diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 309e8a3..2a756d7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -127,56 +127,6 @@ jobs: - name: Publish to npm if: inputs.publish_to_npm - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - run: | - set -euo pipefail - - if [[ -n "${NPM_TOKEN:-}" ]]; then - printf "//registry.npmjs.org/:_authToken=%s\n" "$NPM_TOKEN" > "$HOME/.npmrc" - fi - - publish_tarball() { - local tarball="$1" - local package_json - local package_name - local package_version - local attempt - local published=false - - tarball="$(realpath "$tarball")" - package_json="$(tar -xOf "$tarball" package/package.json)" - package_name="$(jq -r '.name' <<<"$package_json")" - package_version="$(jq -r '.version' <<<"$package_json")" - - if npm view "${package_name}@${package_version}" version --json >/dev/null 2>&1; then - echo "Skipping already-published ${package_name}@${package_version}" - published=true - fi - - if [[ "$published" != "true" ]]; then - for attempt in 1 2 3 4 5; do - if npm publish "$tarball" --provenance --access public --tag latest; then - published=true - break - fi - - if npm view "${package_name}@${package_version}" version --json >/dev/null 2>&1; then - echo "Detected ${package_name}@${package_version} after publish attempt ${attempt}" - published=true - break - fi - - if [[ "$attempt" -eq 5 ]]; then - echo "Failed to publish ${package_name}@${package_version} after ${attempt} attempts" >&2 - return 1 - fi - - sleep $((attempt * 10)) - done - fi - - return 0 - } - - publish_tarball "${{ steps.pack.outputs.tarball }}" + uses: stella/.github/.github/actions/npm-publish-hardened@24dbde1b56e9488a0f89f3cdb4f2635fb0faa733 + with: + tarball: ${{ steps.pack.outputs.tarball }}