From d713032b9faef7b16e632704133d57c8965e06a2 Mon Sep 17 00:00:00 2001 From: Hunter Bown Date: Fri, 24 Apr 2026 00:21:35 -0500 Subject: [PATCH] ci: allow token-backed npm publish --- .github/workflows/publish-npm.yml | 39 +++++++++++++++++++++++++++++++ .github/workflows/release.yml | 2 ++ 2 files changed, 41 insertions(+) create mode 100644 .github/workflows/publish-npm.yml diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml new file mode 100644 index 00000000..6881f0e0 --- /dev/null +++ b/.github/workflows/publish-npm.yml @@ -0,0 +1,39 @@ +name: Publish npm + +on: + workflow_dispatch: + inputs: + version: + description: 'Package/release version to publish, without the leading v' + required: true + type: string + +env: + CARGO_TERM_COLOR: always + +jobs: + publish: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: '20' + registry-url: 'https://registry.npmjs.org' + - name: Verify package version + working-directory: npm/deepseek-tui + run: | + actual="$(node -p "require('./package.json').version")" + expected="${{ inputs.version }}" + if [ "${actual}" != "${expected}" ]; then + echo "package.json version ${actual} does not match requested ${expected}" >&2 + exit 1 + fi + - name: Publish wrapper to npm + working-directory: npm/deepseek-tui + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + run: npm publish --provenance --access public diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 57ce9cec..b713f267 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -132,4 +132,6 @@ jobs: registry-url: 'https://registry.npmjs.org' - name: Publish wrapper to npm working-directory: npm/deepseek-tui + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} run: npm publish --provenance --access public