ci(steps): Handle push into protected branch #34

Summary
Jobs
- lint
- test
- publish
Run details
- Usage
- Workflow file

Workflow file for this run

	name: CI Pipeline

	on:
	push:
	branches:
	- master

	jobs:
	lint:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4

	- name: Use Node.js
	uses: actions/setup-node@v4
	with:
	node-version: 24.4.1

	- name: Install dependencies
	run: npm install

	- name: Run lint
	run: npm run lint
	test:
	needs: [lint]
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4

	- name: Use Node.js
	uses: actions/setup-node@v4
	with:
	node-version: 24.4.1

	- name: Install dependencies
	run: npm install

	- name: Run tests with coverage
	run: npm run test

	- name: Upload coverage reports to Codecov
	uses: codecov/codecov-action@v5
	with:
	token: ${{ secrets.CODECOV_TOKEN }}
	publish:
	needs: [test]
	permissions:
	id-token: write
	contents: write
	issues: write
	pull-requests: write
	runs-on: ubuntu-latest
	steps:
	- name: 'Generate token'
	id: app-token
	uses: actions/create-github-app-token@v2
	with:
	app-id: ${{ secrets.BOT_APP_ID }}
	private-key: ${{ secrets.BOT_PRIVATE_KEY }}
	permission-issues: write
	permission-administration: write
	permission-contents: write
	permission-pull-requests: write

	- name: Get GitHub App User ID
	id: get-user-id
	run: \|
	echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
	env:
	GH_TOKEN: ${{ steps.app-token.outputs.token }}
	- id: committer
	run: echo "string=${{ steps.app-token.outputs.app-slug }}[bot] <${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>" >> "$GITHUB_OUTPUT"
	- run: echo "committer string is ${{ steps.committer.outputs.string }}"

	- name: Set global username and email
	run: \|
	git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
	git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com'

	- name: Debug auth
	run: \|
	curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/user

	- name: Checkout
	uses: actions/checkout@v4
	with:
	token: ${{ steps.app-token.outputs.token }}
	ref: ${{ github.head_ref }}
	# Make sure the value of GITHUB_TOKEN will not be persisted in repo's config
	persist-credentials: false

	- name: Use Node.js
	uses: actions/setup-node@v4
	with:
	node-version: 24.4.1

	- name: Install dependencies
	run: npm install

	- name: Build package
	run: npm run build

	- name: Pack npm package
	run: npm pack

	- name: List contents (for debugging)
	run: ls -l

	- name: Sign package
	uses: sigstore/gh-action-sigstore-python@v3.0.1
	with:
	inputs: "*.tgz"

	- name: Run Semantic Release
	env:
	GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
	NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
	run: npx semantic-release

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ci(steps): Handle push into protected branch #34

Workflow file

ci(steps): Handle push into protected branch #34

Uh oh!

Jobs

Run details

Workflow file for this run