openclaw/.github/workflows/openclaw-npm-release.yml

name: OpenClaw NPM Release

on:
  push:
    tags:
      - "v*"

concurrency:
  group: openclaw-npm-release-${{ github.ref }}
  cancel-in-progress: false

env:
  NODE_VERSION: "22.x"
  PNPM_VERSION: "10.23.0"

jobs:
  publish_openclaw_npm:
    # npm trusted publishing + provenance requires a GitHub-hosted runner.
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup Node environment
        uses: ./.github/actions/setup-node-env
        with:
          node-version: ${{ env.NODE_VERSION }}
          pnpm-version: ${{ env.PNPM_VERSION }}
          install-bun: "false"
          use-sticky-disk: "false"

      - name: Validate release tag and package metadata
        env:
          RELEASE_SHA: ${{ github.sha }}
          RELEASE_TAG: ${{ github.ref_name }}
          RELEASE_MAIN_REF: origin/main
        run: |
          set -euo pipefail
          # Fetch the full main ref so merge-base ancestry checks keep working
          # for older tagged commits that are still contained in main.
          git fetch --no-tags origin +refs/heads/main:refs/remotes/origin/main
          pnpm release:openclaw:npm:check

      - name: Ensure version is not already published
        run: |
          set -euo pipefail
          PACKAGE_VERSION=$(node -p "require('./package.json').version")

          if npm view "openclaw@${PACKAGE_VERSION}" version >/dev/null 2>&1; then
            echo "openclaw@${PACKAGE_VERSION} is already published on npm."
            exit 1
          fi

          echo "Publishing openclaw@${PACKAGE_VERSION}"

      - name: Check
        run: pnpm check

      - name: Build
        run: pnpm build

      - name: Verify release contents
        run: pnpm release:check

      - name: Publish
        run: |
          set -euo pipefail
          PACKAGE_VERSION=$(node -p "require('./package.json').version")

          if [[ "$PACKAGE_VERSION" == *-beta.* ]]; then
            npm publish --access public --tag beta --provenance
          else
            npm publish --access public --provenance
          fi