github/awesome-cordova-plugins
3
0
Fork 1
mirror of https://github.com/danielsogl/awesome-cordova-plugins.git synced 2026-05-02 00:07:23 +08:00
Code Issues Projects Releases Wiki Activity
Files
6453f2ab789dff71fb77bb06556bbc07c4091692
awesome-cordova-plugins/.github/workflows/release-please.yml
T
Daniel Sogl 6453f2ab78 fix: add npm provenance and fix core peer dependency version 
Add --provenance flag to npm publish for supply chain security.
Add id-token: write permission to release workflow for OIDC-based
provenance attestation. Fix MIN_CORE_VERSION to dynamically use
current version instead of hardcoded ^8.0.2.
2026-03-21 16:04:52 -07:00

63 lines
1.4 KiB
YAML
Raw Blame History

name: Release Please
on:
push:
branches: [main]
workflow_dispatch:
permissions:
contents: write
pull-requests: write
issues: write
id-token: write
jobs:
release-please:
runs-on: ubuntu-latest
outputs:
release_created: ${{ steps.release.outputs.release_created }}
tag_name: ${{ steps.release.outputs.tag_name }}
version: ${{ steps.release.outputs.version }}
steps:
- name: Run Release Please
id: release
uses: googleapis/release-please-action@v4.4.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
config-file: release-please-config.json
manifest-file: .release-please-manifest.json
publish:
runs-on: ubuntu-latest
needs: release-please
if: ${{ needs.release-please.outputs.release_created }}
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v4.3.1
- name: Setup Node.js
uses: actions/setup-node@v4.4.0
with:
node-version: 22
cache: npm
registry-url: https://registry.npmjs.org
- name: Install dependencies
run: npm ci
- name: Lint
run: npm run lint -- --quiet
- name: Test
run: npm test
- name: Build
run: npm run build
- name: Publish to npm
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm run npmpub
Reference in New Issue View Git Blame Copy Permalink