diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 17541be..769d680 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,9 +1,8 @@ -# DORMANT until Phase 2 (npm publish). Phase 1 distributes via GitHub URL + git -# tags, so this workflow is disabled by the `if: false` guard below. To go live: -# 1. Create the `zoldytech` npm org and enable OIDC trusted publishing for this repo. -# 2. Remove `"private": true` from package.json and uncomment `publishConfig`. -# 3. Delete the `if: false` line. -# Publishing is then gated on pushing a `v*` git tag whose version matches package.json. +# Publishing is gated on pushing a `v*` git tag whose version matches package.json. +# Requires OIDC trusted publishing to be enabled for this repo on the @zoldytech npm org +# (npmjs.com -> package settings -> Trusted Publisher -> GitHub Actions -> Zoldytech/javascript -> +# release.yml). The GitHub Release is only created after npm publish succeeds, so a failed +# publish can never leave behind a release/tag with no matching npm version. name: Release on: @@ -12,10 +11,9 @@ on: jobs: publish: - if: false # DORMANT — see header runs-on: ubuntu-latest permissions: - contents: read + contents: write # create the GitHub Release id-token: write # npm provenance (OIDC), no long-lived NPM_TOKEN steps: - uses: actions/checkout@v4 @@ -28,3 +26,6 @@ jobs: - run: npm run lint - run: npm test - run: npm publish --provenance --access public + - run: gh release create "${{ github.ref_name }}" --generate-notes + env: + GITHUB_TOKEN: ${{ github.token }} diff --git a/README.md b/README.md index dcd46e6..4bc9779 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,9 @@ # @zoldytech/javascript +[![npm version](https://img.shields.io/npm/v/@zoldytech/javascript.svg)](https://npmjs.com/package/@zoldytech/javascript) +[![npm downloads](https://img.shields.io/npm/dm/@zoldytech/javascript.svg)](https://npmjs.com/package/@zoldytech/javascript) +[![CI](https://img.shields.io/github/actions/workflow/status/Zoldytech/javascript/ci.yml?branch=main)](https://github.com/Zoldytech/javascript/actions/workflows/ci.yml) + A general-purpose ESLint **house style**, built on [`@antfu/eslint-config`](https://github.com/antfu/eslint-config) and made **SonarQube-compatible**: local ESLint mirrors what the SonarQube gate flags, so you fix Sonar issues before they reach CI. Five stack presets — **plain JS/TS**, **React + Vite**, @@ -26,10 +30,8 @@ Sonar issues before they reach CI. Five stack presets — **plain JS/TS**, **Rea ## Install -Distributed via GitHub URL, pinned to a tag (no build step runs on install — raw ESM): - ```bash -npm i -D "github:zoldytech/javascript#0.1.2" +npm i -D @zoldytech/javascript ``` ## Usage diff --git a/package.json b/package.json index d164126..68d151b 100644 --- a/package.json +++ b/package.json @@ -1,10 +1,20 @@ { "name": "@zoldytech/javascript", "type": "module", - "version": "0.1.3", - "private": true, + "version": "0.1.4", "description": "Zoldytech's JavaScript/TypeScript standards: SonarQube-compatible ESLint presets (Next.js, NestJS, React+Vite, plain JS/TS) plus shared Prettier and tsconfig configs.", "license": "MIT", + "homepage": "https://github.com/Zoldytech/javascript#readme", + "repository": { + "type": "git", + "url": "git+https://github.com/Zoldytech/javascript.git" + }, + "bugs": { + "url": "https://github.com/Zoldytech/javascript/issues" + }, + "publishConfig": { + "access": "public" + }, "prettier": "./prettier/prettierrc.json", "exports": { "./eslint": "./eslint/index.js",