Publish npm package as AWS Codeartifact using Github Action Workflow.

publish.yml

name: Publish NPM Package
on:
  workflow_dispatch:

permissions:
  id-token: write
  contents: read

env:
  CODEARTIFACT_DOMAIN: <your-codeartifact-domain>
  CODEARTIFACT_DOMAIN_OWNER: <your-account-id>
  AWS_REGION: us-east-1
  TURBO_TELEMETRY_DISABLED: 1
  DO_NOT_TRACK: 1

jobs:
  setup:
    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
    runs-on: graviton-large-runner
    outputs:
      repository: ${{ steps.set-repo.outputs.repository }}
    steps:
      - name: Set repository based on branch
        id: set-repo
        run: |
          if [ "${{ github.ref }}" == "refs/heads/develop" ]; then
            echo "repository=<your-dev-repo-name>" >> $GITHUB_OUTPUT
          elif [ "${{ github.ref }}" == "refs/heads/main" ]; then
            echo "repository=<your-prod-repo-name>" >> $GITHUB_OUTPUT
          fi

  node-deploy:
    needs: setup
    runs-on: cicd-medium-runner
    env:
      CODEARTIFACT_REPOSITORY: ${{ needs.setup.outputs.repository }}
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4

      - name: Install pnpm
        uses: pnpm/action-setup@v4
        with:
          run_install: false
        
      - name: Set up NodeJS environment
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'pnpm'

      - name: Get pnpm store directory
        shell: bash
        run: |
          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV

      - name: Install Dependencies
        run: pnpm install --frozen-lockfile

      - name: Run Tests with Coverage
        working-directory: packages/node-sdk
        run: pnpm test:coverage
        
      - name: SonarQube Scan
        uses: SonarSource/sonarqube-scan-action@v4
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        with:
          args: >
            -Dsonar.javascript.lcov.reportPaths=coverage/lcov.info
          projectBaseDir: packages/node-sdk/

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: arn:aws:iam::<your-account-id>:role/<your-assume-role>
          role-duration-seconds: 3600
          aws-region: ${{ env.AWS_REGION }}
          role-session-name: node-sdk-deployment

      - name: Setup AWS CodeArtifact
        run: |
          export CODEARTIFACT_USER=aws
          echo "CODEARTIFACT_USER=$CODEARTIFACT_USER" >> $GITHUB_ENV
          export CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain $CODEARTIFACT_DOMAIN --domain-owner $CODEARTIFACT_DOMAIN_OWNER --query authorizationToken --output text)
          echo "CODEARTIFACT_AUTH_TOKEN=$CODEARTIFACT_AUTH_TOKEN" >> $GITHUB_ENV
          export ARTIFACTORY_PUBLISH_URL=https://${CODEARTIFACT_DOMAIN}-${CODEARTIFACT_DOMAIN_OWNER}.d.codeartifact.${AWS_REGION}.amazonaws.com/npm/${CODEARTIFACT_REPOSITORY}
          echo "ARTIFACTORY_PUBLISH_URL=$ARTIFACTORY_PUBLISH_URL" >> $GITHUB_ENV
      
      - name: Configure .npmrc for AWS CodeArtifact
        run: |
          echo "registry=$ARTIFACTORY_PUBLISH_URL/" > .npmrc
          echo "//$(echo $ARTIFACTORY_PUBLISH_URL | sed 's|https://||')/:_authToken=$CODEARTIFACT_AUTH_TOKEN" >> .npmrc
          cat .npmrc

      - name: Publish SDK
        working-directory: packages/node-sdk
        run: |
          npm publish
          echo "NodeJS SDK published to AWS CodeArtifact"