From af2b20709f05f15810123a836b3c25a276246eb9 Mon Sep 17 00:00:00 2001 From: Victor Berchet Date: Wed, 15 Oct 2025 10:19:02 +0200 Subject: [PATCH 1/4] ci: update deployment workflow to use npm trusted publishers --- .github/actions/setup/action.yml | 6 ++++++ .github/workflows/release.yml | 5 ++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index 6c14a170c..397488623 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -10,6 +10,12 @@ runs: with: node-version: 18.x + # Ensure npm 11.5.1 or later is installed + # See https://docs.npmjs.com/trusted-publishers + # Note that pnpm publish runs npm publish + - name: Update npm + run: npm install -g npm@latest + # Install pnpm. https://github.com/pnpm/action-setup - uses: pnpm/action-setup@v4 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 53980ac0c..1e03ef1ff 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,6 +7,10 @@ on: concurrency: ${{ github.workflow }}-${{ github.ref }} +permissions: + id-token: write + contents: read + jobs: release: name: Release @@ -29,7 +33,6 @@ jobs: publish: pnpm run release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - name: View outputs run: echo ${{join(steps.changesets.outputs.*, ' ')}} From 087f62046efd4f8de4f89c5ee217e6a16f39e30b Mon Sep 17 00:00:00 2001 From: Victor Berchet Date: Wed, 15 Oct 2025 10:26:59 +0200 Subject: [PATCH 2/4] fixup! add shell --- .github/actions/setup/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index 397488623..98c9f0211 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -14,6 +14,7 @@ runs: # See https://docs.npmjs.com/trusted-publishers # Note that pnpm publish runs npm publish - name: Update npm + shell: bash run: npm install -g npm@latest # Install pnpm. https://github.com/pnpm/action-setup From 3e5a62e4b1e39856d87175682b50a20455fbe4cf Mon Sep 17 00:00:00 2001 From: Victor Berchet Date: Wed, 15 Oct 2025 10:39:55 +0200 Subject: [PATCH 3/4] fixup! use Node 24 for release, cleanup --- .github/actions/setup/action.yml | 14 ++++++-------- .github/workflows/check.yml | 2 +- .github/workflows/pre-release.yml | 5 ----- .github/workflows/release.yml | 5 +++++ .github/workflows/v2-release.yml | 5 ----- 5 files changed, 12 insertions(+), 19 deletions(-) diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index 98c9f0211..356c52cd5 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -1,6 +1,11 @@ name: Install & setup description: Install's node, pnpm, restores cache, and then installs dependencies +inputs: + node-version: + description: the version of Node.js to install + default: 18.x + runs: using: 'composite' steps: @@ -8,14 +13,7 @@ runs: - name: Setup Node.js uses: actions/setup-node@v4 with: - node-version: 18.x - - # Ensure npm 11.5.1 or later is installed - # See https://docs.npmjs.com/trusted-publishers - # Note that pnpm publish runs npm publish - - name: Update npm - shell: bash - run: npm install -g npm@latest + node-version: ${{ inputs.node-version }} # Install pnpm. https://github.com/pnpm/action-setup - uses: pnpm/action-setup@v4 diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 8d262636c..308f9ba07 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -14,8 +14,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - uses: ./.github/actions/lint - uses: ./.github/actions/setup + - uses: ./.github/actions/lint - uses: ./.github/actions/test - uses: ./.github/actions/local/build - uses: ./.github/actions/local/e2e \ No newline at end of file diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml index 37fbfe949..42c5b9eb4 100644 --- a/.github/workflows/pre-release.yml +++ b/.github/workflows/pre-release.yml @@ -19,11 +19,6 @@ jobs: # https://github.com/actions/checkout uses: actions/checkout@v4 - # Setup .npmrc file to publish to npm - - uses: actions/setup-node@v4 - with: - registry-url: "https://registry.npmjs.org" - - uses: ./.github/actions/setup - name: Install dependencies diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1e03ef1ff..93369035f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,6 +21,11 @@ jobs: uses: actions/checkout@v4 - uses: ./.github/actions/setup + with: + # Ensure npm 11.5.1 or later is installed + # See https://docs.npmjs.com/trusted-publishers + node-version: 24 + - uses: ./.github/actions/lint - name: Create Release Pull Request or Publish to npm diff --git a/.github/workflows/v2-release.yml b/.github/workflows/v2-release.yml index fb21527d2..7f7691e4c 100644 --- a/.github/workflows/v2-release.yml +++ b/.github/workflows/v2-release.yml @@ -11,11 +11,6 @@ jobs: # https://github.com/actions/checkout uses: actions/checkout@v4 - # Setup .npmrc file to publish to npm - - uses: actions/setup-node@v4 - with: - registry-url: "https://registry.npmjs.org" - - uses: ./.github/actions/setup - name: Publish Pre-release to npm From e32bad55d8cd23fd679584808af788e638f4d01b Mon Sep 17 00:00:00 2001 From: Victor Berchet Date: Wed, 15 Oct 2025 10:42:51 +0200 Subject: [PATCH 4/4] fixup! add registry-url --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 93369035f..98b59e781 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,6 +25,7 @@ jobs: # Ensure npm 11.5.1 or later is installed # See https://docs.npmjs.com/trusted-publishers node-version: 24 + registry-url: "https://registry.npmjs.org" - uses: ./.github/actions/lint