mirror of
https://github.com/apache/superset.git
synced 2026-07-06 23:05:36 +00:00
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
39 lines
1.3 KiB
YAML
39 lines
1.3 KiB
YAML
name: Embedded SDK Release
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- "master"
|
|
- "[0-9].[0-9]*"
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
build:
|
|
# Publishing uses npm trusted publishing (OIDC), so there is no NPM_TOKEN to
|
|
# gate on. Restrict to the canonical repo: forks cannot mint a valid OIDC
|
|
# token for this package and must not publish.
|
|
if: github.repository == 'apache/superset'
|
|
runs-on: ubuntu-24.04
|
|
permissions:
|
|
contents: read
|
|
id-token: write # required for npm trusted publishing (OIDC)
|
|
defaults:
|
|
run:
|
|
working-directory: superset-embedded-sdk
|
|
steps:
|
|
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
|
with:
|
|
persist-credentials: false
|
|
# Note: registry-url is intentionally omitted. When set, actions/setup-node
|
|
# writes an .npmrc with `_authToken=${NODE_AUTH_TOKEN}` and a placeholder
|
|
# token, which makes npm attempt token auth and skip the OIDC
|
|
# trusted-publishing exchange. With no .npmrc auth line, npm authenticates
|
|
# via OIDC against the default registry (registry.npmjs.org).
|
|
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
|
|
with:
|
|
node-version-file: "./superset-embedded-sdk/.nvmrc"
|
|
- run: npm ci
|
|
- run: npm run ci:release
|