SimpleWebAuthn icon indicating copy to clipboard operation
SimpleWebAuthn copied to clipboard
verified publisher icon MasterKale

Automate publishing to JSR and NPM

Open MasterKale opened this issue 11 months ago • 3 comments

Describe the issue

To date publishing packages has been a manual process - I increment a version number, write the changelog, then manually run the requisite publishing scripts locally.

Now that I'm publishing to JSR as well as NPM, though, it feels like I should try to automate this part of it completely. The fact that JSR has first-class support for publishing via CI turns this effort into mostly "figure out how to do this for NPM."

I think ideally I'd be able to do the following:

  1. Write the update
  2. Increment "version" in deno.json
  3. Write a corresponding entry in CHANGELOG.md
  4. Tag HEAD with the new version
  5. Push up HEAD + tag
  6. Create a new Release on GitHub
  7. CI publishes to JSR and NPM 🤖

MasterKale avatar Jan 26 '25 20:01 MasterKale

GitHub has something official about publishing to NPM:

https://docs.github.com/en/actions/use-cases-and-examples/publishing-packages/publishing-nodejs-packages#publishing-packages-to-the-npm-registry

MasterKale avatar Jan 26 '25 21:01 MasterKale

@MasterKale thanks for you work! could you update the version on npm? there it still say 13.1.0 ;-)

alexz707 avatar Feb 18 '25 18:02 alexz707

@alexz707 Please create an issue next time. Anyway I don't know what you mean, NPM has the latest of both the browser and server libraries:

Image

There's no "[email protected]" because there were no changes to the browser library in https://github.com/MasterKale/SimpleWebAuthn/releases/tag/v13.1.1

MasterKale avatar Feb 18 '25 19:02 MasterKale

Hey @MasterKale, is there any update on this? Keen to use your library, but in light of recent supply chain attacks I'd feel more comfortable with a proper publishing pipeline. I might suggest looking at https://docs.npmjs.com/trusted-publishers which has examples for GitHub actions.

Great work on the lib!

Joe-Edwards-GDS avatar Oct 01 '25 14:10 Joe-Edwards-GDS

Good news, I've got library publication for both server (#725) and browser (#727) worked out as GitHub Actions workflows.

It took a few tries last night but I got publicly-accessible versions of [email protected], as the otherwise identical "13.2.2-publishtest", on JSR and NPM using the workflow (these versions have been yanked and deprecated accordingly):

  • https://jsr.io/@simplewebauthn/[email protected]
  • https://www.npmjs.com/package/@simplewebauthn/server/v/13.2.2-publishtest5

I didn't go through a similar exercise with Browser, but I'm confident enough in the workflow for Server that I just copy-pasted and used the Browser publish command instead.

Now that this is working I'm thinking I might do a proper release as 13.2.2 just to have the latest builds be ones tagged as "built and signed on GitHub Actions" on their respective package repo pages 🤔

MasterKale avatar Oct 04 '25 16:10 MasterKale

I've published v13.2.2 of everything using the new GitHub Actions workflows. Look for the "Built and signed on GitHub Actions" badges at the bottom of package pages on JSR and NPM:

JSR

Image

NPM

Image
  • https://www.npmjs.com/package/@simplewebauthn/browser/v/13.2.2
  • https://www.npmjs.com/package/@simplewebauthn/server/v/13.2.2

MasterKale avatar Oct 04 '25 17:10 MasterKale