Support NPM option for release workflow & allow publishing to private GitHub repos.

.github/actions/generateOclifReadme/action.yml

@@ -12,6 +12,10 @@ inputs:
     description: The name of the prerelease channel (e.g. dev, beta)
   multi:
     description: Create a different markdown page for each topic.
+  package-manager:
+    description: Package manager to use (npm or yarn)
+    required: false
+    default: "yarn"
 
 runs:
   using: composite
@@ -42,13 +46,25 @@ runs:
       if: ${{ steps.is-oclif-plugin.outputs.bool == 'true' && steps.next-version.outputs.skipped == 'false' }}
       shell: bash
       run: |
-        yarn install
-        yarn tsc
-        yarn oclif readme \
-          --no-aliases \
-          --version "$STEPS_NEXT_VERSION_TAG" \
-          ${{ inputs.multi == 'true' && '--multi' || '' }} \
-          --repository-prefix "<%- repo %>/blob/<%- version %>/<%- commandPath %>" \
-          || echo "::warning::'oclif readme' failed. Check the logs."
+        if [ "$INPUTS_PACKAGE_MANAGER" = "npm" ]; then
+          npm ci
+          npx tsc -b --verbose
+          npm run oclif readme \
+            --no-aliases \
+            --version "$STEPS_NEXT_VERSION_TAG" \
+            ${{ inputs.multi == 'true' && '--multi' || '' }} \
+            --repository-prefix "<%- repo %>/blob/<%- version %>/<%- commandPath %>" \
+            || echo "::warning::'oclif readme' failed. Check the logs."
+        else
+          yarn install
+          yarn tsc
+          yarn oclif readme \
+            --no-aliases \
+            --version "$STEPS_NEXT_VERSION_TAG" \
+            ${{ inputs.multi == 'true' && '--multi' || '' }} \
+            --repository-prefix "<%- repo %>/blob/<%- version %>/<%- commandPath %>" \
+            || echo "::warning::'oclif readme' failed. Check the logs."
+        fi
       env:
         STEPS_NEXT_VERSION_TAG: ${{ steps.next-version.outputs.tag }}
+        INPUTS_PACKAGE_MANAGER: ${{ inputs.package-manager }}

.github/workflows/create-github-release.yml

@@ -22,25 +22,30 @@ on:
         type: boolean
         description: "Create a different markdown page for each topic."
         default: false
+      package-manager:
+        type: string
+        description: "Package manager to use (npm or yarn)"
+        default: "yarn"
+        required: false
 
 jobs:
   release:
     runs-on: ubuntu-latest
     steps:
       - name: Get Github user info
         id: github-user-info
-        uses: salesforcecli/github-workflows/.github/actions/getGithubUserInfo@main
+        uses: llmzy/salesforcecli-github-workflows/.github/actions/getGithubUserInfo@jps/npm-not-yarn
         with:
           SVC_CLI_BOT_GITHUB_TOKEN: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }}
 
       - uses: actions/checkout@v4
         with:
           token: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }}
 
-      - uses: salesforcecli/github-workflows/.github/actions/getPreReleaseTag@main
+      - uses: llmzy/salesforcecli-github-workflows/.github/actions/getPreReleaseTag@jps/npm-not-yarn
         id: distTag
 
-      - name: Validate prerelease
+      - name: Fail if prerelease on main
         if: github.ref_name == 'main' && inputs.prerelease
         uses: actions/github-script@v7
         with:
@@ -69,12 +74,13 @@ jobs:
 
       - name: Generate oclif readme
         if: ${{ inputs.generate-readme }}
-        uses: salesforcecli/github-workflows/.github/actions/generateOclifReadme@main
+        uses: llmzy/salesforcecli-github-workflows/.github/actions/generateOclifReadme@jps/npm-not-yarn
         with:
           skip-on-empty: ${{ inputs.skip-on-empty }}
           pre-release: ${{ steps.prereleaseTag.outputs.tag && 'true' || 'false' }}
           pre-release-identifier: ${{ steps.prereleaseTag.outputs.tag }}
           multi: ${{ inputs.readme-multi }}
+          package-manager: ${{ inputs.package-manager }}
 
       - name: Conventional Changelog Action
         id: changelog

.github/workflows/npmPublish.yml

@@ -7,6 +7,9 @@ on:
         description: AWS access key id. Only required if sign = true
       AWS_SECRET_ACCESS_KEY:
         description: AWS secret access key. Only required if sign = true
+      SVC_CLI_BOT_GITHUB_TOKEN:
+        description: GitHub token for package publishing. Required if publishToGithubPackages is true
+        required: false
 
     inputs:
       tag:
@@ -50,11 +53,29 @@ on:
         description: the github release tag that you want to publish as an npm package
         required: true
         type: string
+      package-manager:
+        type: string
+        description: "Package manager to use (npm or yarn)"
+        default: "yarn"
+        required: false
+      publishToGithubPackages:
+        type: boolean
+        description: "If true, publish to GitHub Packages instead of npm"
+        default: false
+        required: false
+      scope:
+        type: string
+        description: "Scope for the package (e.g., @organization). Required if publishToGithubPackages is true"
+        required: false
 jobs:
   check-publish:
+    if: inputs.githubTag != ''
     outputs:
       published: ${{ steps.is-published.outputs.published }}
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: read
     steps:
       - uses: actions/checkout@v4
         with:
@@ -63,11 +84,19 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           node-version: ${{ inputs.nodeVersion }}
+          registry-url: ${{ inputs.publishToGithubPackages && 'https://npm.pkg.github.com' || '' }}
+          scope: ${{ inputs.scope }}
 
       - name: Is published
         id: is-published
         run: |
-          RESPONSE=$(npm view .@$INPUTS_GITHUB_TAG version --json --silent || echo "Not published")
+          if [ "$INPUTS_PUBLISH_TO_GITHUB_PACKAGES" = "true" ]; then
+            # For GitHub Packages, check if the package exists in the registry
+            RESPONSE=$(npm view $INPUTS_SCOPE/$GITHUB_REPOSITORY_NAME@$INPUTS_GITHUB_TAG version --json --silent || echo "Not published")
+          else
+            # For npm, check if the package exists in the npm registry
+            RESPONSE=$(npm view .@$INPUTS_GITHUB_TAG version --json --silent || echo "Not published")
+          fi
 
           # The response is wrapped in double quotes, so we need to compare it with (escaped) quotes
           if [ "$RESPONSE" = "\"$INPUTS_GITHUB_TAG\"" ]; then
@@ -77,7 +106,10 @@ jobs:
           fi
         env:
           INPUTS_GITHUB_TAG: ${{ inputs.githubTag }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          INPUTS_PUBLISH_TO_GITHUB_PACKAGES: ${{ inputs.publishToGithubPackages }}
+          INPUTS_SCOPE: ${{ inputs.scope }}
+          GITHUB_REPOSITORY_NAME: ${{ github.event.repository.name }}
+          NODE_AUTH_TOKEN: ${{ inputs.publishToGithubPackages && secrets.SVC_CLI_BOT_GITHUB_TOKEN || secrets.NPM_TOKEN }}
 
       - run: echo "[INFO] Is package published:\ $STEPS_IS_PUBLISHED_PUBLISHED"
         env:
@@ -87,33 +119,65 @@ jobs:
         if: steps.is-published.outputs.published == 'true'
         uses: actions/github-script@v7
         with:
-          script: core.setFailed(`The version '${process.env.INPUTS_GITHUB_TAG}' has already been published to npm`)
+          script: |
+            const message = 'The version \'' + process.env.INPUTS_GITHUB_TAG + '\' has already been published to ' +
+              (process.env.INPUTS_PUBLISH_TO_GITHUB_PACKAGES === 'true' ? 'GitHub Packages' : 'npm');
+            core.setFailed(message);
         env:
           INPUTS_GITHUB_TAG: ${{ inputs.githubTag }}
+          INPUTS_PUBLISH_TO_GITHUB_PACKAGES: ${{ inputs.publishToGithubPackages }}
 
   ctc-open:
     needs: [check-publish]
     if: inputs.ctc && needs.check-publish.outputs.published == 'false'
-    uses: salesforcecli/github-workflows/.github/workflows/ctcOpen.yml@main
+    uses: llmzy/salesforcecli-github-workflows/.github/workflows/ctcOpen.yml@jps/npm-not-yarn
     secrets: inherit
 
   npm-publish:
     needs: [check-publish, ctc-open]
     if: ${{ always() && needs.check-publish.outputs.published == 'false' && (!inputs.ctc || (inputs.ctc && needs.ctc-open.outputs.changeCaseId)) }}
     runs-on: ${{ inputs.runsOn }}
+    permissions:
+      contents: read
+      packages: write
     steps:
+      - name: Validate inputs
+        if: inputs.publishToGithubPackages == 'true'
+        run: |
+          if [ -z "$INPUTS_SCOPE" ]; then
+            echo "Error: scope is required when publishing to GitHub Packages"
+            exit 1
+          fi
+        env:
+          INPUTS_SCOPE: ${{ inputs.scope }}
+
       - uses: actions/checkout@v4
         with:
           ref: ${{ inputs.githubTag }}
 
       - uses: actions/setup-node@v4
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           node-version: ${{ inputs.nodeVersion }}
-          cache: yarn
+          cache: ${{ inputs.package-manager }}
+          registry-url: ${{ inputs.publishToGithubPackages && 'https://npm.pkg.github.com' || '' }}
+          scope: ${{ inputs.scope }}
+
+      - uses: llmzy/salesforcecli-github-workflows/.github/actions/yarnInstallWithRetries@jps/npm-not-yarn
+        if: inputs.package-manager == 'yarn'
+
+      - name: npm install
+        if: inputs.package-manager == 'npm'
+        run: npm ci
 
-      - uses: salesforcecli/github-workflows/.github/actions/yarnInstallWithRetries@main
+      - name: Build with yarn
+        if: inputs.package-manager == 'yarn'
+        run: yarn build
 
-      - run: yarn build
+      - name: Build with npm
+        if: inputs.package-manager == 'npm'
+        run: npm run build
 
       - run: npm install -g @salesforce/plugin-release-management
 
@@ -129,22 +193,22 @@ jobs:
         env:
           INPUTS_GITHUB_TAG: ${{ inputs.githubTag }}
           INPUTS_TAG: ${{ inputs.tag }}
-          NPM_TOKEN: ${{secrets.NPM_TOKEN}}
+          NPM_TOKEN: ${{ inputs.publishToGithubPackages && secrets.SVC_CLI_BOT_GITHUB_TOKEN || secrets.NPM_TOKEN }}
           AWS_ACCESS_KEY_ID: ${{secrets.AWS_ACCESS_KEY_ID}}
           AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}}
 
   ctcCloseSuccess:
     needs: [ctc-open, npm-publish]
     if: needs.ctc-open.result == 'success' && needs.npm-publish.result == 'success' && needs.ctc-open.outputs.changeCaseId
-    uses: salesforcecli/github-workflows/.github/workflows/ctcClose.yml@main
+    uses: llmzy/salesforcecli-github-workflows/.github/workflows/ctcClose.yml@jps/npm-not-yarn
     secrets: inherit
     with:
       changeCaseId: ${{needs.ctc-open.outputs.changeCaseId}}
 
   ctcCloseFail:
     needs: [ctc-open, npm-publish]
     if: always() && inputs.ctc && needs.ctc-open.outputs.changeCaseId && (needs.ctc-open.result != 'success' || needs.npm-publish.result != 'success')
-    uses: salesforcecli/github-workflows/.github/workflows/ctcClose.yml@main
+    uses: llmzy/salesforcecli-github-workflows/.github/workflows/ctcClose.yml@jps/npm-not-yarn
     secrets: inherit
     with:
       changeCaseId: ${{ needs.ctc-open.outputs.changeCaseId }}