chore: enable auto publish (#78)

wraithgar · web-flow · commit a393ac604a16 · 2024-04-12T07:45:29.000-07:00
diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml
@@ -15,17 +15,24 @@ on:
         required: true
         type: string
         description: 'A json array of releases. Required fields: publish: tagName, publishTag. publish check: pkgName, version'
+    secrets:
+      PUBLISH_TOKEN:
+        required: true
 
 jobs:
   publish:
-    name: Check Publish
+    name: Publish
     runs-on: ubuntu-latest
     defaults:
       run:
         shell: bash
+    permissions:
+      id-token: write
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+        with:
+          ref: ${{ fromJSON(inputs.releases)[0].tagName }}
       - name: Setup Git User
         run: |
           git config --global user.email "npm-cli+bot@github.com"
@@ -42,26 +49,27 @@ jobs:
           node: ${{ steps.node.outputs.node-version }}
       - name: Install Dependencies
         run: npm i --ignore-scripts --no-audit --no-fund
-      - name: Check If Published
+      - name: Set npm authToken
+        run: npm config set '//registry.npmjs.org/:_authToken'=\${PUBLISH_TOKEN}
+      - name: Publish
+        env:
+          PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
         run: |
           EXIT_CODE=0
 
           function each_release {
-            if npm view "$@" --loglevel=error > /dev/null; then
+            if npm publish --provenance --tag="$1"; then
               echo 0
             else
               echo 1
             fi
           }
 
           for release in $(echo '${{ inputs.releases }}' | jq -r '.[] | @base64'); do
-            SPEC="$(echo "$release" | base64 --decode | jq -r .pkgName)@$(echo "$release" | base64 --decode | jq -r .version)"
-            STATUS=$(each_release "$SPEC")
+            PUBLISH_TAG=$(echo "$release" | base64 --decode | jq -r .publishTag)
+            STATUS=$(each_release "$PUBLISH_TAG")
             if [[ "$STATUS" -eq 1 ]]; then
               EXIT_CODE=$STATUS
-              echo "$SPEC ERROR"
-            else
-              echo "$SPEC OK"
             fi
           done
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -131,7 +131,7 @@ jobs:
         id: comment-text
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: npm exec --offline -- template-oss-release-manager --pr="${{ needs.release.outputs.pr-number }}" --backport="" --defaultTag="latest"
+        run: npm exec --offline -- template-oss-release-manager --pr="${{ needs.release.outputs.pr-number }}" --backport="" --defaultTag="latest" --publish
       - name: Append Release Manager Comment
         uses: peter-evans/create-or-update-comment@v3
         with:
@@ -243,6 +243,10 @@ jobs:
     name: Release Integration
     if: needs.release.outputs.releases
     uses: ./.github/workflows/release-integration.yml
+    permissions:
+      id-token: write
+    secrets:
+      PUBLISH_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
     with:
       releases: ${{ needs.release.outputs.releases }}
 
diff --git a/package.json b/package.json
@@ -33,7 +33,8 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.21.3"
+    "version": "4.21.3",
+    "publish": true
   },
   "tap": {
     "nyc-arg": [
