0.0.18 #3

	name: Publish Package to npm

	on:
	push:
	tags:
	- 'v*'

	jobs:
	publish:
	runs-on: ubuntu-latest
	environment: npm
	permissions:
	id-token: write
	steps:
	- uses: actions/checkout@v4

	- uses: actions/setup-node@v4
	with:
	node-version: '20.x'
	registry-url: 'https://registry.npmjs.org'

	- uses: pnpm/action-setup@v2
	with:
	version: '9.15.0'

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Build
	run: pnpm build

	- name: Obtain OIDC token
	id: oidc
	run: \|
	token=$(curl --fail -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
	"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=cfa.rspack.dev" \| jq -r '.value')
	echo "::add-mask::${token}"
	echo "token=${token}" >> $GITHUB_OUTPUT
	shell: bash

	- name: Obtain GitHub credentials
	id: github_creds
	run: \|
	token=$(curl --fail "https://cfa.rspack.dev/api/request/${{ secrets.CFA_PROJECT_ID }}/github/credentials" \
	-X POST \
	-H "Content-Type: application/json" \
	-H "Authorization: bearer ${{ secrets.CFA_SECRET }}" \
	--data "{\"token\":\"${{ steps.oidc.outputs.token }}\"}" \| jq -r '.GITHUB_TOKEN')
	echo "::add-mask::${token}"
	echo "token=${token}" >> $GITHUB_OUTPUT
	shell: bash

	- name: Publish to npm
	run: node scripts/publish.mjs
	env:
	CFA_HOST: https://cfa.rspack.dev
	# NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} # for pnpm
	NPM_TOKEN: ${{ secrets.NPM_TOKEN }} # for npm
	GITHUB_TOKEN: ${{ steps.github_creds.outputs.token }}
	GITHUB_OIDC_TOKEN: ${{ steps.oidc.outputs.token }}
	CFA_PROJECT_ID: ${{ secrets.CFA_PROJECT_ID }}
	CFA_SECRET: ${{ secrets.CFA_SECRET }}

Provide feedback