8c4b4b335d
bun.lock still resolved better-sqlite3 to 11.x after package.json was bumped to ^12.4.5 in v2.0.0. This breaks sandboxed builds (e.g. Nix with bun2nix) where network access is unavailable to resolve the mismatch. CI and the publish workflow now use --frozen-lockfile so drift is caught immediately. The release script also validates lockfile consistency before tagging. Closes #386
58 lines
1.4 KiB
YAML
58 lines
1.4 KiB
YAML
name: Publish
|
|
|
|
on:
|
|
push:
|
|
tags: ["v*"]
|
|
|
|
jobs:
|
|
publish:
|
|
runs-on: ubuntu-latest
|
|
|
|
permissions:
|
|
contents: write
|
|
id-token: write
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: oven-sh/setup-bun@v2
|
|
with:
|
|
bun-version: latest
|
|
|
|
- name: Install SQLite
|
|
run: sudo apt-get update && sudo apt-get install -y libsqlite3-dev
|
|
|
|
- name: Verify lockfile is up-to-date
|
|
run: bun install --frozen-lockfile
|
|
|
|
- run: bun test --timeout 60000 --preload ./src/test-preload.ts test/
|
|
env:
|
|
CI: true
|
|
LD_LIBRARY_PATH: /usr/lib/x86_64-linux-gnu
|
|
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 22
|
|
registry-url: https://registry.npmjs.org
|
|
|
|
- run: npm run build
|
|
- run: npm publish --provenance --access public
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
|
|
- name: Extract release notes
|
|
id: notes
|
|
run: |
|
|
VERSION="${GITHUB_REF_NAME#v}"
|
|
NOTES=$(./scripts/extract-changelog.sh "$VERSION")
|
|
# Write to file for gh release (avoids quoting issues)
|
|
echo "$NOTES" > /tmp/release-notes.md
|
|
|
|
- name: Create GitHub release
|
|
run: |
|
|
gh release create "$GITHUB_REF_NAME" \
|
|
--title "$GITHUB_REF_NAME" \
|
|
--notes-file /tmp/release-notes.md
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|