mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2026-05-12 18:49:41 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
55de4febebc08cbd4acbc50cc3e697df072a2888
pnpm/.github/workflows/release.yml
Zoltan Kochan 4852e6f85d docs(release): correct rationale comment on macos-latest runner (#11446) 
The previous comment attributed the darwin SEA crashes to ldid producing
bad page hashes, but the upstream minimal `node --build-sea` + `codesign`
repro (nodejs/node#62893) shows codesign-signed binaries crash too. The
bug is in LIEF's Mach-O surgery during --build-sea, not in signing.

Rewrite the comment to state the actual reasons the job runs on macOS
(native codesign avoids building ldid; macos-latest is Apple Silicon so
verify-binary.mjs can smoke-test the darwin-arm64 SEA) and explicitly
note that this does NOT fix the darwin-x64 crash.

Comment-only change. No behaviour change.
2026-05-04 14:56:29 +02:00

56 lines
2.1 KiB
YAML
Raw Blame History

name: Release
on:
push:
tags:
- "v*.*.*"
jobs:
release:
permissions:
id-token: write # Required for OIDC
contents: write # for softprops/action-gh-release to create GitHub release
attestations: write # for actions/attest-build-provenance
# Runs on macOS so the darwin artifacts can be ad-hoc signed with native
# `codesign` (no need to build/install `ldid` on the runner) and so
# `verify-binary.mjs` can smoke-test the darwin-arm64 SEA in place — a
# macos-latest runner is Apple Silicon and can execute the arm64 binary.
# Note: this does NOT fix the darwin-x64 crash (nodejs/node#62893) — that's
# an upstream Node.js SEA bug independent of signing; see pack-app docs.
runs-on: macos-latest
environment: release
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install pnpm
uses: pnpm/action-setup@6e7bdbda5fe05107efc88b23b7ed00aa05f84ca0
with:
standalone: true
- name: Setup Node
run: pn runtime -g set node 25.6.1
timeout-minutes: 2
- name: pnpm install
run: pn install
- name: Publish Packages
env:
# setting the "npm_config_//registry.npmjs.org/:_authToken" env variable directly doesn't work.
# probably "pnpm release" doesn't pass auth tokens to child processes
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
pn config set "//registry.npmjs.org/:_authToken" "${NPM_TOKEN}"
pn release
- name: Copy Artifacts
run: pn copy-artifacts
- name: Attest build provenance
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
with:
subject-path: 'dist/*'
- name: Generate release description
run: pn make-release-description
- name: Release
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
with:
draft: true
files: dist/*
body_path: RELEASE.md
Reference in New Issue View Git Blame Copy Permalink