feat: add GitHub Actions workflows for npm publishing (#13) #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish to NPM | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| id-token: write # Required for npm provenance | |
| packages: write | |
| jobs: | |
| publish: | |
| name: Build & Publish to NPM | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| persist-credentials: false | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 | |
| with: | |
| version: 9 | |
| run_install: false | |
| - name: Setup Node 20.x | |
| uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
| with: | |
| node-version: '20.x' | |
| registry-url: 'https://registry.npmjs.org/' | |
| cache: 'pnpm' | |
| - name: Get package version | |
| id: package-version | |
| run: | | |
| VERSION=$(node -p "require('./package.json').version") | |
| echo "version=${VERSION}" >> $GITHUB_OUTPUT | |
| echo "π¦ Current version: ${VERSION}" | |
| - name: Verify lockfile exists | |
| run: | | |
| if [ ! -f "pnpm-lock.yaml" ]; then | |
| echo "β pnpm-lock.yaml not found" | |
| echo "Run 'pnpm install' locally and commit the lockfile" | |
| exit 1 | |
| fi | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Run linter | |
| run: pnpm run lint | |
| - name: Run tests | |
| run: pnpm run test | |
| - name: Build package | |
| run: pnpm run build | |
| - name: Security audit | |
| run: | | |
| pnpm audit --audit-level moderate || { | |
| echo "β οΈ Security vulnerabilities found" | |
| exit 1 | |
| } | |
| - name: Verify public dependencies | |
| run: | | |
| if pnpm list --json | grep -q '"private":true'; then | |
| echo "β Private packages detected in dependencies" | |
| exit 1 | |
| fi | |
| - name: Check NPM authentication | |
| run: pnpm whoami | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - name: Publish to NPM | |
| id: publish | |
| run: | | |
| echo "π Publishing version ${{ steps.package-version.outputs.version }}" | |
| pnpm publish --access public --provenance --no-git-checks | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - name: Publish success | |
| if: success() | |
| run: | | |
| echo "β Published version ${{ steps.package-version.outputs.version }}" | |
| echo "π¦ https://www.npmjs.com/package/quickswap-sdk" | |
| echo "π Provenance: https://www.npmjs.com/package/quickswap-sdk/v/${{ steps.package-version.outputs.version }}" | |
| - name: Publish failed | |
| if: failure() | |
| run: | | |
| echo "β Failed to publish to NPM" | |
| echo "" | |
| echo "Common reasons:" | |
| echo " - Version ${{ steps.package-version.outputs.version }} already exists" | |
| echo " - NPM_TOKEN is invalid or expired" | |
| echo " - Security vulnerabilities detected" | |
| echo " - Lockfile is out of sync" | |
| echo "" | |
| echo "To publish a new version:" | |
| echo " 1. Update version in package.json" | |
| echo " 2. Run 'pnpm install' to update lockfile" | |
| echo " 3. Commit and push to main" | |
| exit 1 |