diff --git a/.github/workflows/release.md b/.github/workflows/release.md index 292419b..67c578b 100644 --- a/.github/workflows/release.md +++ b/.github/workflows/release.md @@ -52,12 +52,9 @@ jobs: id-token: write packages: write secrets: - # GitHub token to use for authentication. + # GitHub token to use when downloading the package tarball artifact. # Defaults to `GITHUB_TOKEN` if not provided. github-token: "" - - # Authentication token for the package registry. - registry-token: "" with: # JSON array of runner(s) to use. # See https://docs.github.com/en/actions/using-jobs/choosing-the-runner-for-a-job. @@ -77,16 +74,19 @@ jobs: # Default: `public` access: public - # npm distribution tag for the published package. + # npm distribution tag for the published package. Leave empty to use npm defaults. # Common values: # - `latest` - Default tag for stable releases # - `next` - Prerelease or beta versions # - `canary` - Canary/nightly builds # + # If omitted for a pushed Git tag, the workflow tries to reuse the Git tag + # as the npm dist-tag unless it looks like a version tag such as `v1.2.3`. + # # See https://docs.npmjs.com/adding-dist-tags-to-packages. # - # Default: `latest` - tag: latest + # Default: `""` + tag: "" # Whether to generate npm provenance for npmjs.org publishes. # Default: `true` @@ -113,12 +113,15 @@ jobs: | **`package-tarball-artifact-id`** | Artifact ID of the package tarball produced by CI. | **true** | **string** | - | | **`registry-url`** | Registry URL used by npm publish. | **false** | **string** | `https://registry.npmjs.org` | | **`access`** | Package access level passed to npm publish. Leave empty to use npm defaults. | **false** | **string** | `public` | -| **`tag`** | npm distribution tag for the published package. | **false** | **string** | `latest` | +| **`tag`** | npm distribution tag for the published package. Leave empty to use npm defaults. | **false** | **string** | `""` | | | Common values: | | | | | | - `latest` - Default tag for stable releases | | | | | | - `next` - Prerelease or beta versions | | | | | | - `canary` - Canary/nightly builds | | | | | | | | | | +| | If omitted for a pushed Git tag, the workflow tries to reuse the Git tag as the | | | | +| | npm dist-tag unless it looks like a version tag such as `v1.2.3`. | | | | +| | | | | | | | See . | | | | | **`provenance`** | Whether to generate npm provenance for npmjs.org publishes. | **false** | **boolean** | `true` | | **`dry-run`** | Whether to run npm publish without publishing the package. | **false** | **boolean** | `false` | @@ -131,11 +134,10 @@ jobs: ## Secrets -| **Secret** | **Description** | **Required** | -| -------------------- | ---------------------------------------------- | ------------ | -| **`github-token`** | GitHub token to use for authentication. | **false** | -| | Defaults to `GITHUB_TOKEN` if not provided. | | -| **`registry-token`** | Authentication token for the package registry. | **false** | +| **Secret** | **Description** | **Required** | +| ------------------ | ------------------------------------------------------------------ | ------------ | +| **`github-token`** | GitHub token to use when downloading the package tarball artifact. | **false** | +| | Defaults to `GITHUB_TOKEN` if not provided. | | @@ -173,8 +175,6 @@ jobs: contents: read packages: write id-token: write - secrets: - registry-token: ${{ secrets.NPM_TOKEN }} with: package-tarball-artifact-id: ${{ needs.ci.outputs.package-tarball-artifact-id }} ``` diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fbf2d53..bf75c65 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,16 +28,19 @@ on: default: "public" tag: description: | - npm distribution tag for the published package. + npm distribution tag for the published package. Leave empty to use npm defaults. Common values: - `latest` - Default tag for stable releases - `next` - Prerelease or beta versions - `canary` - Canary/nightly builds + If omitted for a pushed Git tag, the workflow tries to reuse the Git tag + as the npm dist-tag unless it looks like a version tag such as `v1.2.3`. + See https://docs.npmjs.com/adding-dist-tags-to-packages. type: string required: false - default: "latest" + default: "" provenance: description: "Whether to generate npm provenance for npmjs.org publishes." type: boolean @@ -51,12 +54,9 @@ on: secrets: github-token: description: | - GitHub token to use for authentication. + GitHub token to use when downloading the package tarball artifact. Defaults to `GITHUB_TOKEN` if not provided. required: false - registry-token: - description: "Authentication token for the package registry." - required: false permissions: {} @@ -131,10 +131,14 @@ jobs: - name: Publish package uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 env: - NODE_AUTH_TOKEN: ${{ secrets.registry-token }} PACKAGE_TARBALL_PATH: ${{ steps.package-tarball.outputs.path }} ACCESS: ${{ inputs.access }} TAG: ${{ inputs.tag }} + GITHUB_EVENT_NAME: ${{ github.event_name }} + GITHUB_EVENT_REF: ${{ github.event.ref }} + GITHUB_REF: ${{ github.ref }} + GITHUB_REF_NAME: ${{ github.ref_name }} + GITHUB_REF_TYPE: ${{ github.ref_type }} PROVENANCE: ${{ inputs.provenance }} DRY_RUN: ${{ inputs.dry-run }} REGISTRY_URL: ${{ inputs.registry-url }} @@ -144,11 +148,31 @@ jobs: const packageTarballPath = process.env.PACKAGE_TARBALL_PATH; const access = process.env.ACCESS.trim(); - const tag = process.env.TAG.trim(); + const inputTag = process.env.TAG.trim(); + const eventName = process.env.GITHUB_EVENT_NAME ?? ''; + const eventRef = process.env.GITHUB_EVENT_REF ?? ''; + const gitRef = process.env.GITHUB_REF ?? ''; + const gitRefName = process.env.GITHUB_REF_NAME ?? ''; + const gitRefType = process.env.GITHUB_REF_TYPE ?? ''; const registryUrl = process.env.REGISTRY_URL; const dryRun = process.env.DRY_RUN === 'true'; const provenance = process.env.PROVENANCE === 'true'; + let tag = inputTag; + + if (!tag) { + const isPushTagEvent = eventName === 'push' && gitRefType === 'tag' && gitRef.startsWith('refs/tags/'); + const hasPushTagRef = eventRef.startsWith('refs/tags/'); + const canReuseGitTag = gitRefName && !/^(?:v)?\d/.test(gitRefName); + + if ((isPushTagEvent || hasPushTagRef) && canReuseGitTag) { + tag = gitRefName; + core.info(`No npm dist-tag input provided. Using Git tag "${tag}" as npm dist-tag.`); + } else if ((isPushTagEvent || hasPushTagRef) && gitRefName) { + core.info(`No npm dist-tag input provided. Git tag "${gitRefName}" looks like a version tag, so npm will use its default dist-tag.`); + } + } + const args = ['publish', packageTarballPath]; if (access) {