Skip to content

Add NPM Token expiry alert to nightly workflow#3582

Merged
shethj merged 7 commits intodevelopfrom
feature/update-publish-to-npm-auth
Jan 17, 2026
Merged

Add NPM Token expiry alert to nightly workflow#3582
shethj merged 7 commits intodevelopfrom
feature/update-publish-to-npm-auth

Conversation

@shethj
Copy link
Contributor

@shethj shethj commented Jan 16, 2026

Description

Added token expiry script and slack notification to nightly_release workflow.

Types of Changes

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Documentation update
  • Breaking change (could cause existing functionality to not work as expected)
  • Other changes (non-breaking changes that does not fit any of the above)

Breaking changes include:

  • Removing a public function or component or prop
  • Adding a required argument to a function
  • Changing the data type of a function parameter or return value
  • Adding a new peer dependency to package.json

Changes

  • (change1)

How to Test-Drive This PR

  • (step1)

Checklists

General

  • Changes are covered by test cases
  • CHANGELOG.md updated with a short description of changes (not required for documentation updates)

Accessibility Compliance

You must check off all items in one of the follow two lists:

  • There are no changes to UI

or...

Localization

  • Changes include a UI text update in the Retail React App (which requires translation)

@shethj shethj requested a review from a team as a code owner January 16, 2026 02:13
@cc-prodsec
Copy link
Collaborator

cc-prodsec commented Jan 16, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

shethj
shethj commented Jan 16, 2026
View reviewed changes
.github/actions/bundle_size_test/action.yml
@@ -1,4 +1,5 @@
name: bundlesize
description: Check bundle size against maximum file size limits
Copy link
Contributor Author

@shethj shethj Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Github actions now requires description as mandatory field for all composite actions.

@shethj shethj changed the title Add NPM Token Validation to nightly workflow Add NPM Token expiry alert to nightly workflow Jan 16, 2026
vmarta
vmarta previously approved these changes Jan 16, 2026
View reviewed changes
.github/workflows/nightly_release.yml Outdated
with:
payload: |
{
"message": "⚠️ NPM Token expiring soon! Only ${{ env.days_left }} days remaining. Please rotate the token using instructions in PWA Kit Release Doc."
Copy link
Contributor

@vmarta vmarta Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor: how about we add a link to this release doc? To make it less searching for others.

adamraya
adamraya approved these changes Jan 16, 2026
View reviewed changes
Copy link
Contributor

@adamraya adamraya left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

adamraya
adamraya previously approved these changes Jan 16, 2026
View reviewed changes
Copy link
Contributor

@adamraya adamraya left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! adding the expiry date for now it's great to be proactive

vcua-mobify
vcua-mobify previously approved these changes Jan 16, 2026
View reviewed changes
.github/workflows/nightly_release.yml
- name: Check NPM Token Expiry
if: always()
run: |
LAST_ROTATION="${{ secrets.NPM_TOKEN_LAST_ROTATION_DATE }}"
Copy link
Contributor

@vcua-mobify vcua-mobify Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume the instructions for updating this secret are in the doc?

This NPM token corresponds to the one we use for releases, correct?

Copy link
Contributor Author

@shethj shethj Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is correct.

@shethj shethj dismissed stale reviews from adamraya, vcua-mobify, and vmarta via 1936bff January 16, 2026 23:51
@shethj shethj requested review from adamraya and vmarta January 17, 2026 00:06
@shethj shethj merged commit e193a2c into develop Jan 17, 2026
42 checks passed
@shethj shethj deleted the feature/update-publish-to-npm-auth branch January 17, 2026 00:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vmarta vmarta vmarta approved these changes

@vcua-mobify vcua-mobify vcua-mobify approved these changes

@adamraya adamraya Awaiting requested review from adamraya

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@shethj @cc-prodsec @vmarta @adamraya @vcua-mobify