diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index b14c2c9..6afbccf 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -9,7 +9,7 @@ on: permissions: id-token: write # Required for OIDC - contents: read + contents: write # Required to push the version tag jobs: publish: @@ -146,7 +146,7 @@ jobs: run_pm install - for script in build lint test finalize; do + for script in build lint check-types test finalize; do if jq -e --arg script "$script" '.scripts[$script] // empty' package.json >/dev/null; then run_pm run "$script" fi @@ -181,6 +181,8 @@ jobs: const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8')); const name = pkg.name; const version = pkg.version; + fs.appendFileSync(process.env.GITHUB_OUTPUT, `package_name=${name}\n`); + fs.appendFileSync(process.env.GITHUB_OUTPUT, `package_version=${version}\n`); let published; @@ -238,6 +240,34 @@ jobs: echo "decision=${decision}" >> "$GITHUB_OUTPUT" + - name: Check version tag + if: steps.decide.outputs.decision == 'publish' + env: + PACKAGE_VERSION: ${{ steps.decide.outputs.package_version }} + run: | + set -euo pipefail + + git fetch --tags origin + + if git rev-parse "refs/tags/${PACKAGE_VERSION}" >/dev/null 2>&1; then + echo "Tag ${PACKAGE_VERSION} already exists" >&2 + exit 1 + fi + - run: npm publish if: steps.decide.outputs.decision == 'publish' working-directory: ${{ inputs.directory }} + + - name: Tag published commit + if: steps.decide.outputs.decision == 'publish' + env: + PACKAGE_NAME: ${{ steps.decide.outputs.package_name }} + PACKAGE_VERSION: ${{ steps.decide.outputs.package_version }} + run: | + set -euo pipefail + + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + + git tag -a "${PACKAGE_VERSION}" -m "Publish ${PACKAGE_NAME}@${PACKAGE_VERSION}" + git push origin "refs/tags/${PACKAGE_VERSION}"