From 237c4298097dda13db00d59996380b2d8d8a0e82 Mon Sep 17 00:00:00 2001 From: amittell Date: Wed, 1 Apr 2026 19:14:03 -0400 Subject: [PATCH] ci: add publish-on-tag workflow Triggers on v* tags. Runs lint + test, verifies tag matches package.json version, publishes to npm with provenance, and creates a GitHub release with auto-generated notes. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/publish.yml | 49 +++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 0000000..d384872 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,49 @@ +name: Publish to npm + +on: + push: + tags: ['v*'] + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v5 + - uses: actions/setup-node@v5 + with: + node-version: '22' + cache: npm + - run: npm ci + - run: npm run lint + - run: npm test + + publish: + needs: test + runs-on: ubuntu-latest + permissions: + contents: write + id-token: write + steps: + - uses: actions/checkout@v5 + - uses: actions/setup-node@v5 + with: + node-version: '22' + cache: npm + registry-url: 'https://registry.npmjs.org' + - run: npm ci + - name: Verify tag matches package.json version + env: + TAG_REF: ${{ github.ref_name }} + run: | + TAG_VERSION="${TAG_REF#v}" + PKG_VERSION=$(node -p "require('./package.json').version") + if [ "$TAG_VERSION" != "$PKG_VERSION" ]; then + echo "Tag $TAG_VERSION does not match package.json version $PKG_VERSION" + exit 1 + fi + - run: npm publish --provenance --access public + - name: Create GitHub release + env: + GH_TOKEN: ${{ github.token }} + TAG_REF: ${{ github.ref_name }} + run: gh release create "$TAG_REF" --generate-notes