Skip to content

Update transitive dependencies (#659) #429

Update transitive dependencies (#659)

Update transitive dependencies (#659) #429

Workflow file for this run

name: Publish
on:
push:
branches:
- main
permissions: read-all
jobs:
check:
name: Check
runs-on: ubuntu-22.04
outputs:
released: ${{ steps.version.outputs.released }}
version: ${{ steps.version.outputs.version }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
registry.npmjs.org:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with:
fetch-depth: 0 # To obtain all tags
- name: Check if version is released
id: version
run: |
VERSION="v$(jq -r '.version' < package.json)"
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
if [ "$(git tag --list "$VERSION")" ]; then
echo 'released=true' >> "$GITHUB_OUTPUT"
else
echo 'released=false' >> "$GITHUB_OUTPUT"
fi
git:
name: git
runs-on: ubuntu-22.04
if: ${{ needs.check.outputs.released == 'false' }}
needs:
- check
permissions:
contents: write # To push refs
steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with:
fetch-depth: 0 # To fetch all major version branches
- name: Get major version
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
id: major-version
env:
VERSION: ${{ needs.check.outputs.version }}
with:
result-encoding: string
script: |
const version = `${process.env.VERSION}`
const major = version.replace(/\.\d\.\d$/, "")
return major
- name: Publish git tag
env:
VERSION: ${{ needs.check.outputs.version }}
run: |
git tag "$VERSION"
git push origin "$VERSION"
- name: Update major version branch
env:
MAJOR_VERSION: ${{ steps.major-version.outputs.result }}
run: |
git push origin "HEAD:$MAJOR_VERSION"
npm:
name: npm
runs-on: ubuntu-22.04
if: ${{ needs.check.outputs.released == 'false' }}
needs:
- check
permissions:
id-token: write # To attach provenance to the published package
environment:
name: npm
url: https://www.npmjs.com/package/@ericcornelissen/eslint-plugin-top
steps:
- name: Harden Runner
uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
fulcio.sigstore.dev:443
github.com:443
nodejs.org:443
objects.githubusercontent.com:443
registry.npmjs.org:443
rekor.sigstore.dev:443
sigstore-tuf-root.storage.googleapis.com:443
- name: Checkout repository
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Install Node.js
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
cache: npm
node-version-file: .nvmrc
registry-url: https://registry.npmjs.org
- name: Install dependencies
run: npm clean-install
- name: Publish to npm
run: |
npm publish --provenance
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}