Skip to content

Set up linting of snippets in MarkDown (#1827) #921

Set up linting of snippets in MarkDown (#1827)

Set up linting of snippets in MarkDown (#1827) #921

Workflow file for this run

name: Publish
on:
push:
branches:
- main
permissions: read-all
jobs:
check:
name: Check
runs-on: ubuntu-24.04
outputs:
released: ${{ steps.version.outputs.released }}
release_notes: ${{ steps.version.outputs.release_notes }}
version: ${{ steps.version.outputs.version }}
steps:
- name: Harden runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
fetch-depth: 0 # To fetch all tags
persist-credentials: false
- name: Install Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
cache: npm
node-version-file: .nvmrc
- name: Install dependencies
run: npm clean-install
- name: Check if the current version is already released
id: version
run: |
VERSION="v$(jq -r '.version' < package.json)"
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
if [ "$(git tag --list "$VERSION")" ]; then
echo 'released=true' >> "$GITHUB_OUTPUT"
else
echo 'released=false' >> "$GITHUB_OUTPUT"
{
echo 'release_notes<<EOF'
node script/release/get-release-notes.js
echo 'EOF'
} >> "$GITHUB_OUTPUT"
fi
git:
name: git
runs-on: ubuntu-24.04
if: ${{ needs.check.outputs.released == 'false' }}
needs:
- check
permissions:
contents: write # To push a ref
steps:
- name: Harden runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
github.com:443
- name: Checkout repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
fetch-depth: 0 # To fetch all major version branches
- name: Get release version
uses: actions/github-script@e69ef5462fd455e02edcaf4dd7708eda96b9eda0 # v7.0.0
id: major_version
env:
VERSION: ${{ needs.check.outputs.version }}
with:
result-encoding: string
script: |
const version = `${process.env.VERSION}`
const major = version.replace(/\.\d\.\d$/, "")
return major
- name: Create release tag
env:
VERSION: ${{ needs.check.outputs.version }}
run: |
git tag "${VERSION}"
git push origin "${VERSION}"
- name: Update major version branch
env:
MAJOR_VERSION: ${{ steps.major_version.outputs.result }}
run: |
git push origin "HEAD:${MAJOR_VERSION}"
github:
name: GitHub
runs-on: ubuntu-24.04
if: ${{ needs.check.outputs.released == 'false' }}
needs:
- check
- git
permissions:
contents: write # To create a GitHub Release
steps:
- name: Harden runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
github.com:443
- name: Create GitHub release
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
with:
tag: ${{ needs.check.outputs.version }}
name: Release ${{ needs.check.outputs.version }}
body: ${{ needs.check.outputs.release_notes }}
draft: false
prerelease: false
npm:
name: npm
runs-on: ubuntu-24.04
if: ${{ needs.check.outputs.released == 'false' }}
permissions:
id-token: write # To attach provenance to the published package
environment:
name: npm
url: https://www.npmjs.com/package/shescape
needs:
- check
steps:
- name: Harden runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
actions-results-receiver-production.githubapp.com:443
api.github.com:443
fulcio.sigstore.dev:443
github.com:443
gitlab.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
rekor.sigstore.dev:443
sigstore-tuf-root.storage.googleapis.com:443
- name: Checkout repository
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
with:
persist-credentials: false
- name: Install Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
cache: npm
node-version-file: .nvmrc
registry-url: https://registry.npmjs.org
- name: Install dependencies
run: npm clean-install
- name: Publish to npm
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
npm run transpile
npm publish --provenance