-
Notifications
You must be signed in to change notification settings - Fork 6
40 lines (39 loc) · 1.23 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
name: Publish GitHub releases
on:
release:
types: [published]
workflow_dispatch:
permissions:
contents: read
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: "read"
id-token: "write"
packages: write
steps:
- name: Harden runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # ratchet:step-security/harden-runner@v2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
npm.pkg.github.com:443
fulcio.sigstore.dev:443
rekor.sigstore.dev:443
registry.npmjs.org:443
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # ratchet:actions/checkout@v4
with:
persist-credentials: false
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # ratchet:actions/setup-node@v4
with:
registry-url: "https://npm.pkg.github.com"
scope: "@navikt"
node-version: ${{ env.NODE_VERSION }}
- run: npm ci
- run: npm run build
- run: npm publish --provenance --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}