diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8d59de8d42..0367d88d94 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,29 +1,74 @@ name: Release -on: create + +on: + push: + tags: + - '10.*' jobs: build: - if: github.ref_type == 'tag' uses: preactjs/preact/.github/workflows/build-test.yml@v10.x release: runs-on: ubuntu-latest needs: build + permissions: + contents: write steps: - - uses: actions/checkout@v4 - - uses: actions/download-artifact@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: npm-package - name: Create draft release id: create-release - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 with: script: | const script = require('./scripts/release/create-gh-release.js') return script({ github, context }) - name: Upload release artifact - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 + env: + RELEASE_DATA: ${{ steps.create-release.outputs.result }} with: script: | const script = require('./scripts/release/upload-gh-asset.js') - return script({ require, github, context, glob, release: ${{ steps.create-release.outputs.result }} }) + const release = JSON.parse(process.env.RELEASE_DATA) + return script({ require, github, context, glob, release }) + + publish: + needs: [build, release] + runs-on: ubuntu-latest + environment: + name: npm + url: https://www.npmjs.com/package/preact + permissions: + contents: read + id-token: write + steps: + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + with: + name: npm-package + + - name: Update npm + run: npm install -g npm@11.11 + + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + with: + node-version-file: 'package.json' + registry-url: 'https://registry.npmjs.org' + # Determine the npm dist-tag from the git tag: + # - Prerelease versions (e.g. 10.29.0-rc.1) publish with --tag matching + # the prerelease identifier (rc, alpha, beta, etc.) + # - Stable versions publish with --tag latest + - name: Determine dist-tag + id: dist-tag + run: | + TAG="${GITHUB_REF#refs/tags/}" + if [[ "$TAG" =~ -([a-zA-Z]+) ]]; then + echo "tag=${BASH_REMATCH[1]}" >> "$GITHUB_OUTPUT" + else + echo "tag=latest" >> "$GITHUB_OUTPUT" + fi + - name: Publish to npm + run: npm publish preact.tgz --provenance --tag ${{ steps.dist-tag.outputs.tag }} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b0b27e52c8..0cb120ce7e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -200,14 +200,10 @@ rights to publish new releases on npm. 4. Create and push a tag for the new version you want to publish: 1. `git tag 10.0.0` 2. `git push --tags` -5. Wait for the Release workflow to complete +5. Wait for the Release workflow to reach the `npm` environment approval gate, approve it, and let it complete - It'll create a draft release and upload the built npm package as an asset to the release 6. [Fill in the release notes](#writing-release-notes) in GitHub and publish them -7. Run the publish script with the tag you created - 1. `node ./scripts/release/publish.mjs 10.0.0` - 2. Make sure you have 2FA enabled in npm, otherwise the above command will fail. - 3. If you're doing a pre-release add `--npm-tag next` to the `publish.mjs` command to publish it under a different tag (default is `latest`) -8. Tweet it out +7. Tweet it out ## Legacy Releases (8.x) diff --git a/package.json b/package.json index 8b89e2a5ef..1d773d55e8 100644 --- a/package.json +++ b/package.json @@ -3,6 +3,10 @@ "amdName": "preact", "version": "10.29.0", "private": false, + "publishConfig": { + "access": "public", + "provenance": true + }, "description": "Fast 3kb React-compatible Virtual DOM library.", "main": "dist/preact.js", "module": "dist/preact.module.js",