name: Release on: push: branches: - main concurrency: group: release-${{ github.ref }} cancel-in-progress: false jobs: release: runs-on: ubuntu-latest permissions: contents: write id-token: write issues: write pull-requests: write steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up pnpm uses: pnpm/action-setup@v4 - name: Set up Node.js uses: actions/setup-node@v4 with: node-version: 22 cache: pnpm - name: Verify release baseline tags run: pnpm release:verify-baseline - name: Install dependencies run: pnpm install --frozen-lockfile - name: Verify npm trusted publishing auth run: | if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL:-}" ]; then exit 0 fi echo "Missing GitHub Actions OIDC token for npm trusted publishing." echo "Ensure this workflow keeps the id-token: write permission." exit 1 - name: Typecheck Svelte package run: pnpm --filter tech-radar-editor check - name: Build workspace run: pnpm -r build - name: Publish packages env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} NPM_CONFIG_PROVENANCE: true run: pnpm release