Skip to content

Merge pull request #369 from oasisprotocol/CedarMist/publish-provenan… #56

Merge pull request #369 from oasisprotocol/CedarMist/publish-provenan…

Merge pull request #369 from oasisprotocol/CedarMist/publish-provenan… #56

Workflow file for this run

name: publish
on:
push:
tags:
- clients/js/v[0-9]+.[0-9]+.[0-9]+*
- contracts/v[0-9]+.[0-9]+.[0-9]+*
- integrations/ethers-v6/v[0-9]+.[0-9]+.[0-9]+*
- integrations/hardhat/v[0-9]+.[0-9]+.[0-9]+*
- integrations/viem-v2/v[0-9]+.[0-9]+.[0-9]+*
- integrations/wagmi-v2/v[0-9]+.[0-9]+.[0-9]+*
# See: https://docs.npmjs.com/generating-provenance-statements
# See: https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds
permissions:
id-token: write # to enable use of OIDC for npm provenance
contents: read
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "18"
- uses: pnpm/action-setup@v4
name: Install pnpm
id: pnpm-install
with:
version: 8
run_install: true
- name: Build JS client
working-directory: clients/js
run: pnpm build
- name: Build ethers-v6 integration
working-directory: integrations/ethers-v6
run: pnpm build
- name: Build hardhat integration
working-directory: integrations/hardhat
run: pnpm build
- name: Build Viem integration
working-directory: integrations/viem-v2
run: pnpm build
- name: Build Wagmi integration
working-directory: integrations/wagmi-v2
run: pnpm build
- name: Extract package from tag
id: extract-tag
env:
# There's no support for escaping this for use in a shell command.
# GitHub's recommendation is to pass it through the environment.
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
REF_NAME: ${{ github.ref_name }}
run: |
echo "NPM_PACKAGE=$(echo $REF_NAME | grep -oE '(clients/js|contracts|integrations/(ethers-v6|hardhat|wagmi-v2|viem-v2))')" >> $GITHUB_OUTPUT
echo "NPM_TAG=$(echo $REF_NAME | grep -oP '(?<=\-)(rc|next|alpha|beta)' || echo 'latest')" >> $GITHUB_OUTPUT
- name: Set publishing config
run: pnpm config set '//registry.npmjs.org/:_authToken' "${NODE_AUTH_TOKEN}"
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Publish ${{ github.ref_name }} to NPM
run: pnpm publish --access public --no-git-checks --tag $NPM_TAG
env:
NPM_CONFIG_PROVENANCE: true
NPM_TAG: ${{ steps.extract-tag.outputs.NPM_TAG }}
working-directory: ${{ steps.extract-tag.outputs.NPM_PACKAGE }}