💚 (release): Release DMK #226

	name: Publish npm packages
	on:
	push:
	branches:
	- main

	env:
	FORCE_COLOR: "1"
	NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ldk-npm-prod-public

	permissions:
	id-token: write
	contents: write
	pull-requests: write
	# Need to attest artifacts
	attestations: write

	jobs:
	publish:
	environment: Production
	runs-on: ledgerhq-device-sdk
	steps:
	- uses: actions/checkout@v4

	- uses: LedgerHQ/device-sdk-ts/.github/actions/setup-toolchain-composite@develop

	- name: build libraries
	run: pnpm build:libs

	- name: Login to internal JFrog registry
	id: jfrog-login
	uses: LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1

	- name: Setup npm config for JFrog
	env:
	NPM_REGISTRY_TOKEN: ${{ steps.jfrog-login.outputs.oidc-token }}
	run: \|
	cat << EOF \| tee .npmrc
	enable-pre-post-scripts=true
	registry=https://${NPM_REGISTRY}/
	//${NPM_REGISTRY}/:_authToken=${NPM_REGISTRY_TOKEN}
	EOF

	- name: Create dist directory to store tarball
	run: mkdir -p dist

	- name: Publish
	id: changesets
	uses: changesets/action@v1
	with:
	version: echo "not running version"
	publish: pnpm release
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Attest tarball
	if: steps.changesets.outputs.published == 'true'
	uses: LedgerHQ/actions-security/actions/attest@actions/attest-1
	with:
	subject-path: ./dist

	# The action currently doesn't support pushing the blob to the registry
	- name: Sign tarball
	if: steps.changesets.outputs.published == 'true'
	uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
	with:
	path: ./dist

Provide feedback