Skip to content

feat(publish-npm): add dry-run option #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
PierreJeanjacquot merged 2 commits into from
Jul 2, 2025
Merged

feat(publish-npm): add dry-run option #71

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a5ea80b
feat(publish-npm): add dry-run option
PierreJeanjacquot Jul 2, 2025
b94b6e1
chore(publish-npm): remove unused input
PierreJeanjacquot Jul 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
104 changes: 60 additions & 44 deletions .github/workflows/publish-npm.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,85 +4,85 @@ on:
workflow_call:
inputs:
scope:
description: 'NPM package scope (e.g., @iexec)'
default: '@iexec'
description: "NPM package scope (e.g., @iexec)"
default: "@iexec"
type: string
node-version:
description: 'Node.js version to use'
default: '20'
description: "Node.js version to use"
default: "20"
type: string
registry:
description: 'NPM registry URL'
default: 'https://registry.npmjs.org'
description: "NPM registry URL"
default: "https://registry.npmjs.org"
type: string
access:
description: 'Package access (public/restricted)'
default: 'public'
description: "Package access (public/restricted)"
default: "public"
type: string
provenance:
description: 'Enable npm provenance'
description: "Enable npm provenance"
default: true
type: boolean
install-command:
description: 'Install dependencies command'
default: 'npm ci'
description: "Install dependencies command"
default: "npm ci"
type: string
build-command:
description: 'Build package command'
default: 'npm run build'
description: "Build package command"
default: "npm run build"
type: string
run-tests:
description: 'Execute unit tests step'
description: "Execute unit tests step"
default: false
type: boolean
test-command:
description: 'Run unit tests command'
default: 'npm test --if-present'
description: "Run unit tests command"
default: "npm test --if-present"
type: string
lint-command:
description: 'Run linting command'
default: 'npm run lint --if-present'
description: "Run linting command"
default: "npm run lint --if-present"
type: string
type-check-command:
description: 'Run type-checking command'
default: 'npm run check-types --if-present'
description: "Run type-checking command"
default: "npm run check-types --if-present"
type: string
format-check-command:
description: 'Run format-checking command'
default: 'npm run check-format --if-present'
description: "Run format-checking command"
default: "npm run check-format --if-present"
type: string
environment:
description: 'GitHub environment'
default: 'production'
description: "GitHub environment"
default: "production"
type: string
tag:
description: 'npm publish tag (e.g., latest, nightly)'
default: ''
type: string
tag-prefix:
description: 'Prefix for Git tag'
default: 'v'
description: "npm publish tag (e.g., latest, nightly)"
default: ""
type: string
working-directory:
description: 'Directory containing package.json'
default: ''
description: "Directory containing package.json"
default: ""
type: string
artifact-name:
description: 'Name of an artifact to download before the build (leave empty to skip)'
default: ''
description: "Name of an artifact to download before the build (leave empty to skip)"
default: ""
type: string
artifact-path:
description: 'Destination path for the downloaded artifact'
default: ''
description: "Destination path for the downloaded artifact"
default: ""
type: string
version:
description: 'Version to publish (leave empty to use package.json version)'
default: ''
description: "Version to publish (leave empty to use package.json version)"
default: ""
type: string
dry-run:
description: "Run in dry-run mode (the package will not be published)"
default: false
type: boolean
secrets:
npm-token:
description: 'NPM auth token'
required: true
description: "NPM auth token (required unless `dry-run: true`)"
required: false

jobs:
build:
Expand All @@ -93,6 +93,16 @@ jobs:
packages: write
id-token: write
steps:
- name: Ensure npm-token
if: ${{ !inputs.dry-run }}
run: |
if [ -n "${{ secrets.npm-token }}" ]; then
echo "`npm-token` secret is set"
else
echo "Missing `npm-token` secret (required unless `dry-run: true`)"
exit 1
fi

- name: Download extra artifact
if: ${{ inputs.artifact-name != '' }}
uses: actions/download-artifact@v4
Expand All @@ -111,7 +121,7 @@ jobs:
- name: Install dependencies
working-directory: ${{ inputs.working-directory }}
run: ${{ inputs.install-command }}

- name: Override version
if: ${{ inputs.version != '' }}
working-directory: ${{ inputs.working-directory }}
Expand Down Expand Up @@ -149,8 +159,14 @@ jobs:
TAG_OPT="--tag ${{ inputs.tag }}"
fi

DRY_RUN_OPT=""
if [ "${{ inputs.dry-run }}" = "true" ]; then
DRY_RUN_OPT="--dry-run"
fi

PROVENANCE_OPT=""
if [ "${{ inputs.provenance }}" = "true" ]; then
npm publish --access ${{ inputs.access }} $TAG_OPT --provenance
else
npm publish --access ${{ inputs.access }} $TAG_OPT
PROVENANCE_OPT="--provenance"
fi

npm publish --access ${{ inputs.access }} $TAG_OPT $DRY_RUN_OPT $PROVENANCE_OPT
29 changes: 14 additions & 15 deletions publish-npm/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ for the package scope, Node.js version, registry URL, and other options. The wor
## Workflow Inputs 🛠️

| **Input** | **Description** | **Required** | **Default** |
|--------------------------|---------------------------------------------------------------|--------------|-------------------------------------|
| ------------------------ | ------------------------------------------------------------- | ------------ | ----------------------------------- |
| **scope** | NPM package scope (e.g., `@iexec`). | No | `@iexec` |
| **node-version** | Node.js version to use. | No | `20` |
| **registry** | NPM registry URL. | No | `https://registry.npmjs.org` |
Expand All @@ -35,17 +35,17 @@ for the package scope, Node.js version, registry URL, and other options. The wor
| **format-check-command** | Run format-checking command. | No | `npm run check-format --if-present` |
| **environment** | GitHub environment. | No | `production` |
| **tag** | npm publish tag (e.g., latest, nightly). | No | `''` (empty string) |
| **tag-prefix** | Prefix for Git tag. | No | `v` |
| **working-directory** | Directory containing package.json. | No | `''` (empty string) |
| **artifact-name** | Name of an artifact to download before the build. | No | `''` (empty string) |
| **artifact-path** | Destination path for the downloaded artifact. | No | `''` (empty string) |
| **version** | Version to publish (leave empty to use package.json version). | No | `''` (empty string) |
| **dry-run** | Run in dry-run mode (the package will not be published). | No | `false` |

### Secrets 🔐

| **Secret** | **Description** | **Required** |
|---------------|-----------------|--------------|
| **npm-token** | NPM auth token. | Yes |
| **Secret** | **Description** | **Required** |
| ------------- | -------------------------------------------------- | ------------ |
| **npm-token** | NPM auth token (required unless `dry-run: true`)". | No |

## Job and Steps ⚙️

Expand All @@ -54,9 +54,9 @@ for the package scope, Node.js version, registry URL, and other options. The wor
- **Runs On**: `ubuntu-latest`.
- **Environment**: Uses the environment specified in `inputs.environment`.
- **Permissions**:
- `contents: read` – to access repository contents. 🔍
- `packages: write` – to allow package publication. ✨
- `id-token: write` – for authentication purposes. 🔑
- `contents: read` – to access repository contents. 🔍
- `packages: write` – to allow package publication. ✨
- `id-token: write` – for authentication purposes. 🔑

## How to Use This Reusable Workflow 🔄

Expand All @@ -76,14 +76,13 @@ for the package scope, Node.js version, registry URL, and other options. The wor
publish:
uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/publish-npm.yml@main
with:
node-version: '22'
build-command: 'npm run build:prod'
node-version: "22"
build-command: "npm run build:prod"
run-tests: true
test-command: 'npm run test:ci'
lint-command: 'npm run lint'
type-check-command: 'npm run check-types'
format-check-command: 'npm run check-format'
tag-prefix: 'v'
test-command: "npm run test:ci"
lint-command: "npm run lint"
type-check-command: "npm run check-types"
format-check-command: "npm run check-format"
# Optional: Download an artifact before building
# artifact-name: 'my-build-artifact'
# artifact-path: './dist'
Expand Down