npm publish actions

[MHuiG]

settings > secrets > actions

NPM_AUTH_TOKEN

triggered by workflow_dispatch btn

[broofa]

@MHuiG This is just creating a workflow that does npm publish, and the workflow doesn't run unless triggered manually, right?

Can you elaborate on the benefit of this? Is this just to get away from the (probably terrible) practice of maintainers publishing to NPM from their local dev machine? Any other advantages?

I'd also be curious to get your thoughts on how this might be modified to auto-publish whenever a release tag (e.g. "v1.2.1") is pushed to main. (Asking because I'd like to figure out a better release process for uuid.)

[iChenLei]

@broofa changeset or release-please is for u, I also maintain mobxjs lib, changeset is good for we mobx team and worked a long time. changeset example -> mobxjs/mobx#3386 and release-please example -> yargs/yargs#2187

[MHuiG]

I just wrote an example here. Specific programs need to be decided by the communities themselves.
I use it mainly because I can't connect to NPM on my network, so I always use mirror.

Of course, this can expose the process of publishing packages, as long as NPM_token is configured, anyone with repository permissions can publish packages

You can run a unit test before the release process and prevent the release if the test fails

As you can see, in the past, the repository was updated, but npm was not updated, why not associate the repository with npm through CI?

I used this before
https://github.com/pascalgn/npm-publish-action
But it had bug for some time before, so I have been using my own writing
https://github.com/volantis-x/hexo-theme-volantis/blob/dev/.github/workflows/npm-publish.yml#L4

the workflow run triggered by release but not pre-release
https://github.com/username/your-repo/releases
(eg: https://github.com/stylus/nib/releases)
Yes, the tag is created when you create a releases on the Github release page.

doc:
https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release

I also written before Automated Version Bump
https://github.com/CoPoKo/nib/blob/master/.github/workflows/npm-publish.yml#L19
https://github.com/CoPoKo/nib/blob/master/.github/npm-version-bump.js#L6
Because that package is only used by myself, and I only use the latest version, I used timestamp as version,the workflow run triggered by push.
Maybe I should mark alpha in the version?

[MHuiG]

About how this might be modified to auto-publish whenever a release tag (e.g. "v1.2.1") is pushed to main, I didn't find documentation on how to match tags,But I know how to match the message.

doc: https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push

if: ${{ contains(github.event.head_commit.message, 'release')== true }}

name: npm-publish
on:
  push:
    branches:
    - main
  workflow_dispatch:
jobs:
  npm-publish:
    if: ${{ contains(github.event.head_commit.message, 'release')== true }}
    name: npm-publish
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repository
      uses: actions/checkout@main
    - name: Set up Node.js
      uses: actions/setup-node@main
      with:
        node-version: 16
        registry-url: https://registry.npmjs.org
    - name: Publish
      run: |
        npm publish
      env:
        NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}

Trigger the workflow when the git message contains the word release

I hope these three examples I wrote will help you.