Skip to content

Commit 6a0b8c5

Browse files
CarlosGameroCarlosGamero
authored
chore: npm OIDC (#816)
* Change release to oidc * Removing secret * Triggering release for API common * Minor change * Trigger Build * Fixing release error
1 parent b97e621 commit 6a0b8c5

File tree

3 files changed

+6
-66
lines changed

3 files changed

+6
-66
lines changed

.github/workflows/release.package.yml

Lines changed: 5 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8,26 +8,25 @@ on:
88
package_name:
99
required: true
1010
type: string
11-
secrets:
12-
npm_token:
13-
required: true
1411

1512
jobs:
1613
release:
1714
# Only run for pull requests that has been merged (not closed) and that doesn't have `skip-release` label
1815
if: github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'skip-release') == false
1916
name: release
2017
runs-on: ubuntu-latest
18+
permissions:
19+
id-token: write # Required for OIDC trusted publishing
20+
contents: write # Required for git operations
2121
steps:
2222
- name: Checkout
2323
uses: actions/checkout@v5
2424

2525
- name: Setup Node
2626
uses: actions/setup-node@v4
2727
with:
28-
node-version: 20.x
28+
node-version: 24.x
2929
scope: '@lokalise'
30-
always-auth: true
3130
registry-url: 'https://registry.npmjs.org'
3231

3332
- name: Install Dependencies
@@ -63,7 +62,5 @@ jobs:
6362
run: COMMIT_MSG=$(npm run --silent package-version --workspace=${{ inputs.working_directory }}) && git commit -am "${{ inputs.package_name }} $COMMIT_MSG" && git push origin main
6463

6564
- name: Release Package
66-
env:
67-
NODE_AUTH_TOKEN: ${{ secrets.npm_token }}
68-
run: npm publish --access public
65+
run: npm publish --provenance --access public
6966
working-directory: ${{ inputs.working_directory }}

.github/workflows/release.yml

Lines changed: 0 additions & 57 deletions
Original file line numberDiff line numberDiff line change
@@ -48,8 +48,6 @@ jobs:
4848
with:
4949
working_directory: 'packages/dev/biome-config'
5050
package_name: '@lokalise/biome-config'
51-
secrets:
52-
npm_token: ${{ secrets.NPM_TOKEN }}
5351

5452
prettier-config:
5553
name: Release prettier-config
@@ -65,8 +63,6 @@ jobs:
6563
with:
6664
working_directory: 'packages/dev/prettier-config'
6765
package_name: '@lokalise/prettier-config'
68-
secrets:
69-
npm_token: ${{ secrets.NPM_TOKEN }}
7066

7167
eslint-config:
7268
name: Release eslint-config
@@ -82,8 +78,6 @@ jobs:
8278
with:
8379
working_directory: 'packages/dev/eslint-config'
8480
package_name: '@lokalise/eslint-config'
85-
secrets:
86-
npm_token: ${{ secrets.NPM_TOKEN }}
8781

8882
package-vite-config:
8983
name: Release package-vite-config
@@ -100,8 +94,6 @@ jobs:
10094
with:
10195
working_directory: 'packages/dev/package-vite-config'
10296
package_name: '@lokalise/package-vite-config'
103-
secrets:
104-
npm_token: ${{ secrets.NPM_TOKEN }}
10597

10698
tsconfig:
10799
name: Release tsconfig
@@ -118,8 +110,6 @@ jobs:
118110
with:
119111
working_directory: 'packages/dev/tsconfig'
120112
package_name: '@lokalise/tsconfig'
121-
secrets:
122-
npm_token: ${{ secrets.NPM_TOKEN }}
123113

124114
### APP packages
125115
universal-ts-utils:
@@ -137,8 +127,6 @@ jobs:
137127
with:
138128
working_directory: 'packages/app/universal-ts-utils'
139129
package_name: '@lokalise/universal-ts-utils'
140-
secrets:
141-
npm_token: ${{ secrets.NPM_TOKEN }}
142130

143131
api-common:
144132
name: Release api-common
@@ -156,8 +144,6 @@ jobs:
156144
with:
157145
working_directory: 'packages/app/api-common'
158146
package_name: '@lokalise/api-common'
159-
secrets:
160-
npm_token: ${{ secrets.NPM_TOKEN }}
161147

162148
api-contracts:
163149
name: Release api-contracts
@@ -175,8 +161,6 @@ jobs:
175161
with:
176162
working_directory: 'packages/app/api-contracts'
177163
package_name: '@lokalise/api-contracts'
178-
secrets:
179-
npm_token: ${{ secrets.NPM_TOKEN }}
180164

181165
aws-config:
182166
name: Release aws-config
@@ -195,8 +179,6 @@ jobs:
195179
with:
196180
working_directory: 'packages/app/aws-config'
197181
package_name: '@lokalise/aws-config'
198-
secrets:
199-
npm_token: ${{ secrets.NPM_TOKEN }}
200182

201183
backend-http-client:
202184
name: Release backend-http-client
@@ -215,8 +197,6 @@ jobs:
215197
with:
216198
working_directory: 'packages/app/backend-http-client'
217199
package_name: '@lokalise/backend-http-client'
218-
secrets:
219-
npm_token: ${{ secrets.NPM_TOKEN }}
220200

221201
id-utils:
222202
name: Release id-utils
@@ -234,8 +214,6 @@ jobs:
234214
with:
235215
working_directory: 'packages/app/id-utils'
236216
package_name: '@lokalise/id-utils'
237-
secrets:
238-
npm_token: ${{ secrets.NPM_TOKEN }}
239217

240218
background-jobs-common:
241219
name: Release background-jobs-common
@@ -253,8 +231,6 @@ jobs:
253231
with:
254232
working_directory: 'packages/app/background-jobs-common'
255233
package_name: '@lokalise/background-jobs-common'
256-
secrets:
257-
npm_token: ${{ secrets.NPM_TOKEN }}
258234

259235
context-fastify-plugins:
260236
name: Release context-fastify-plugins
@@ -272,8 +248,6 @@ jobs:
272248
with:
273249
working_directory: 'packages/app/context-fastify-plugins'
274250
package_name: '@lokalise/context-fastify-plugins'
275-
secrets:
276-
npm_token: ${{ secrets.NPM_TOKEN }}
277251

278252
error-utils:
279253
name: Release error-utils
@@ -291,8 +265,6 @@ jobs:
291265
with:
292266
working_directory: 'packages/app/error-utils'
293267
package_name: '@lokalise/error-utils'
294-
secrets:
295-
npm_token: ${{ secrets.NPM_TOKEN }}
296268

297269
fastify-api-contracts:
298270
name: Release fastify-api-contracts
@@ -311,8 +283,6 @@ jobs:
311283
with:
312284
working_directory: 'packages/app/fastify-api-contracts'
313285
package_name: '@lokalise/fastify-api-contracts'
314-
secrets:
315-
npm_token: ${{ secrets.NPM_TOKEN }}
316286

317287
frontend-http-client:
318288
name: Release frontend-http-client
@@ -331,8 +301,6 @@ jobs:
331301
with:
332302
working_directory: 'packages/app/frontend-http-client'
333303
package_name: '@lokalise/frontend-http-client'
334-
secrets:
335-
npm_token: ${{ secrets.NPM_TOKEN }}
336304

337305
healthcheck-utils:
338306
name: Release healthcheck-utils
@@ -351,8 +319,6 @@ jobs:
351319
with:
352320
working_directory: 'packages/app/healthcheck-utils'
353321
package_name: '@lokalise/healthcheck-utils'
354-
secrets:
355-
npm_token: ${{ secrets.NPM_TOKEN }}
356322

357323
metrics-utils:
358324
name: Release metrics-utils
@@ -370,8 +336,6 @@ jobs:
370336
with:
371337
working_directory: 'packages/app/metrics-utils'
372338
package_name: '@lokalise/metrics-utils'
373-
secrets:
374-
npm_token: ${{ secrets.NPM_TOKEN }}
375339

376340
non-translatable-markup:
377341
name: Release non-translatable-markup
@@ -389,8 +353,6 @@ jobs:
389353
with:
390354
working_directory: 'packages/app/non-translatable-markup'
391355
package_name: '@lokalise/non-translatable-markup'
392-
secrets:
393-
npm_token: ${{ secrets.NPM_TOKEN }}
394356

395357
prisma-utils:
396358
name: Release prisma-utils
@@ -409,8 +371,6 @@ jobs:
409371
with:
410372
working_directory: 'packages/app/prisma-utils'
411373
package_name: '@lokalise/prisma-utils'
412-
secrets:
413-
npm_token: ${{ secrets.NPM_TOKEN }}
414374

415375
script-utils:
416376
name: Release script-utils
@@ -428,8 +388,6 @@ jobs:
428388
with:
429389
working_directory: 'packages/app/script-utils'
430390
package_name: '@lokalise/script-utils'
431-
secrets:
432-
npm_token: ${{ secrets.NPM_TOKEN }}
433391

434392
supported-languages:
435393
name: Release supported-languages
@@ -447,8 +405,6 @@ jobs:
447405
with:
448406
working_directory: 'packages/app/supported-languages'
449407
package_name: '@lokalise/supported-languages'
450-
secrets:
451-
npm_token: ${{ secrets.NPM_TOKEN }}
452408

453409
universal-testing-utils:
454410
name: Release universal-testing-utils
@@ -467,9 +423,6 @@ jobs:
467423
uses: ./.github/workflows/release.package.yml
468424
with:
469425
working_directory: 'packages/app/universal-testing-utils'
470-
package_name: '@lokalise/universal-testing-utils'
471-
secrets:
472-
npm_token: ${{ secrets.NPM_TOKEN }}
473426

474427
websockets-common:
475428
name: Release websockets-common
@@ -487,8 +440,6 @@ jobs:
487440
with:
488441
working_directory: 'packages/app/websockets-common'
489442
package_name: '@lokalise/websockets-common'
490-
secrets:
491-
npm_token: ${{ secrets.NPM_TOKEN }}
492443

493444
zod-extras:
494445
name: Release zod-extras
@@ -506,8 +457,6 @@ jobs:
506457
with:
507458
working_directory: 'packages/app/zod-extras'
508459
package_name: '@lokalise/zod-extras'
509-
secrets:
510-
npm_token: ${{ secrets.NPM_TOKEN }}
511460

512461
fastify-bullboard-plugin:
513462
name: Release fastify-bullboard-plugin
@@ -525,8 +474,6 @@ jobs:
525474
with:
526475
working_directory: 'packages/app/fastify-bullboard-plugin'
527476
package_name: '@lokalise/fastify-bullboard-plugin'
528-
secrets:
529-
npm_token: ${{ secrets.NPM_TOKEN }}
530477

531478
auth:
532479
name: Release auth
@@ -545,8 +492,6 @@ jobs:
545492
with:
546493
working_directory: 'packages/app/auth'
547494
package_name: '@lokalise/auth'
548-
secrets:
549-
npm_token: ${{ secrets.NPM_TOKEN }}
550495

551496
polling:
552497
name: Release polling
@@ -564,5 +509,3 @@ jobs:
564509
with:
565510
working_directory: 'packages/app/polling'
566511
package_name: '@lokalise/polling'
567-
secrets:
568-
npm_token: ${{ secrets.NPM_TOKEN }}

packages/app/api-common/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@
3333
},
3434
"devDependencies": {
3535
"@biomejs/biome": "^2.3.7",
36-
"@lokalise/biome-config": "^3.1.0",
36+
"@lokalise/biome-config": "^3.1.1",
3737
"@lokalise/tsconfig": "^1.3.0",
3838
"@vitest/coverage-v8": "^3.0.7",
3939
"rimraf": "^6.0.1",

0 commit comments

Comments
 (0)