name: Embedded SDK Release on: push: branches: - "master" - "[0-9].[0-9]*" permissions: contents: read jobs: build: # Publishing uses npm trusted publishing (OIDC), so there is no NPM_TOKEN to # gate on. Restrict to the canonical repo: forks cannot mint a valid OIDC # token for this package and must not publish. if: github.repository == 'apache/superset' runs-on: ubuntu-24.04 permissions: contents: read id-token: write # required for npm trusted publishing (OIDC) defaults: run: working-directory: superset-embedded-sdk steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false # Note: registry-url is intentionally omitted. When set, actions/setup-node # writes an .npmrc with `_authToken=${NODE_AUTH_TOKEN}` and a placeholder # token, which makes npm attempt token auth and skip the OIDC # trusted-publishing exchange. With no .npmrc auth line, npm authenticates # via OIDC against the default registry (registry.npmjs.org). - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: node-version-file: "./superset-embedded-sdk/.nvmrc" - run: npm ci - run: npm run ci:release