ci: Update release workflow tokens and permissions (#21) #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - main | |
| name: release-please | |
| jobs: | |
| release-please: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # Write to "contents" is needed to create a release | |
| contents: write | |
| # Write to pull-requests is needed to create and update the release PR | |
| pull-requests: write | |
| steps: | |
| # Create/update release PR | |
| - uses: googleapis/release-please-action@v4 | |
| id: release | |
| with: | |
| release-type: node | |
| # The logic below handles npm publication. Each step is conditional on a | |
| # release having been created by someone merging the release PR. | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: refs/tags/${{ steps.release.outputs.tag_name }} | |
| persist-credentials: false | |
| if: ${{ steps.release.outputs.release_created }} | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| registry-url: 'https://registry.npmjs.org' | |
| if: ${{ steps.release.outputs.release_created }} | |
| - run: npm ci | |
| if: ${{ steps.release.outputs.release_created }} | |
| - run: npm publish | |
| env: | |
| NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} | |
| if: ${{ steps.release.outputs.release_created }} | |
| - run: npm pack | |
| if: ${{ steps.release.outputs.release_created }} | |
| - name: Attach files to release | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh release upload --clobber "${{ steps.release.outputs.tag_name }}" trace-anything-*.tgz | |
| if: ${{ steps.release.outputs.release_created }} |