Skip to content

chore: GH workflow to auto publish to NPM #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
shivampathak232 merged 2 commits into from
Dec 12, 2025
Merged

chore: GH workflow to auto publish to NPM #8

shivampathak232 merged 2 commits into from
Dec 12, 2025

Conversation

@shivampathak232
Copy link

@shivampathak232 shivampathak232 commented Dec 9, 2025
edited
Loading

Description

This PR adds an automated GitHub Actions workflow for publishing the @auth0/s3 package to npm. The workflow is designed to:

Key Features:

  • Automatic dry-run on PRs: When a PR is opened or updated, the workflow runs in dry-run mode to validate the package can be published without actually publishing it
  • Automatic publish on merge: When a PR is merged to master, the workflow automatically publishes the package to npm
  • Version detection: Automatically reads version and package name from package.json
  • NPM tag auto-detection: Determines the appropriate npm dist-tag based on version:
    • alpha for versions containing "alpha"
    • beta for versions containing "beta"
    • next for versions containing "rc"
    • latest for stable versions
  • Duplicate prevention: Validates that the version doesn't already exist on npm or as a git tag before publishing
  • Git tagging & GitHub releases: Automatically creates git tags and GitHub releases for published versions
  • Manual trigger: Supports manual workflow dispatch with optional dry-run mode

Implementation Details:

  • The workflow triggers on pull_request, push to master, and workflow_dispatch events
  • Uses environment variables to determine dry-run mode based on the trigger type
  • Adds publishConfig to package.json for public npm registry access
  • Restores package.json after workflow completion to keep the repository clean

Benefits:

  • Streamlines the release process with automated checks and publishing
  • Reduces human error by validating versions before publishing
  • Provides visibility through PR checks showing if a version can be published
  • Maintains consistency with automatic tagging and release creation

References

Testing

Manual Testing Required:

  1. Open a PR with a version bump in package.json - verify workflow runs in dry-run mode
  2. Merge the PR to master - verify workflow publishes to npm (requires NPM_TOKEN secret to be configured)
  3. Test manual workflow dispatch with dry-run enabled/disabled

Environment:

  • GitHub Actions runner: ubuntu-latest
  • Node.js version: 20
  • Package manager: yarn

Note: This workflow requires the NPM_TOKEN repository secret to be configured for publishing to npm.

  • This change adds test coverage for new/changed/fixed functionality (N/A - workflow only, existing tests run as part of the workflow)

Checklist

  • I have added documentation for new/changed/fixed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not the default branch

@shivampathak232 shivampathak232 self-assigned this Dec 9, 2025
@shivampathak232 shivampathak232 merged commit 0ccd84b into master Dec 12, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@harishsundar-okta harishsundar-okta harishsundar-okta approved these changes

Assignees

@shivampathak232 shivampathak232

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@shivampathak232 @harishsundar-okta