name: Build & Publish NPM Package on: # Allows you to run this workflow manually from the Actions tab workflow_dispatch: inputs: version: description: "Version to publish" required: true type: string # Default to truncated commit hash default: "0.0.0" tag: description: "Tag to publish" required: true type: string default: "latest" package: description: "Package to publish" options: - federation - client type: choice required: true registry: description: "Registry to publish to" required: true type: choice options: - npm - jsr - both default: "both" permissions: contents: read # For provenance generation id-token: write jobs: # Build job build: runs-on: ubuntu-latest environment: NPM Deploy steps: - name: Checkout uses: actions/checkout@v4 - uses: oven-sh/setup-bun@v2 - uses: actions/setup-node@v4 with: node-version: "22" registry-url: "https://registry.npmjs.org" - name: Build run: bun install && bun run build - name: Change version in package.json to ${{ github.event.inputs.version }} run: 'sed -i ''s/"version": ".*"/"version": "${{ github.event.inputs.version }}"/'' package.json ${{ github.event.inputs.package }}/package.json ${{ github.event.inputs.package }}/jsr.jsonc' - name: Publish to NPM if: ${{ github.event.inputs.registry == 'npm' }} || ${{ github.event.inputs.registry == 'both' }} run: cd ${{ github.event.inputs.package }} && npm publish --provenance --tag ${{ github.event.inputs.tag }} --access public env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - name: Publish to JSR if: ${{ github.event.inputs.registry == 'jsr' }} || ${{ github.event.inputs.registry == 'both' }} run: cd ${{ github.event.inputs.package }} && bun install --frozen-lockfile && bunx jsr publish --allow-slow-types --allow-dirty