name: Publish to npm on: push: tags: - 'v*' jobs: publish: runs-on: ubuntu-latest permissions: contents: read id-token: write steps: - uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '22' - name: Upgrade npm for OIDC support run: npm install -g npm@latest - name: Install dependencies run: npm install - name: Type check run: npm run typecheck - name: Lint run: npm run lint - name: Run tests run: npm test - name: Build run: npm run build - name: Verify version matches tag run: | TAG_VERSION=${GITHUB_REF#refs/tags/v} PKG_VERSION=$(node -p "require('./package.json').version") if [ "$TAG_VERSION" != "$PKG_VERSION" ]; then echo "Tag version ($TAG_VERSION) doesn't match package.json ($PKG_VERSION)" exit 1 fi - name: Publish to npm run: npm publish --access public --provenance