Skip to content

Merge pull request #45 from rsksmart/scorecard #52

Merge pull request #45 from rsksmart/scorecard

Merge pull request #45 from rsksmart/scorecard #52

Workflow file for this run

name: Publish library on NPM
on:
release:
types: [published]
push:
branches:
- main
- fix/ci-errors
permissions: read-all
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: "Check file existence"
id: check_files
uses: andstor/file-existence-action@v3
with:
files: "package.json, README.md"
# - name: File exists
# # Only runs if all of the files exists
# run: exit 1
# - name: Get package.json package name and match with repository name
# run: |
# echo PACKAGE_NAME=$(cat package.json | jq .name | cut -f2 -d"\"" | cut -f2 -d"@") >> $GITHUB_OUTPUT
# echo PACKAGE_VERSION="refs/tags/v"$(cat package.json | jq .version | cut -f2 -d"\"") >> $GITHUB_OUTPUT
# echo PACKAGE_REPOSITORY=$(cat package.json | jq .repository | cut -f2 -d"\"" | sed 's/:/\//' | sed 's/@/:\/\//') >> $GITHUB_OUTPUT
# id: get_package_info
# - name: Check if package_name matches with repository name
# if: github.repository != steps.get_package_info.outputs.PACKAGE_NAME
# # Fail if package name not properly configured
# run: exit 1
# - name: Check if package version matches with tag
# if: github.ref != steps.get_package_info.outputs.PACKAGE_VERSION
# # Fail if package version not properly setted
# run: exit 1
# - name: Check if package repository matches with repository
# # Fail if package repository doesn't match with repository
# run: exit 1
- name: Push package to npmjs.com
uses: actions/setup-node@v4
with:
node-version: 20
registry-url: https://registry.npmjs.org/
- name: Install pnpm
run: npm install -g pnpm
- name: Install dependencies
run: pnpm install
- name: Build project
run: pnpm build
- name: Pre upload validation
id: pack
run: |
npm pack --dry-run >> output 2>&1
echo PRE_UPLOAD_HASH=$(cat output | grep shasum | cut -f4 -d" ") >> $GITHUB_OUTPUT
- name: Publish package
run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Post-upload validation
id: unpack
run: |
PACKAGE_NAME=$(cat package.json | jq .name | cut -f2 -d"\"")@$(cat package.json | jq .version | cut -f2 -d"\"")
echo POST_UPLOAD_HASH=$(npm view $PACKAGE_NAME | grep shasum | cut -f4 -d" ") >> $GITHUB_OUTPUT
- name: Pre and Post Upload validation
if: steps.pack.outputs.PRE_UPLOAD_HASH != steps.unpack.outputs.POST_UPLOAD_HASH
run: exit 1