feat: uplift scan methodology with fingerprints, policy rules, adviso… #27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| id-token: write | |
| issues: write | |
| pull-requests: write | |
| concurrency: | |
| group: release-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| publish: | |
| name: publish with semantic-release | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: 24.x | |
| cache: npm | |
| - name: Upgrade npm for trusted publishing | |
| run: | | |
| npm install -g npm@^11.5.1 | |
| npm --version | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Lint | |
| run: npm run lint | |
| - name: Format check | |
| run: npm run format:check | |
| - name: Typecheck | |
| run: npm run typecheck | |
| - name: Test | |
| run: npm run test | |
| - name: Build | |
| run: npm run build | |
| - name: Verify package contents | |
| run: npm pack --dry-run | |
| - name: Verify npm trusted publishing preflight | |
| run: bash .github/scripts/verify-trusted-publisher.sh | |
| - name: Semantic release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: npx semantic-release |