diff --git a/.gitea/workflows/npm-release.yml b/.gitea/workflows/npm-release.yml index 1d56f79..ffb8e14 100644 --- a/.gitea/workflows/npm-release.yml +++ b/.gitea/workflows/npm-release.yml @@ -1,45 +1,48 @@ name: npm release -env: - HOME: /tmp - on: push: tags: - 'v*' - '[0-9]*' +permissions: + contents: read + jobs: verify: name: verify runs-on: ubuntu-latest + container: + image: node:20-bookworm timeout-minutes: 20 steps: - - name: Check out repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 + - name: Install release tools + run: | + set -euo pipefail + apt-get update + apt-get install -y git curl ca-certificates + curl -fsSL https://bun.sh/install | bash -s -- bun-v1.3.13 + install -m 0755 /root/.bun/bin/bun /usr/local/bin/bun + node --version + npm --version + bun --version - - name: Set up Node.js - uses: actions/setup-node@v4 - with: - node-version: '20' - registry-url: 'https://registry.npmjs.org' - - - name: Set up Bun - uses: oven-sh/setup-bun@v2 - with: - bun-version: '1.3.13' - - - name: Install dependencies - run: bun install --frozen-lockfile + - name: Clone tagged source + run: | + set -euo pipefail + REPO_URL="${{ gitea.server_url }}/${{ gitea.repository }}.git" + AUTH_HEADER="$(printf '%s' '${{ gitea.actor }}:${{ secrets.GITEA_TOKEN }}' | base64 -w0)" + git -c http.extraHeader="Authorization: Basic $AUTH_HEADER" clone --depth 1 --branch "${{ gitea.ref_name }}" "$REPO_URL" repo + git -C repo rev-parse HEAD - name: Verify release tag matches package version + working-directory: repo shell: bash run: | set -euo pipefail - TAG_NAME="${GITHUB_REF##refs/tags/}" + TAG_NAME="${{ gitea.ref_name }}" PACKAGE_VERSION="$(node -p "require('./package.json').version")" if [ "$TAG_NAME" = "v$PACKAGE_VERSION" ] || [ "$TAG_NAME" = "$PACKAGE_VERSION" ]; then @@ -51,7 +54,10 @@ jobs: exit 1 - name: Run verify pipeline + working-directory: repo run: | + set -euo pipefail + bun install --frozen-lockfile bun run test bun run check bun run build @@ -59,32 +65,48 @@ jobs: release: name: publish to npm runs-on: ubuntu-latest + container: + image: node:20-bookworm timeout-minutes: 20 needs: - verify steps: - - name: Check out repository - uses: actions/checkout@v4 + - name: Install release tools + run: | + set -euo pipefail + apt-get update + apt-get install -y git curl ca-certificates + curl -fsSL https://bun.sh/install | bash -s -- bun-v1.3.13 + install -m 0755 /root/.bun/bin/bun /usr/local/bin/bun + node --version + npm --version + bun --version - - name: Set up Node.js - uses: actions/setup-node@v4 - with: - node-version: '20' - registry-url: 'https://registry.npmjs.org' - - - name: Set up Bun - uses: oven-sh/setup-bun@v2 - with: - bun-version: '1.3.13' + - name: Clone tagged source + run: | + set -euo pipefail + REPO_URL="${{ gitea.server_url }}/${{ gitea.repository }}.git" + AUTH_HEADER="$(printf '%s' '${{ gitea.actor }}:${{ secrets.GITEA_TOKEN }}' | base64 -w0)" + git -c http.extraHeader="Authorization: Basic $AUTH_HEADER" clone --depth 1 --branch "${{ gitea.ref_name }}" "$REPO_URL" repo + git -C repo rev-parse HEAD - name: Install dependencies - run: bun install --frozen-lockfile + working-directory: repo + run: | + set -euo pipefail + bun install --frozen-lockfile - name: Build package - run: bun run build + working-directory: repo + run: | + set -euo pipefail + bun run build - name: Publish package to npm + working-directory: repo env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: npm publish + run: | + set -euo pipefail + npm publish