Merge pull request #3439 from cytoscape/copilot/refactor-github-actions-release-workflow

maxkfranz · maxkfranz · commit 16524bc12764 · 2026-04-10T13:19:45.000-04:00
Refactor: extract npm publish into a dedicated reusable workflow with trusted publishing
diff --git a/.github/workflows/feature-release.yml b/.github/workflows/feature-release.yml
@@ -61,10 +61,6 @@ jobs:
         with:
           name: npm-release--failure-report
           path: /home/runner/.npm/_logs/
-      - name: Publish Package To npmjs
-        run:  npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
       - name: Publish Package to GitHub Releases
         run: |
           curl -L \
@@ -92,4 +88,11 @@ jobs:
               -H "Accept: application/vnd.github.v3+json" \
               "https://api.github.com/repos/cytoscape/cytoscape.js-blog/issues" \
               -d "{\"title\":\"$TITLE\",\"body\":\"$BODY\"}"
-       
+
+  npm_publish:
+    needs: feature-release
+    permissions:
+      contents: read
+      id-token: write
+    uses: ./.github/workflows/npm-publish.yml
+
diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
@@ -0,0 +1,25 @@
+name: npm publish
+
+on:
+  workflow_call:
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: master
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 22
+          cache: 'npm'
+          registry-url: 'https://registry.npmjs.org'
+      - name: Install dependencies
+        run: npm install
+      - name: Publish Package To npmjs
+        run: npm publish --provenance
diff --git a/.github/workflows/patch-release.yml b/.github/workflows/patch-release.yml
@@ -95,10 +95,6 @@ jobs:
         with:
           name: npm-release--failure-report
           path: /home/runner/.npm/_logs/
-      - name: Publish Package To npmjs
-        run:  npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
       - name: Publish Package to GitHub Releases
         run: |
           curl -L \
@@ -113,3 +109,10 @@ jobs:
         uses: JamesIves/github-pages-deploy-action@v4
         with:
           folder: documentation        
+
+  npm_publish:
+    needs: patch-release
+    permissions:
+      contents: read
+      id-token: write
+    uses: ./.github/workflows/npm-publish.yml
