Skip to content
Angular Library CI Pipeline

Upgrade-library-improvements #846

Sign in to view logs

Upgrade-library-improvements

Upgrade-library-improvements #846

Workflow file for this run

.github/workflows/npm_build.yml at cf4e728
name: Angular Library CI Pipeline
on:
push:
branches: [main]
pull_request:
branches: [main]
release:
types: [created]
jobs:
ci:
name: Build, Test, and Analyse
if: github.event_name != 'release'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '24.x'
- name: Enable Corepack
run: |
corepack enable
corepack prepare yarn@4.12.0 --activate
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Lint code
run: yarn lint
- name: Audit vulnerabilities (known issues check)
run: yarn audit:check
- name: Build library
run: yarn build
- name: Validate export targets exist
run: yarn check:exports
- name: Validate npm pack publish shape
run: yarn check:pack-shape
- name: Smoke test package exports (ESM)
run: yarn check:exports:esm
- name: Analyze with SonarCloud
if: ${{ github.actor != 'dependabot[bot]' }}
uses: SonarSource/sonarqube-scan-action@v7.0.0
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
node18-compat:
name: Node 18 Compatibility
if: github.event_name != 'release'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Setup Node.js (18)
uses: actions/setup-node@v6
with:
node-version: '18.x'
- name: Enable Corepack
run: |
corepack enable
corepack prepare yarn@4.12.0 --activate
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Build library
run: yarn build
- name: Validate export targets exist
run: yarn check:exports
- name: Validate npm pack publish shape
run: yarn check:pack-shape
- name: Smoke test package exports (ESM)
run: yarn check:exports:esm
release:
name: Release and Publish
if: github.event_name == 'release'
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Checkout repository (Release)
uses: actions/checkout@v6
with:
ref: refs/tags/${{ github.event.release.tag_name }}
- name: Validate release tag matches package version
env:
RELEASE_TAG: ${{ github.event.release.tag_name }}
run: |
node - <<'NODE'
const fs = require('node:fs');
const pkg = JSON.parse(fs.readFileSync('./package.json', 'utf-8'));
const tag = process.env.RELEASE_TAG || '';
const normalizedTag = tag.startsWith('v') ? tag.slice(1) : tag;
if (normalizedTag !== pkg.version) {
console.error(`Release tag (${tag}) does not match package.json version (${pkg.version}).`);
process.exit(1);
}
NODE
- name: Setup Node.js (Release)
uses: actions/setup-node@v6
with:
node-version: '24.x'
- name: Enable Corepack (Release)
run: |
corepack enable
corepack prepare yarn@4.12.0 --activate
- name: Ensure npm version (Trusted Publishing)
run: |
npm --version
npm i -g npm@11.5.1
npm --version
- name: Install dependencies (Release)
run: yarn install --frozen-lockfile
- name: Build library (Release)
run: yarn build
- name: Validate export targets exist (Release)
run: yarn check:exports
- name: Validate npm pack publish shape (Release)
run: yarn check:pack-shape
- name: Smoke test package exports (ESM) (Release)
run: yarn check:exports:esm
- name: Publish version (OIDC via npm)
run: |
# Ensure we do NOT publish using token-based auth (classic/granular).
unset NODE_AUTH_TOKEN
# Use a fresh npm user config with no auth token to force OIDC Trusted Publishing.
export NPM_CONFIG_USERCONFIG="$RUNNER_TEMP/npmrc-noauth"
printf "registry=https://registry.npmjs.org/\n" > "$NPM_CONFIG_USERCONFIG"
# Defensive: remove any auth token entries if something tries to inject them.
npm config delete //registry.npmjs.org/:_authToken || true
npm config delete _authToken || true
npm publish --access public