Skip to content

Commit 97aa385

Browse files
Copilotdmattia
Copilot
and
dmattia
authored
Migrate npm publishing to trusted publishers with yarn 4 and Node 22 (#109)
* Initial plan * Implement npm trusted publishing support - Update all actions/setup-node to v6 - Add npm 11.5.1 installation for trusted publishers support - Add workflow permissions (id-token: write, contents: read, packages: write) - Remove NPM_TOKEN authentication from npm publishing (use trusted publishing) - Set NODE_AUTH_TOKEN="" for npm publish - Bump typescript package version from 1.4.2 to 1.4.3 - Keep NPM_TOKEN for GitHub packages publishing Co-authored-by: dmattia <8922077+dmattia@users.noreply.github.com> * Address code review feedback - Add registry-url to setup-node for npm trusted publishing - Remove unnecessary NODE_AUTH_TOKEN environment variable Co-authored-by: dmattia <8922077+dmattia@users.noreply.github.com> * Run pre-commit hooks: update table of contents in python/README.md Co-authored-by: dmattia <8922077+dmattia@users.noreply.github.com> * Bump pre-commit action from v2.0.2 to v4.0.0 Fixes GitHub Actions cache service errors in the run-pre-commits job Co-authored-by: dmattia <8922077+dmattia@users.noreply.github.com> * Fix pre-commit action version to v3.0.0 v4.0.0 doesn't exist, using v3.0.0 instead Co-authored-by: dmattia <8922077+dmattia@users.noreply.github.com> * Update to yarn 4.12.0, Node 22, and add provenance to npm publish - Run yarn set version 4.12.0 - Update all CI jobs to use Node.js 22.x instead of 14.x - Add --provenance flag to npm publish for attestation - GitHub packages publish remains without provenance flag Co-authored-by: dmattia <8922077+dmattia@users.noreply.github.com> * bump yarn and node version * bump yarn version * remove unneeded thing with yarn * run yarn * run yarn --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: dmattia <8922077+dmattia@users.noreply.github.com> Co-authored-by: David Mattia <david@transcend.io>
1 parent ba8c467 commit 97aa385

File tree

13 files changed

+2501
-2893
lines changed

13 files changed

+2501
-2893
lines changed

.devcontainer/Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
# See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.233.0/containers/typescript-node/.devcontainer/base.Dockerfile
22

33
# [Choice] Node.js version (use -bullseye variants on local arm64/Apple Silicon): 18, 16, 14, 18-bullseye, 16-bullseye, 14-bullseye, 18-buster, 16-buster, 14-buster
4-
ARG VARIANT="18-bullseye"
5-
FROM mcr.microsoft.com/vscode/devcontainers/typescript-node:0-${VARIANT}
4+
ARG VARIANT="22-bullseye"
5+
FROM mcr.microsoft.com/vscode/devcontainers/typescript-node:${VARIANT}
66

77
# [Optional] Uncomment this section to install additional OS packages.
88
# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \

.devcontainer/devcontainer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
// Append -bullseye or -buster to pin to an OS version.
99
// Use -bullseye variants on local on arm64/Apple Silicon.
1010
"args": {
11-
"VARIANT": "16-bullseye"
11+
"VARIANT": "22-bullseye"
1212
}
1313
},
1414

.github/workflows/ci.yml

Lines changed: 21 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,20 @@
11
name: ci
22
on: push
33

4+
permissions:
5+
id-token: write
6+
contents: read
7+
packages: write
8+
49
jobs:
510
run-depcheck:
611
runs-on: ubuntu-latest
712
steps:
813
- uses: actions/checkout@v2
9-
- name: Use Node.js 14.x
10-
uses: actions/setup-node@v1
14+
- name: Use Node.js 22.x
15+
uses: actions/setup-node@v6
1116
with:
12-
node-version: 14.x
17+
node-version: 22.x
1318
- run: yarn install --immutable
1419
- run: yarn depcheck
1520

@@ -20,23 +25,23 @@ jobs:
2025
with:
2126
fetch-depth: 100 # need the history to do a changed files check below (source, origin)
2227
- uses: actions/setup-python@v2
23-
- name: Use Node.js 14.x
24-
uses: actions/setup-node@v1
28+
- name: Use Node.js 22.x
29+
uses: actions/setup-node@v6
2530
with:
26-
node-version: 14.x
31+
node-version: 22.x
2732
- run: yarn install --immutable
28-
- uses: pre-commit/action@v2.0.2
33+
- uses: pre-commit/action@v3.0.0
2934
with:
3035
extra_args: --source ${{ github.event.pull_request.base.sha || 'HEAD~1' }} --origin ${{ github.event.pull_request.head.sha || 'HEAD' }}
3136

3237
build-and-upload-artifacts:
3338
runs-on: ubuntu-latest
3439
steps:
3540
- uses: actions/checkout@v2
36-
- name: Use Node.js 14.x
37-
uses: actions/setup-node@v1
41+
- name: Use Node.js 22.x
42+
uses: actions/setup-node@v6
3843
with:
39-
node-version: 14.x
44+
node-version: 22.x
4045
- run: yarn install --immutable
4146
- name: Build the typescript code
4247
run: cd typescript && yarn && yarn build
@@ -55,15 +60,12 @@ jobs:
5560
steps:
5661
- name: Checkout
5762
uses: actions/checkout@v2
58-
- uses: actions/setup-node@v2
63+
- uses: actions/setup-node@v6
5964
with:
60-
node-version: '14.x'
61-
- name: Configure NPM authentication
62-
run: |
63-
yarn config set npmAlwaysAuth true
64-
yarn config set npmAuthToken ${{ secrets.NPM_TOKEN }}
65+
node-version: '22.x'
66+
registry-url: 'https://registry.npmjs.org'
6567
- name: Publish to yarn/npm
66-
run: yarn && cd typescript && yarn npm publish
68+
run: yarn && cd typescript && yarn npm publish --provenance
6769

6870
build-to-github-packages:
6971
if: github.ref == 'refs/heads/main'
@@ -75,9 +77,9 @@ jobs:
7577
steps:
7678
- name: Checkout
7779
uses: actions/checkout@v2
78-
- uses: actions/setup-node@v2
80+
- uses: actions/setup-node@v6
7981
with:
80-
node-version: '14.x'
82+
node-version: '22.x'
8183
- name: Install dependencies
8284
run: yarn
8385
- name: Configure Github Packages authentication

.vscode/settings.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@
3434
"**/.pnp.*": true
3535
},
3636
"editor.codeActionsOnSave": {
37-
"source.fixAll": true
37+
"source.fixAll": "explicit"
3838
},
3939
"cSpell.words": [
4040
"Blocklist",

.yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs

Lines changed: 0 additions & 546 deletions
This file was deleted.

.yarn/plugins/@yarnpkg/plugin-typescript.cjs

Lines changed: 0 additions & 9 deletions
This file was deleted.

.yarn/releases/yarn-3.2.0.cjs

Lines changed: 0 additions & 785 deletions
This file was deleted.

.yarn/releases/yarn-4.12.0.cjs

Lines changed: 942 additions & 0 deletions
Large diffs are not rendered by default.

.yarnrc.yml

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,7 @@
1-
npmPublishAccess: public
1+
compressionLevel: mixed
2+
3+
enableGlobalCache: false
24

3-
plugins:
4-
- path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
5-
spec: "@yarnpkg/plugin-interactive-tools"
6-
- path: .yarn/plugins/@yarnpkg/plugin-typescript.cjs
7-
spec: "@yarnpkg/plugin-typescript"
5+
npmPublishAccess: public
86

9-
yarnPath: .yarn/releases/yarn-3.2.0.cjs
7+
yarnPath: .yarn/releases/yarn-4.12.0.cjs

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,5 +37,5 @@
3737
"prettier": "^2.5.1",
3838
"typescript": "^4.6.3"
3939
},
40-
"packageManager": "yarn@3.2.0"
40+
"packageManager": "yarn@4.12.0"
4141
}

0 commit comments

Comments
 (0)