diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml index be8c3ef..6dcda9e 100644 --- a/.github/workflows/publish-npm.yml +++ b/.github/workflows/publish-npm.yml @@ -4,85 +4,85 @@ on: workflow_call: inputs: scope: - description: 'NPM package scope (e.g., @iexec)' - default: '@iexec' + description: "NPM package scope (e.g., @iexec)" + default: "@iexec" type: string node-version: - description: 'Node.js version to use' - default: '20' + description: "Node.js version to use" + default: "20" type: string registry: - description: 'NPM registry URL' - default: 'https://registry.npmjs.org' + description: "NPM registry URL" + default: "https://registry.npmjs.org" type: string access: - description: 'Package access (public/restricted)' - default: 'public' + description: "Package access (public/restricted)" + default: "public" type: string provenance: - description: 'Enable npm provenance' + description: "Enable npm provenance" default: true type: boolean install-command: - description: 'Install dependencies command' - default: 'npm ci' + description: "Install dependencies command" + default: "npm ci" type: string build-command: - description: 'Build package command' - default: 'npm run build' + description: "Build package command" + default: "npm run build" type: string run-tests: - description: 'Execute unit tests step' + description: "Execute unit tests step" default: false type: boolean test-command: - description: 'Run unit tests command' - default: 'npm test --if-present' + description: "Run unit tests command" + default: "npm test --if-present" type: string lint-command: - description: 'Run linting command' - default: 'npm run lint --if-present' + description: "Run linting command" + default: "npm run lint --if-present" type: string type-check-command: - description: 'Run type-checking command' - default: 'npm run check-types --if-present' + description: "Run type-checking command" + default: "npm run check-types --if-present" type: string format-check-command: - description: 'Run format-checking command' - default: 'npm run check-format --if-present' + description: "Run format-checking command" + default: "npm run check-format --if-present" type: string environment: - description: 'GitHub environment' - default: 'production' + description: "GitHub environment" + default: "production" type: string tag: - description: 'npm publish tag (e.g., latest, nightly)' - default: '' - type: string - tag-prefix: - description: 'Prefix for Git tag' - default: 'v' + description: "npm publish tag (e.g., latest, nightly)" + default: "" type: string working-directory: - description: 'Directory containing package.json' - default: '' + description: "Directory containing package.json" + default: "" type: string artifact-name: - description: 'Name of an artifact to download before the build (leave empty to skip)' - default: '' + description: "Name of an artifact to download before the build (leave empty to skip)" + default: "" type: string artifact-path: - description: 'Destination path for the downloaded artifact' - default: '' + description: "Destination path for the downloaded artifact" + default: "" type: string version: - description: 'Version to publish (leave empty to use package.json version)' - default: '' + description: "Version to publish (leave empty to use package.json version)" + default: "" type: string + dry-run: + description: "Run in dry-run mode (the package will not be published)" + default: false + type: boolean secrets: npm-token: - description: 'NPM auth token' - required: true + description: "NPM auth token (required unless `dry-run: true`)" + required: false jobs: build: @@ -93,6 +93,16 @@ jobs: packages: write id-token: write steps: + - name: Ensure npm-token + if: ${{ !inputs.dry-run }} + run: | + if [ -n "${{ secrets.npm-token }}" ]; then + echo "`npm-token` secret is set" + else + echo "Missing `npm-token` secret (required unless `dry-run: true`)" + exit 1 + fi + - name: Download extra artifact if: ${{ inputs.artifact-name != '' }} uses: actions/download-artifact@v4 @@ -111,7 +121,7 @@ jobs: - name: Install dependencies working-directory: ${{ inputs.working-directory }} run: ${{ inputs.install-command }} - + - name: Override version if: ${{ inputs.version != '' }} working-directory: ${{ inputs.working-directory }} @@ -149,8 +159,14 @@ jobs: TAG_OPT="--tag ${{ inputs.tag }}" fi + DRY_RUN_OPT="" + if [ "${{ inputs.dry-run }}" = "true" ]; then + DRY_RUN_OPT="--dry-run" + fi + + PROVENANCE_OPT="" if [ "${{ inputs.provenance }}" = "true" ]; then - npm publish --access ${{ inputs.access }} $TAG_OPT --provenance - else - npm publish --access ${{ inputs.access }} $TAG_OPT + PROVENANCE_OPT="--provenance" fi + + npm publish --access ${{ inputs.access }} $TAG_OPT $DRY_RUN_OPT $PROVENANCE_OPT diff --git a/publish-npm/README.md b/publish-npm/README.md index f90a28a..98767e5 100644 --- a/publish-npm/README.md +++ b/publish-npm/README.md @@ -20,7 +20,7 @@ for the package scope, Node.js version, registry URL, and other options. The wor ## Workflow Inputs 🛠️ | **Input** | **Description** | **Required** | **Default** | -|--------------------------|---------------------------------------------------------------|--------------|-------------------------------------| +| ------------------------ | ------------------------------------------------------------- | ------------ | ----------------------------------- | | **scope** | NPM package scope (e.g., `@iexec`). | No | `@iexec` | | **node-version** | Node.js version to use. | No | `20` | | **registry** | NPM registry URL. | No | `https://registry.npmjs.org` | @@ -35,17 +35,17 @@ for the package scope, Node.js version, registry URL, and other options. The wor | **format-check-command** | Run format-checking command. | No | `npm run check-format --if-present` | | **environment** | GitHub environment. | No | `production` | | **tag** | npm publish tag (e.g., latest, nightly). | No | `''` (empty string) | -| **tag-prefix** | Prefix for Git tag. | No | `v` | | **working-directory** | Directory containing package.json. | No | `''` (empty string) | | **artifact-name** | Name of an artifact to download before the build. | No | `''` (empty string) | | **artifact-path** | Destination path for the downloaded artifact. | No | `''` (empty string) | | **version** | Version to publish (leave empty to use package.json version). | No | `''` (empty string) | +| **dry-run** | Run in dry-run mode (the package will not be published). | No | `false` | ### Secrets 🔐 -| **Secret** | **Description** | **Required** | -|---------------|-----------------|--------------| -| **npm-token** | NPM auth token. | Yes | +| **Secret** | **Description** | **Required** | +| ------------- | -------------------------------------------------- | ------------ | +| **npm-token** | NPM auth token (required unless `dry-run: true`)". | No | ## Job and Steps ⚙️ @@ -54,9 +54,9 @@ for the package scope, Node.js version, registry URL, and other options. The wor - **Runs On**: `ubuntu-latest`. - **Environment**: Uses the environment specified in `inputs.environment`. - **Permissions**: - - `contents: read` – to access repository contents. 🔍 - - `packages: write` – to allow package publication. ✨ - - `id-token: write` – for authentication purposes. 🔑 + - `contents: read` – to access repository contents. 🔍 + - `packages: write` – to allow package publication. ✨ + - `id-token: write` – for authentication purposes. 🔑 ## How to Use This Reusable Workflow 🔄 @@ -76,14 +76,13 @@ for the package scope, Node.js version, registry URL, and other options. The wor publish: uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/publish-npm.yml@main with: - node-version: '22' - build-command: 'npm run build:prod' + node-version: "22" + build-command: "npm run build:prod" run-tests: true - test-command: 'npm run test:ci' - lint-command: 'npm run lint' - type-check-command: 'npm run check-types' - format-check-command: 'npm run check-format' - tag-prefix: 'v' + test-command: "npm run test:ci" + lint-command: "npm run lint" + type-check-command: "npm run check-types" + format-check-command: "npm run check-format" # Optional: Download an artifact before building # artifact-name: 'my-build-artifact' # artifact-path: './dist'