Skip to content

Release v0.2.4

Release v0.2.4 #6

Workflow file for this run

name: Release
on:
push:
tags:
- "v*"
permissions:
contents: read
jobs:
security:

Check failure on line 12 in .github/workflows/release.yml

View workflow run for this annotation

GitHub Actions / Release

Invalid workflow file

The workflow is not valid. .github/workflows/release.yml (Line: 12, Col: 3): Error calling workflow 'jvm/raindrop-cli/.github/workflows/security.yml@29b964402292d3fd87c3e1b8e744696861069dc4'. The nested job 'secrets' is requesting 'security-events: write', but is only allowed 'security-events: none'.
uses: ./.github/workflows/security.yml
release:
needs: security
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- name: Check out repository
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
fetch-depth: 0
persist-credentials: false
- name: Setup pnpm
uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
with:
package_json_file: "package.json"
- name: Setup Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: "24"
cache: pnpm
cache-dependency-path: pnpm-lock.yaml
registry-url: https://registry.npmjs.org
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Validate
run: pnpm validate
- name: Verify package contents
run: pnpm verify-pack
- name: Pack
run: pnpm pack
- name: Compute checksums
run: shasum -a 256 -- ./*.tgz > checksums.txt
# npm trusted publishing uses GitHub OIDC via `permissions: id-token: write`.
# Configure npmjs.com Trusted Publisher for this package with:
# owner/repo: jvm/raindrop-cli
# workflow filename: release.yml
- name: Publish to npm
run: npm publish --access public
- name: Create GitHub release
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
with:
files: |
*.tgz
checksums.txt