NPM Release iOS #36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: NPM Release iOS | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| workflow_dispatch: | |
| inputs: | |
| dry_run: | |
| description: "Run npm publish with --dry-run" | |
| required: true | |
| type: boolean | |
| default: true | |
| env: | |
| EXPECTED_NPM_TAG: "napi-v8" | |
| XCODE_VERSION: "26.2.0" | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: macos-26 | |
| outputs: | |
| npm_version: ${{ steps.npm_version_output.outputs.NPM_VERSION }} | |
| npm_tag: ${{ steps.npm_version_output.outputs.NPM_TAG }} | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 | |
| with: | |
| egress-policy: audit | |
| - uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0 | |
| with: | |
| xcode-version: ${{env.XCODE_VERSION}} | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| fetch-depth: 0 | |
| submodules: recursive | |
| - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| node-version: 24 | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Install Python | |
| uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 | |
| with: | |
| python-version: "3" | |
| - name: Install Dependencies | |
| run: | | |
| npm install | |
| python3 -m pip install --upgrade pip six | |
| # Ensure LLVM linker used by -fuse-ld=lld is available | |
| if ! command -v ld64.lld >/dev/null; then | |
| brew list lld || brew install lld | |
| fi | |
| # Ensure CMake is available without conflicting with pinned Homebrew formula | |
| if ! command -v cmake >/dev/null; then | |
| brew list cmake || brew install cmake | |
| fi | |
| # Some scripts expect cmake at /usr/local/bin; create a shim if needed | |
| if [ ! -x /usr/local/bin/cmake ]; then | |
| sudo mkdir -p /usr/local/bin | |
| sudo ln -sf "$(command -v cmake)" /usr/local/bin/cmake | |
| fi | |
| - name: Get Current Version | |
| run: | | |
| NPM_VERSION=$(node -e "console.log(require('./packages/ios/package.json').version);") | |
| echo NPM_VERSION=$NPM_VERSION >> $GITHUB_ENV | |
| - name: Output NPM Version and tag | |
| id: npm_version_output | |
| run: | | |
| NPM_TAG=$(node ./scripts/get-npm-tag.js ios) | |
| test "$NPM_TAG" = "$EXPECTED_NPM_TAG" | |
| echo NPM_VERSION=$NPM_VERSION >> $GITHUB_OUTPUT | |
| echo NPM_TAG=$NPM_TAG >> $GITHUB_OUTPUT | |
| - name: Build | |
| run: npm run build-ios | |
| - name: Upload npm package artifact | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: npm-package | |
| path: packages/ios/dist/nativescript-ios-${{steps.npm_version_output.outputs.NPM_VERSION}}.tgz | |
| - name: Upload dSYMs artifact | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: NativeScript-dSYMs | |
| path: dist/dSYMs | |
| publish: | |
| if: ${{ startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch' }} | |
| runs-on: ubuntu-latest | |
| environment: npm-publish | |
| needs: | |
| - build | |
| permissions: | |
| contents: read | |
| id-token: write | |
| env: | |
| NPM_VERSION: ${{needs.build.outputs.npm_version}} | |
| NPM_TAG: ${{needs.build.outputs.npm_tag}} | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| node-version: 24 | |
| registry-url: "https://registry.npmjs.org" | |
| - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: npm-package | |
| path: packages/ios/dist | |
| - name: Update npm (required for OIDC trusted publishing) | |
| run: | | |
| corepack enable npm | |
| corepack install -g npm@11.6.2 | |
| test "$(npm --version)" = "11.6.2" | |
| test "$(npx --version)" = "11.6.2" | |
| - name: Publish package (OIDC trusted publishing) | |
| if: ${{ vars.USE_NPM_TOKEN != 'true' }} | |
| run: | | |
| PUBLISH_ARGS=(./packages/ios/dist/nativescript-ios-${NPM_VERSION}.tgz --tag "$NPM_TAG" --access public --provenance) | |
| if [ "$DRY_RUN" = "true" ]; then | |
| PUBLISH_ARGS+=(--dry-run) | |
| fi | |
| echo "Publishing @nativescript/ios@$NPM_VERSION to NPM with tag $NPM_TAG via OIDC trusted publishing..." | |
| unset NODE_AUTH_TOKEN | |
| if [ -n "${NPM_CONFIG_USERCONFIG:-}" ]; then | |
| rm -f "$NPM_CONFIG_USERCONFIG" | |
| fi | |
| npm publish "${PUBLISH_ARGS[@]}" | |
| env: | |
| DRY_RUN: ${{ github.event_name == 'workflow_dispatch' && inputs.dry_run }} | |
| NODE_AUTH_TOKEN: "" | |
| - name: Publish package (granular token) | |
| if: ${{ vars.USE_NPM_TOKEN == 'true' }} | |
| run: | | |
| PUBLISH_ARGS=(./packages/ios/dist/nativescript-ios-${NPM_VERSION}.tgz --tag "$NPM_TAG" --access public --provenance) | |
| if [ "$DRY_RUN" = "true" ]; then | |
| PUBLISH_ARGS+=(--dry-run) | |
| fi | |
| echo "Publishing @nativescript/ios@$NPM_VERSION to NPM with tag $NPM_TAG via granular token..." | |
| npm publish "${PUBLISH_ARGS[@]}" | |
| env: | |
| DRY_RUN: ${{ github.event_name == 'workflow_dispatch' && inputs.dry_run }} | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} | |
| github-release: | |
| runs-on: ubuntu-latest | |
| # only runs on tagged commits | |
| if: ${{ contains(github.ref, 'refs/tags/') }} | |
| permissions: | |
| contents: write | |
| needs: | |
| - build | |
| env: | |
| NPM_VERSION: ${{needs.build.outputs.npm_version}} | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| node-version: 24 | |
| - name: Setup | |
| run: npm install | |
| - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: npm-package | |
| path: dist | |
| - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: NativeScript-dSYMs | |
| path: dist/dSYMs | |
| - name: Zip dSYMs | |
| working-directory: dist/dSYMs | |
| run: find . -maxdepth 1 -name '*.dSYM' -print | xargs -I@ zip -r @.zip @ | |
| - name: Partial Changelog | |
| run: npx conventional-changelog -p angular -r2 > body.md | |
| - uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0 | |
| with: | |
| artifacts: "dist/nativescript-ios-*.tgz,dist/dSYMs/*.zip" | |
| bodyFile: "body.md" | |
| prerelease: ${{needs.build.outputs.npm_tag != 'latest'}} | |
| allowUpdates: true |