From e5ce1de72a322f5aaae9809aca3409ea02ebfaa1 Mon Sep 17 00:00:00 2001
From: Ugo <ugo.mignon@iex.ec>
Date: Fri, 7 Mar 2025 10:46:12 +0100
Subject: [PATCH] feat(publish-npm): enhance additional inputs

---
 .github/workflows/publish-npm.yml | 72 +++++++++++++++++++++++++++
 README.md                         |  5 +-
 publish-npm/CHANGELOG.md          |  0
 publish-npm/README.md             | 83 +++++++++++++++++++++++++++++++
 publish-npm/version.txt           |  0
 5 files changed, 159 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/publish-npm.yml
 create mode 100644 publish-npm/CHANGELOG.md
 create mode 100644 publish-npm/README.md
 create mode 100644 publish-npm/version.txt

diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml
new file mode 100644
index 0000000..cda97a9
--- /dev/null
+++ b/.github/workflows/publish-npm.yml
@@ -0,0 +1,72 @@
+name: Publish Package NPM
+on:
+  workflow_call:
+    inputs:
+      scope:
+        description: 'NPM package scope (e.g., @iExecBlockchainComputing)'
+        required: true
+        type: string
+      node-version:
+        description: 'Node.js version to use'
+        required: false
+        default: '20'
+        type: string
+      registry:
+        description: 'NPM registry URL'
+        required: false
+        default: 'https://registry.npmjs.org'
+        type: string
+      access:
+        description: 'Package access level (public/restricted)'
+        required: false
+        default: 'public'
+        type: string
+      provenance:
+        description: 'Enable npm provenance'
+        required: false
+        default: true
+        type: boolean
+      install-command:
+        description: 'Command to install dependencies'
+        required: false
+        default: 'npm install'
+        type: string
+      environment:
+        description: 'GitHub environment to use for deployment'
+        required: false
+        default: 'production'
+        type: string
+    secrets:
+      npm-token:
+        description: 'NPM token for authentication'
+        required: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: ${{ inputs.node-version }}
+          registry-url: ${{ inputs.registry }}
+          scope: ${{ inputs.scope }}
+
+      - name: Install dependencies
+        run: ${{ inputs.install-command }}
+
+      - name: Publish package
+        run: |
+          if [ "${{ inputs.provenance }}" = "true" ]; then
+            npm publish --access ${{ inputs.access }} --provenance
+          else
+            npm publish --access ${{ inputs.access }}
+          fi
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.npm-token }}
\ No newline at end of file
diff --git a/README.md b/README.md
index 37fa946..fad9696 100644
--- a/README.md
+++ b/README.md
@@ -8,4 +8,7 @@ This repository contains a reusable workflow for iExec. It is a monorepo that co
 This workflow builds a Docker image from a Dockerfile. It is a reusable workflow that can be used in other workflows.
 
 ### [Release Please](./release-please)
-This workflow uses the [release-please-action](https://github.com/googleapis/release-please-action) to automate the release of a project.
\ No newline at end of file
+This workflow uses the [release-please-action](https://github.com/googleapis/release-please-action) to automate the release of a project.
+
+### [Publish NPM Package](./publish-npm)
+This workflow publishes an NPM package to the NPM registry.
\ No newline at end of file
diff --git a/publish-npm/CHANGELOG.md b/publish-npm/CHANGELOG.md
new file mode 100644
index 0000000..e69de29
diff --git a/publish-npm/README.md b/publish-npm/README.md
new file mode 100644
index 0000000..da7e537
--- /dev/null
+++ b/publish-npm/README.md
@@ -0,0 +1,83 @@
+# Publish Package NPM - Reusable Workflow Documentation
+
+## Overview
+
+This reusable GitHub Actions workflow automates the process of publishing an NPM package. It is configurable via inputs for the package scope, Node.js version, and registry URL. The workflow performs the following actions:
+
+- Checks out your repository code.
+- Sets up Node.js and configures the `.npmrc` file.
+- Installs package dependencies using `npm ci`.
+- Publishes the package with provenance and public access using `npm publish`.
+
+## Detailed Explanation
+
+### Triggering the Workflow
+
+- **`on: workflow_call`**  
+  This setting makes the workflow reusable, allowing it to be invoked by other workflows. Inputs can be passed during the call.
+
+### Workflow Inputs
+
+- **`scope`**
+    - **Description:** Defines the NPM package scope (e.g., `@iExecBlockchainComputing`).
+    - **Required:** Yes.
+
+- **`node-version`**
+    - **Description:** Specifies the version of Node.js to use.
+    - **Default:** `20`
+    - **Required:** No.
+
+- **`registry-url`**
+    - **Description:** URL of the NPM registry.
+    - **Default:** `https://registry.npmjs.org`
+    - **Required:** No.
+
+### Job and Steps
+
+- **Job Name (`build`):**
+    - Runs on `ubuntu-latest`.
+    - **Permissions:**
+        - `contents: read` – to access repository contents.
+        - `packages: write` – to allow package publication.
+
+- **Steps:**
+    - **Checkout Repository:**  
+      Uses `actions/checkout@v4` to retrieve your code.
+
+    - **Setup Node.js:**  
+      Uses `actions/setup-node@v4` to configure Node.js. This step also sets up the `.npmrc` file with the provided registry URL and scope.
+
+    - **Install Dependencies:**  
+      Executes `npm ci` to install dependencies from the `package-lock.json` file.
+
+    - **Publish Package:**  
+      Executes `npm publish --provenance --access public` to publish the package.
+        - The `NODE_AUTH_TOKEN` environment variable is set from `${{ secrets.NPM_TOKEN }}` for authentication.
+
+## How to Use This Reusable Workflow
+
+1. **Save the Workflow File:**  
+   Place this YAML file (e.g., `publish-npm.yml`) in the `.github/workflows/` directory of your repository.
+
+2. **Call the Reusable Workflow:**  
+   In another workflow file (for example, triggered by a release), invoke this reusable workflow as follows:
+
+   ```yaml
+   name: Call Publish Package NPM Workflow
+   on:
+     release:
+       types: [published]
+
+   jobs:
+     publish:
+       uses: your-org/your-repo/.github/workflows/publish-npm.yml@main
+       with:
+         scope: '@iExecBlockchainComputing'
+         node-version: '20'
+         registry-url: 'https://registry.npmjs.org'
+       secrets:
+         NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+   ```
+
+3. **Configure Secrets:**  
+   Ensure that the `NPM_TOKEN` secret is added to your repository's settings. This token is required to authenticate with the NPM registry during publishing.
diff --git a/publish-npm/version.txt b/publish-npm/version.txt
new file mode 100644
index 0000000..e69de29