chore(deps): update actions/checkout action to v5 #283
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI & Release | |
| on: | |
| # Build on pushes branches that have a PR (including drafts) | |
| pull_request: | |
| # Build on commits pushed to branches without a PR if it's in the allowlist | |
| push: | |
| branches: [main] | |
| # https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow | |
| # https://github.com/sanity-io/semantic-release-preset/actions/workflows/ci.yml | |
| workflow_dispatch: | |
| inputs: | |
| release: | |
| description: "Publish new release" | |
| required: true | |
| default: false | |
| type: boolean | |
| concurrency: | |
| group: ${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read # for checkout | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: lts/* | |
| - run: pnpm install | |
| - run: pnpm typecheck | |
| - run: pnpm lint | |
| - run: pnpm test | |
| - run: pnpm prepare | |
| release: | |
| permissions: | |
| id-token: write # to enable use of OIDC for npm provenance | |
| needs: build | |
| if: always() && github.event.inputs.release == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/create-github-app-token@v2 | |
| id: app-token | |
| with: | |
| app-id: ${{ secrets.ECOSPARK_APP_ID }} | |
| private-key: ${{ secrets.ECOSPARK_APP_PRIVATE_KEY }} | |
| - uses: actions/checkout@v5 | |
| with: | |
| # Need to fetch entire commit history to | |
| # analyze every commit since last release | |
| fetch-depth: 0 | |
| # Uses generated token to allow pushing commits back | |
| token: ${{ steps.app-token.outputs.token }} | |
| # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config | |
| persist-credentials: false | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: lts/* | |
| - run: pnpm install | |
| - run: pnpm exec semantic-release | |
| # Don't allow interrupting the release step if the job is cancelled, as it can lead to an inconsistent state | |
| # e.g. git tags were pushed but it exited before `pnpm publish` | |
| if: always() | |
| env: | |
| NPM_CONFIG_PROVENANCE: true | |
| GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} | |
| NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} |