOKEN_HERE --registry http://example.com .
301235

302236
Run `npm-publish --help` to see the full list of options available.
303237

304-
```
238+
```text
305239
Usage:
306240
307241
npm-publish <options> [package]
@@ -346,6 +280,116 @@ Examples:
346280
$ npm-publish --token abc123 ./my-package
347281
```
348282

283+
## Migration guides
284+
285+
Major releases of the action and libraries may contain breaking changes, documented here.
286+
For more detailed change logs, see [releases][].
287+
288+
### v2 to v3
289+
290+
The v3 release does not require any changes to how you use `npm-publish` from `v2`. The version of Node.js used by the action was updated to v20 due to GitHub Action's [deprecation of Node.js v16][node16-deprecation]. The minimum required version of Node.js for the library and CLI remains v16.
291+
292+
[node16-deprecation]: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/
293+
294+
### v1 to v3
295+
296+
The v2 release made several breaking changes to inputs, outputs, and behaviors that were present in `v1`. The examples below focus on the action, but the same changes are applicable to the library and CLI, too.
297+
298+
#### v2 option changes
299+
300+
The `check-version` and `greater-version-only` boolean options were replaced with the `strategy` option:
301+
302+
- `strategy: all` (default) will publish any version that does not yet exist in the registry
303+
- `strategy: upgrade` will publish only if the version is a semver upgrade of the requested `dist-tag`
304+
305+
```diff
306+
with:
307+
token: ${{ secrets.NPM_TOKEN }}
308+
- check-version: true
309+
- greater-version-only: false
310+
+ strategy: all
311+
312+
with:
313+
token: ${{ secrets.NPM_TOKEN }}
314+
- check-version: true
315+
- greater-version-only: true
316+
+ strategy: upgrade
317+
```
318+
319+
`check-version: false` has been removed. If you only need to publish, without first checking whether the version exists in the registry, you can [use `npm` directly][publishing-nodejs-packages] instead:
320+
321+
```diff
322+
- uses: actions/setup-node@v3
323+
with:
324+
node-version: '18'
325+
+ registry-url: https://registry.npmjs.org/
326+
327+
- - uses: JS-DevTools/npm-publish@v1
328+
- with:
329+
- token: ${{ secrets.NPM_TOKEN }}
330+
- check-version: false
331+
+ - run: npm publish
332+
+ env:
333+
+ NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
334+
```
335+
336+
[publishing-nodejs-packages]: https://docs.github.com/actions/publishing-packages/publishing-nodejs-packages
337+
338+
#### v2 output changes
339+
340+
The `type` output is now an empty string instead of `'none'` when no release occurs
341+
342+
```diff
343+
- run: echo "Version changed!"
344+
- if: ${{ steps.publish.outputs.type != 'none' }}
345+
+ if: ${{ steps.publish.outputs.type }}
346+
```
347+
348+
#### v2 behavior changes
349+
350+
The `--ignore-scripts` option is now passed to `npm publish` as a security precaution. If you define any publish lifecycle scripts - `prepublishOnly`, `prepack`, `prepare`, `postpack`, `publish`, `postpublish` - we recommend you run that logic as a separate explicit build step.
351+
352+
```diff
353+
+ - run: npm run build
354+
355+
- - uses: JS-DevTools/npm-publish@v1
356+
+ - uses: JS-DevTools/npm-publish@v3
357+
with:
358+
token: ${{ secrets.NPM_TOKEN }}
359+
```
360+
361+
If you can't change your build, you can set the `ignore-scripts` input to `false` as a workaround. Be aware that failures during a lifecycle script can be difficult to debug, and any `stdout`/`stderr` output from your build script could interfere with how `npm-publish` interprets results from the `npm` CLI.
362+
363+
```diff
364+
- - uses: JS-DevTools/npm-publish@v1
365+
+ - uses: JS-DevTools/npm-publish@v3
366+
with:
367+
token: ${{ secrets.NPM_TOKEN }}
368+
+ ignore-scripts: false
369+
```
370+
371+
The global `.npmrc` file is no longer read nor modified. This means the `token` option is now required for the library and CLI. (It was already required for the action.) You may have workarounds in place referencing `INPUT_TOKEN`, which v1 [erroneously wrote][#15] to `.npmrc`. These workarounds should be removed.
372+
373+
```diff
374+
- uses: actions/setup-node@v3
375+
with:
376+
node-version: '18'
377+
registry-url: https://registry.npmjs.org/
378+
379+
- - uses: JS-DevTools/npm-publish@v1
380+
+ - uses: JS-DevTools/npm-publish@v3
381+
with:
382+
token: ${{ secrets.NPM_TOKEN }}
383+
384+
- name: Do some more stuff with npm
385+
run: npm whoami
386+
env:
387+
- INPUT_TOKEN: ${{ secrets.NPM_TOKEN }}
388+
+ NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
389+
```
390+
391+
[#15]: https://github.com/JS-DevTools/npm-publish/issues/15
392+
349393
## License
350394

351395
npm-publish is 100% free and open-source, under the [MIT license](LICENSE). Use it however you want.
@@ -359,5 +403,3 @@ Thanks to these awesome companies for their support of Open Source developers
359403
[![GitHub](https://jstools.dev/img/badges/github.svg)](https://github.com/open-source)
360404
[![NPM](https://jstools.dev/img/badges/npm.svg)](https://www.npmjs.com/)
361405
[![Coveralls](https://jstools.dev/img/badges/coveralls.svg)](https://coveralls.io)
362-
[![Travis CI](https://jstools.dev/img/badges/travis-ci.svg)](https://travis-ci.com)
363-
[![SauceLabs](https://jstools.dev/img/badges/sauce-labs.svg)](https://saucelabs.com)

‎action.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -92,5 +92,5 @@ outputs:
9292
If not configured for a scoped package, will be "default".
9393
9494
runs:
95-
using: node16
95+
using: node20
9696
main: action.js

0 commit comments

Comments
 (0)
Failed to load comments.