diff --git a/.github/workflows/publish-contracts-abi-release.yml b/.github/workflows/publish-contracts-abi-release.yml index 1cf043f8233..50a5edfcd7c 100644 --- a/.github/workflows/publish-contracts-abi-release.yml +++ b/.github/workflows/publish-contracts-abi-release.yml @@ -41,7 +41,7 @@ permissions: jobs: publish: - runs-on: ['self-hosted', 'org', 'npm-publish'] + runs-on: ubuntu-latest permissions: contents: write id-token: write @@ -51,20 +51,11 @@ jobs: - uses: actions/checkout@v4 with: submodules: recursive - - name: Akeyless Get Secrets - id: get_auth_token - uses: docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest - with: - api-url: https://api.gateway.akeyless.celo-networks-dev.org - access-id: p-kf9vjzruht6l - static-secrets: '{"/static-secrets/NPM/npm-publish-token":"NPM_TOKEN"}' # Setup .npmrc file to publish to npm - uses: actions/setup-node@v4 with: - node-version: '18.x' - registry-url: 'https://registry.npmjs.org' - #scope: '@celo' + node-version: '20.x' - name: 'Setup yarn' shell: bash @@ -101,6 +92,28 @@ jobs: - name: 'Get git commit hash' id: get_COMMIT_HASH run: echo "COMMIT_HASH=$(git rev-parse --short HEAD)" >> $GITHUB_ENV + + - name: Update npm for OIDC trusted publishing (v11.5.1) + run: npm install -g npm@11.5.1 + + # Fallback: ensure package.json has version (prepare script may not persist in CI) + - name: Ensure package.json has version + run: | + for pkg in packages/protocol/contracts packages/protocol/abis; do + node -e " + const fs = require('fs'); + const pkgPath = process.argv[1] + '/package.json'; + const pkg = JSON.parse(fs.readFileSync(pkgPath)); + if (!pkg.version) { + pkg.version = process.env.RELEASE_VERSION || '0.0.0-dry-run'; + pkg.private = false; + fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2)); + } + " "$pkg" + done + env: + RELEASE_VERSION: ${{ env.RELEASE_VERSION }} + - name: Publish @celo/contracts run: | cat package.json @@ -110,12 +123,11 @@ jobs: echo "Dry run mode, exiting successfully." exit 0 fi - npm dist-tag add @celo/contracts@$RELEASE_VERSION $COMMIT_HASH + # npm dist-tag add @celo/contracts@$RELEASE_VERSION $COMMIT_HASH working-directory: packages/protocol/contracts env: RELEASE_TYPE: --tag ${{ env.RELEASE_TYPE != '' && env.RELEASE_TYPE || 'canary' }} RELEASE_VERSION: ${{ env.RELEASE_VERSION }} - NODE_AUTH_TOKEN: ${{ env.NPM_TOKEN }} DRY_RUN: ${{ env.RELEASE_VERSION == '' && '--dry-run' || '' }} COMMIT_HASH: ${{ env.COMMIT_HASH }} @@ -128,11 +140,10 @@ jobs: echo "Dry run mode, exiting successfully." exit 0 fi - npm dist-tag add @celo/abis@$RELEASE_VERSION $COMMIT_HASH + # npm dist-tag add @celo/abis@$RELEASE_VERSION $COMMIT_HASH working-directory: packages/protocol/abis env: RELEASE_TYPE: --tag ${{ env.RELEASE_TYPE != '' && env.RELEASE_TYPE || 'canary' }} RELEASE_VERSION: ${{ env.RELEASE_VERSION }} - NODE_AUTH_TOKEN: ${{ env.NPM_TOKEN }} DRY_RUN: ${{ env.RELEASE_VERSION == '' && '--dry-run' || '' }} COMMIT_HASH: ${{ env.COMMIT_HASH }} diff --git a/packages/protocol/abis/package.json b/packages/protocol/abis/package.json index 2e36428c5c9..451d3a9017e 100644 --- a/packages/protocol/abis/package.json +++ b/packages/protocol/abis/package.json @@ -18,6 +18,11 @@ "./dist", "!**/*.js.map" ], + "publishConfig": { + "access": "public", + "registry": "https://registry.npmjs.org/", + "provenance": true + }, "exports": { ".": { "import": "./dist/esm/index.js", diff --git a/packages/protocol/contracts/package.json b/packages/protocol/contracts/package.json index b4be0dad47a..ad78042a038 100644 --- a/packages/protocol/contracts/package.json +++ b/packages/protocol/contracts/package.json @@ -8,6 +8,11 @@ "url": "https://github.com/celo-org/celo-monorepo.git", "directory": "packages/protocol/contracts" }, + "publishConfig": { + "access": "public", + "registry": "https://registry.npmjs.org/", + "provenance": true + }, "scripts": {}, "dependencies": {} } diff --git a/packages/protocol/scripts/prepare-contracts-and-abis-publishing.ts b/packages/protocol/scripts/prepare-contracts-and-abis-publishing.ts index 3ebe6f9c578..711afacf613 100644 --- a/packages/protocol/scripts/prepare-contracts-and-abis-publishing.ts +++ b/packages/protocol/scripts/prepare-contracts-and-abis-publishing.ts @@ -13,7 +13,7 @@ import { BuildTarget, CONTRACTS_08_PACKAGE_DESTINATION_DIR, CONTRACTS_08_SOURCE_DIR, - CONTRACTS_PACKAGE_SRC_DIR, + // CONTRACTS_PACKAGE_SRC_DIR - unused: we use process.cwd() for correct path resolution in CI PublishContracts, TSCONFIG_PATH, } from './consts' @@ -260,22 +260,24 @@ function processRawJsonsAndPrepareExports() { return exports } +const DRY_RUN_VERSION = '0.0.0-dry-run' + function prepareAbisPackageJson(exports: Exports) { log('Preparing @celo/abis package.json') - const packageJsonPath = path.join(ABIS_PACKAGE_SRC_DIR, 'package.json') + // Use process.cwd() so paths are correct when run with working-directory: packages/protocol (e.g. in CI) + const packageJsonPath = path.resolve(process.cwd(), 'abis', 'package.json') + const version = process.env.RELEASE_VERSION || DRY_RUN_VERSION if (process.env.RELEASE_VERSION) { - log('Replacing @celo/abis version with RELEASE_VERSION)') - - replacePackageVersionAndMakePublic(packageJsonPath, (json) => { - log('Setting @celo/abis exports') - json.exports = exports - }) - - return + log('Replacing @celo/abis version with RELEASE_VERSION') + } else { + log(`Using placeholder version ${DRY_RUN_VERSION} for dry run`) } - log('Skipping @celo/abis package.json preparation (no RELEASE_VERSION provided)') + replacePackageVersionAndMakePublic(packageJsonPath, version, (json) => { + log('Setting @celo/abis exports') + json.exports = exports + }) } function prepareContractsPackage() { @@ -283,15 +285,16 @@ function prepareContractsPackage() { log(contracts08CpCommand) child_process.execSync(contracts08CpCommand) + const version = process.env.RELEASE_VERSION || DRY_RUN_VERSION if (process.env.RELEASE_VERSION) { - log('Replacing @celo/contracts version with RELEASE_VERSION)') - const packageJsonPath = path.join(CONTRACTS_PACKAGE_SRC_DIR, 'package.json') - replacePackageVersionAndMakePublic(packageJsonPath) - - return + log('Replacing @celo/contracts version with RELEASE_VERSION') + } else { + log(`Using placeholder version ${DRY_RUN_VERSION} for dry run`) } - log('Skipping @celo/contracts package.json preparation (no RELEASE_VERSION provided)') + // Use process.cwd() so paths are correct when run with working-directory: packages/protocol (e.g. in CI) + const packageJsonPath = path.resolve(process.cwd(), 'contracts', 'package.json') + replacePackageVersionAndMakePublic(packageJsonPath, version) } function lsRecursive(dir: string): string[] { diff --git a/packages/protocol/scripts/utils.ts b/packages/protocol/scripts/utils.ts index c18ef7aa0fd..8adae61b74e 100644 --- a/packages/protocol/scripts/utils.ts +++ b/packages/protocol/scripts/utils.ts @@ -121,17 +121,19 @@ export function getReleaseTypeFromSemVer(version: SemVer): string | number { export function replacePackageVersionAndMakePublic( packageJsonPath: string, + version?: string, onDone?: (json: JSON) => void ) { const json: JSON = JSON.parse(fs.readFileSync(packageJsonPath).toString()) - if (process.env.RELEASE_VERSION) { - console.info(`Replacing ${json.name as string} version with provided RELEASE_VERSION`) + const effectiveVersion = version ?? process.env.RELEASE_VERSION + if (effectiveVersion) { + console.info(`Replacing ${json.name as string} version with ${effectiveVersion}`) - json.version = process.env.RELEASE_VERSION + json.version = effectiveVersion json.private = false } else { - console.info('No RELEASE_VERSION provided') + console.info('No version provided') } if (onDone !== undefined) {