-
Notifications
You must be signed in to change notification settings - Fork 0
127 lines (108 loc) · 4.72 KB
/
publish.yml
File metadata and controls
127 lines (108 loc) · 4.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
name: Release
on:
push:
branches:
- main
permissions:
id-token: write
contents: write
pull-requests: write
concurrency: ${{ github.workflow }}-${{ github.ref }}
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup Node.js 20.x
uses: actions/setup-node@v4
with:
node-version: 20.x
registry-url: 'https://registry.npmjs.org'
# OIDC 认证会自动处理,不需要 NODE_AUTH_TOKEN
- name: Upgrade npm to latest (for OIDC support)
run: |
# 确保 npm 版本 >= 11.5.1 以支持 Trusted Publishing
npm install -g npm@latest
npm --version
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
run_install: true
version: 10.28.2
- name: Build
run: pnpm build
- name: Configure npm for OIDC and pnpm
run: |
# 注意:npm whoami 在 OIDC 下可能返回 401,这是正常的
# OIDC 认证只在发布时生效,不在认证检查时生效
# setup-node@v4 使用 OIDC 时,会在 NPM_CONFIG_USERCONFIG 指定的位置创建 .npmrc
# 我们需要确保这个配置能被 pnpm 使用
NPMRC_USER="$HOME/.npmrc"
NPMRC_CONFIG="${NPM_CONFIG_USERCONFIG:-}"
echo "NPM_CONFIG_USERCONFIG: ${NPMRC_CONFIG:-not set}"
# 如果 setup-node 在 NPM_CONFIG_USERCONFIG 位置创建了 .npmrc,复制到 ~/.npmrc
if [ -n "$NPMRC_CONFIG" ] && [ -f "$NPMRC_CONFIG" ]; then
echo "Found .npmrc at $NPMRC_CONFIG, copying to $NPMRC_USER"
cp "$NPMRC_CONFIG" "$NPMRC_USER"
cat "$NPMRC_CONFIG" | sed 's/_authToken=[^ ]*/_authToken=***/' || true
fi
# 如果 ~/.npmrc 不存在,尝试查找 setup-node 创建的文件
if [ ! -f "$NPMRC_USER" ]; then
# setup-node 可能在 /home/runner/work/_temp/ 下创建 .npmrc
TEMP_NPMRC="/home/runner/work/_temp/.npmrc"
if [ -f "$TEMP_NPMRC" ]; then
echo "Found .npmrc at $TEMP_NPMRC, copying to $NPMRC_USER"
cp "$TEMP_NPMRC" "$NPMRC_USER"
else
echo "Warning: ~/.npmrc not found, searching for npmrc files..."
find /home/runner -name ".npmrc" 2>/dev/null | head -5 || true
fi
fi
# 确保 @arkts scope 配置正确
if [ -f "$NPMRC_USER" ]; then
if ! grep -q "@arkts:registry" "$NPMRC_USER"; then
echo "@arkts:registry=https://registry.npmjs.org/" >> "$NPMRC_USER"
fi
chmod 600 "$NPMRC_USER"
echo ".npmrc configured at $NPMRC_USER"
echo "Content (masked):"
cat "$NPMRC_USER" | sed 's/_authToken=[^ ]*/_authToken=***/' || true
fi
# 检查 npm 版本(需要 >= 11.5.1 支持 Trusted Publishing)
echo "npm version: $(npm --version)"
echo "Node version: $(node --version)"
# 确保 pnpm 使用 npm 的配置
pnpm config set registry https://registry.npmjs.org/ || true
- name: Debug npm configuration before publish
run: |
echo "=== Debugging npm configuration ==="
echo "NPM_CONFIG_USERCONFIG: ${NPM_CONFIG_USERCONFIG:-not set}"
echo "HOME: $HOME"
echo "Current .npmrc locations:"
ls -la ~/.npmrc 2>/dev/null || echo "~/.npmrc not found"
if [ -n "$NPM_CONFIG_USERCONFIG" ]; then
ls -la "$NPM_CONFIG_USERCONFIG" 2>/dev/null || echo "$NPM_CONFIG_USERCONFIG not found"
fi
echo "npm version: $(npm --version)"
echo "Checking npm config:"
npm config list || true
echo "=== End debugging ==="
- name: Test OIDC authentication (dry-run)
run: |
echo "Testing OIDC authentication with a dry-run publish..."
# 尝试一个 dry-run 发布来测试 OIDC
# 注意:这可能会失败,但可以帮助诊断问题
cd "$(mktemp -d)"
echo '{"name":"@arkts/test-oidc","version":"0.0.0-test"}' > package.json
npm publish --dry-run --registry=https://registry.npmjs.org/ 2>&1 | head -20 || echo "Dry-run completed (errors expected for test package)"
- name: Create Release Pull Request or Publish to npm
id: changesets
uses: changesets/action@v1
with:
createGithubReleases: true
# 使用 npx changeset publish,OIDC 已通过 setup-node@v4 配置
publish: npx changeset publish
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}