fix: enable npm provenance publishing #79
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Node.js Tests | |
| on: | |
| pull_request: | |
| push: | |
| branches-ignore: | |
| - 'gh-pages' | |
| # paths: # only run this deploy if an file in the following directories are changed | |
| # - 'src/**' | |
| # - 'test/**' | |
| # - '*.json' # run if an ".json" file in the *root* of the repository is changed | |
| permissions: | |
| contents: read | |
| env: | |
| # Download mongodb binaries to ~/.cache/mongodb-binaries instead of local node_modules | |
| # Used for separate cache | |
| MONGOMS_PREFER_GLOBAL_PATH: true | |
| jobs: | |
| tests: | |
| permissions: | |
| contents: read # for actions/checkout to fetch code | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [16.x, 18.x, 20.x, 22.x] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Load MongoDB binary cache | |
| id: cache-mongodb-binaries | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.cache/mongodb-binaries | |
| key: ${{ matrix.node-version }} | |
| - name: Install Dependencies | |
| run: yarn install --frozen-lockfile | |
| - name: Run Audit | |
| run: (yarn audit || exit 0) | |
| - name: Test Compiling Everything | |
| run: yarn run build:tests | |
| - name: Lint | |
| run: yarn run lint | |
| - name: Test | |
| run: yarn run test:coverage --colors | |
| env: | |
| CI: true | |
| - name: Send codecov.io stats | |
| if: matrix.node-version == '18.x' | |
| uses: codecov/codecov-action@v3 | |
| publish: | |
| permissions: | |
| contents: write # for actions/checkout to fetch code and for semantic-release to push commits, release releases and tags | |
| issues: write # for semantic-release to comment on and close issues | |
| pull-requests: write # for semantic-release to comment on and close pull requests | |
| id-token: write # for semantic-release to enable use of OIDC for npm provenance | |
| if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/beta' | |
| needs: [tests] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Use Node.js 18 | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.x | |
| - name: Load MongoDB binary cache | |
| id: cache-mongodb-binaries | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.cache/mongodb-binaries | |
| key: publish | |
| - name: Install node_modules | |
| run: yarn install | |
| - name: Build | |
| run: yarn build | |
| - name: Semantic Release | |
| uses: cycjimmy/semantic-release-action@cb425203a562475bca039ba4dbf90c7f9ac790f4 # v4.1.0 | |
| with: | |
| # dry_run: true | |
| # using semantic-release 23.x because of https://github.com/semantic-release/release-notes-generator/issues/675 | |
| # plugins included in semantic-release by default: | |
| # @semantic-release/commit-analyzer @semantic-release/release-notes-generator @semantic-release/npm @semantic-release/github | |
| extra_plugins: | | |
| @semantic-release/git@10.x | |
| @semantic-release/changelog@6.x | |
| @commitlint/config-conventional@19.x | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # replace with trusted-publishing once available, see https://github.com/semantic-release/npm/issues/958 | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} |