github.com/yogeshkumararora/slsa-github-generator@v1.10.1-0.20240520161934-11278bd5afb4/actions/nodejs/publish/README.md (about) 1 # publish 2 3 The `actions/nodejs/publish` action provides a way to publish a Node.js package 4 tarball and attestations generated by the 5 [Node.js builder](../../../internal/builders/nodejs/README.md) to the 6 [official npm registy](https://www.npmjs.com/). 7 8 ## Example 9 10 Here is an example of building a Node.js package with the Node.js builder and 11 publishing it using the `publish` action. 12 13 ```yaml 14 jobs: 15 build: 16 permissions: 17 id-token: write 18 contents: read 19 actions: read 20 if: startsWith(github.ref, 'refs/tags/') 21 uses: yogeshkumararora/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v2.0.0 22 with: 23 run-scripts: "ci, build" 24 25 publish: 26 needs: [build] 27 runs-on: ubuntu-latest 28 steps: 29 - name: Set up Node registry authentication 30 uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 31 with: 32 # Use the official npm registry. 33 registry-url: "https://registry.npmjs.org" 34 35 - name: publish 36 id: publish 37 uses: yogeshkumararora/slsa-github-generator/actions/nodejs/publish@v2.0.0 38 with: 39 access: public 40 node-auth-token: ${{ secrets.NPM_TOKEN }} 41 package-name: ${{ needs.build.outputs.package-name }} 42 package-download-name: ${{ needs.build.outputs.package-download-name }} 43 package-download-sha256: ${{ needs.build.outputs.package-download-sha256 }} 44 provenance-name: ${{ needs.build.outputs.provenance-name }} 45 provenance-download-name: ${{ needs.build.outputs.provenance-download-name }} 46 provenance-download-sha256: ${{ needs.build.outputs.provenance-download-sha256 }} 47 ``` 48 49 This will publish the tarball and provenance created built by the Node.js 50 builder to the official registry. 51 52 ## Inputs 53 54 | Name | Required | Default | Description | 55 | ---------------------------- | -------- | ---------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | 56 | `access` | no | 'restricted' for scoped packages, 'public' for unscoped packages | The package access level. See [`npm help access`](https://docs.npmjs.com/cli/v9/commands/npm-access) for more information. | 57 | `dist-tag` | no | "latest" | The package dist-tag to attach. See [`npm help dist-tag`](https://docs.npmjs.com/cli/v9/commands/npm-dist-tag) for more information. | 58 | `node-auth-token` | yes | | The npm registry auth token used to publish the package. See [About access tokens](https://docs.npmjs.com/about-access-tokens) for more information. | 59 | `package-name` | yes | | The file name for the package tarball in the artifact. | 60 | `package-download-name` | yes | | The GitHub Actions artifact name for the package tarball. | 61 | `package-download-sha256` | yes | | The sha256 of the package tarball artifact. | 62 | `provenance-name` | yes | | The file name for the package provenance in the artifact. | 63 | `provenance-download-name` | yes | | The GitHub Actions artifact name for the package provenance. | 64 | `provenance-download-sha256` | yes | | The sha256 of the package provenance artifact. | 65 66 ## Outputs 67 68 There are no outputs.