Skip to content

Bump rollup from 4.20.0 to 4.21.3 (#1173) #787

Bump rollup from 4.20.0 to 4.21.3 (#1173)

Bump rollup from 4.20.0 to 4.21.3 (#1173) #787

Workflow file for this run

name: Publish
on:
push:
branches:
- main
permissions: read-all
jobs:
check:
name: Check
runs-on: ubuntu-22.04
outputs:
released: ${{ steps.version.outputs.released }}
version: ${{ steps.version.outputs.version }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0 # To obtain all tags
- name: Check if version is released
id: version
run: |
VERSION="v$(jq -r '.version' < package.json)"
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
if [ "$(git tag --list "$VERSION")" ]; then
echo 'released=true' >> "$GITHUB_OUTPUT"
else
echo 'released=false' >> "$GITHUB_OUTPUT"
fi
git:
name: git
runs-on: ubuntu-22.04
if: ${{ needs.check.outputs.released == 'false' }}
needs:
- check
permissions:
contents: write # To push refs
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
- name: Checkout repository
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0 # To fetch all major version branches
- name: Get major version
uses: actions/github-script@e69ef5462fd455e02edcaf4dd7708eda96b9eda0 # v7.0.0
id: major-version
env:
VERSION: ${{ needs.check.outputs.version }}
with:
result-encoding: string
script: |
const version = `${process.env.VERSION}`
const major = version.replace(/\.\d\.\d$/, "")
return major
- name: Publish git tag
env:
VERSION: ${{ needs.check.outputs.version }}
run: |
git tag "$VERSION"
git push origin "$VERSION"
- name: Update major version branch
env:
MAJOR_VERSION: ${{ steps.major-version.outputs.result }}
run: |
git push origin "HEAD:$MAJOR_VERSION"
npm:
name: npm
runs-on: ubuntu-22.04
if: ${{ needs.check.outputs.released == 'false' }}
needs:
- check
permissions:
id-token: write # To attach provenance to the published package
environment:
name: npm
url: https://www.npmjs.com/package/@ericcornelissen/eslint-plugin-top
steps:
- name: Harden Runner
uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
fulcio.sigstore.dev:443
github.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
rekor.sigstore.dev:443
sigstore-tuf-root.storage.googleapis.com:443
- name: Checkout repository
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install Node.js
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
with:
cache: npm
node-version-file: .nvmrc
registry-url: https://registry.npmjs.org
- name: Install dependencies
run: npm clean-install
- name: Publish to npm
run: |
npm publish --ignore-scripts=false --provenance
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}