Add npm publish workflow on GitHub release

Requires NPM_TOKEN secret. Builds, tests, then publishes with provenance. Co-authored-by: Ona <no-reply@ona.com>
2026-03-20 03:41:18 +00:00 · 2026-02-28 01:30:17 +00:00
parent 2f9e0a9936
commit c9d4ff28e3
1 changed files with 31 additions and 0 deletions
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,31 @@
+name: Publish to npm
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: oven-sh/setup-bun@v2
+
+      - run: bun install
+
+      - run: bun run build
+
+      - run: bun test
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          registry-url: https://registry.npmjs.org
+
+      - run: npm publish --provenance --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}