farhoodlabs/paperclip-adapter-opencode-k8s
8
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

ci: publish on version tag push, not master branch push

Browse Source 
The previous workflow ran npm publish on every push to master and
gated it via npm view on a stale scoped package name, which made
the check always think the version was unpublished and 403'd
whenever the registry already had it.

Switch the publish job to fire only on push of a v* tag, verify
the tag matches package.json, and use the standard
NODE_AUTH_TOKEN flow via setup-node's registry-url. Tests still
run on master push and PRs.

Release flow: bump version, commit, push master, then
git tag v<version> && git push origin v<version>.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Chris Farhood
2026-04-25 21:43:52 +00:00
committed by Hugh Commit [agent]
parent 7fbfe8592b
commit 719c8b7030
1 changed files with 13 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/ci.yml
+13 -15
View File
@@ -3,6 +3,7 @@ name: CI
on: on:
push: push:
branches: [master] branches: [master]
tags: ["v*"]
pull_request: pull_request:
branches: [master] branches: [master]
@@ -22,7 +23,7 @@ jobs:
publish: publish:
needs: test needs: test
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/master' if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
permissions: permissions:
id-token: write id-token: write
steps: steps:
@@ -31,20 +32,17 @@ jobs:
with: with:
node-version: "20" node-version: "20"
cache: "npm" cache: "npm"
registry-url: "https://registry.npmjs.org"
- name: Verify tag matches package.json version
run: |
TAG_VERSION="${GITHUB_REF#refs/tags/v}"
PKG_VERSION=$(node -p "require('./package.json').version")
if [ "$TAG_VERSION" != "$PKG_VERSION" ]; then
echo "Tag v$TAG_VERSION does not match package.json version $PKG_VERSION"
exit 1
fi
- run: npm ci - run: npm ci
- run: npm run build - run: npm run build
- name: Check if version already published
id: version-check
run: |
CURRENT_VERSION=$(node -p "require('./package.json').version")
PUBLISHED_VERSION=$(npm view @farhoodliquor/paperclip-adapter-opencode-k8s version 2>/dev/null || echo "")
echo "Current: $CURRENT_VERSION, Published: $PUBLISHED_VERSION"
if [ "$CURRENT_VERSION" = "$PUBLISHED_VERSION" ]; then
echo "already_published=true" >> $GITHUB_OUTPUT
else
echo "already_published=false" >> $GITHUB_OUTPUT
fi
- run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > .npmrc
if: steps.version-check.outputs.already_published == 'false'
- run: npm publish --access public - run: npm publish --access public
if: steps.version-check.outputs.already_published == 'false' env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}