diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 27d57ad..65d9837 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -55,7 +55,9 @@ jobs: overwrite: true release_github: name: Publish to GitHub Releases - needs: release + needs: + - release + - release_npm runs-on: ubuntu-latest permissions: contents: write @@ -78,3 +80,30 @@ jobs: GITHUB_REPOSITORY: ${{ github.repository }} GITHUB_REF: ${{ github.sha }} run: errout=$(mktemp); gh release create $(cat dist/releasetag.txt) -R $GITHUB_REPOSITORY -F dist/changelog.md -t $(cat dist/releasetag.txt) --target $GITHUB_REF 2> $errout && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" $errout; then cat $errout; exit $exitcode; fi + release_npm: + name: Publish to npm + needs: release + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha + steps: + - uses: actions/setup-node@v4 + with: + node-version: 18.x + - name: Download build artifacts + uses: actions/download-artifact@v4 + with: + name: build-artifact + path: dist + - name: Restore build artifact permissions + run: cd dist && setfacl --restore=permissions-backup.acl + continue-on-error: true + - name: Release + env: + NPM_DIST_TAG: latest + NPM_REGISTRY: registry.npmjs.org + NPM_CONFIG_PROVENANCE: "true" + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + run: npx -p publib@latest publib-npm diff --git a/.projenrc.ts b/.projenrc.ts index 954555b..87aae11 100644 --- a/.projenrc.ts +++ b/.projenrc.ts @@ -4,6 +4,7 @@ const project = new typescript.TypeScriptProject({ projenrcTs: true, defaultReleaseBranch: 'v2-main', majorVersion: 2, + releaseToNpm: true, autoApproveUpgrades: true, autoApproveOptions: { allowedUsernames: ['aws-cdk-automation'],