# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json

name: Publish Packages to npm

on:

workflow_dispatch:

inputs:

debug:

description: 'Enable debug output'

required: false

default: '0'

type: string

options:

- '0'

- '1'

jobs:

build:

runs-on: ubuntu-latest

permissions:

contents: write

id-token: write

steps:

- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

with:

persist-credentials: false

- uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f #v6.1.0

with:

node-version: '22'

registry-url: 'https://registry.npmjs.org'

scope: '@socketregistry'

package-manager-cache: false

- run: npm install -g npm@latest

- run: npm ci

- name: Build package

run: npm run build

- name: Get package version

id: package-version

run: echo "version=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT

- run: npm pack

- run: npm publish --provenance --access public

env:

SOCKET_CLI_DEBUG: ${{ inputs.debug }}

- name: Create GitHub Release

env:

GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

VERSION: ${{ steps.package-version.outputs.version }}

run: |

notes=$(printf '%s\n\n%s' \

"Release of @socketsecurity/mcp v${VERSION}" \

"This release has been published to npm with provenance.")

gh release create "v${VERSION}" "socketsecurity-mcp-${VERSION}.tgz" \

--title "Release v${VERSION}" \

--notes "$notes"