@@ -34,20 +34,24 @@ jobs:
3434 runs-on : macos-15
3535
3636 steps :
37- - uses : actions/checkout@v4
37+ - uses : actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
3838 with :
3939 submodules : recursive
4040
4141 - name : Setup pnpm
42- uses : pnpm/action-setup@v4
42+ uses : pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2
4343 with :
4444 version : 9.11.0
4545
4646 - name : Use Node.js
47- uses : actions/setup-node@v4
47+ uses : actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4
4848 with :
4949 node-version : lts/Iron
50- cache : ' pnpm'
50+ cache : " pnpm"
51+ registry-url : " https://registry.npmjs.org"
52+
53+ - name : Update npm for OIDC support
54+ run : npm install -g npm@latest
5155
5256 - name : Setup Yarn 3.6.1 for React Native package
5357 working-directory : packages/sdk-platforms/react-native/react-native-zksync-sso
99103 run : sudo xcode-select -s /Applications/Xcode_16.3.app
100104
101105 - name : Setup Android SDK
102- uses : android-actions/setup-android@v3
106+ uses : android-actions/setup-android@9fc6c4e9069bf8d3d10b2204b1fb8f6ef7065407 # v3.2
103107 with :
104108 cmdline-tools-version : 12266719
105109 log-accepted-android-sdk-licenses : false
@@ -116,7 +120,7 @@ jobs:
116120 echo "ANDROID_API_LEVEL=36" >> $GITHUB_ENV
117121
118122name : Install Rust toolchain
119- uses : actions-rs/toolchain@v1
123+ uses : actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # v1.0
120124 with :
121125 toolchain : stable
122126 profile : minimal
@@ -144,21 +148,21 @@ jobs:
144148 VERSION="${{ github.event.inputs.version }}"
145149 TAG="${{ github.event.inputs.tag }}"
146150 ACCESS="${{ github.event.inputs.access }}"
147-
151+
148152 echo "Publishing version: $VERSION with tag: $TAG and access: $ACCESS"
149-
153+
150154 # Warn if version contains prerelease identifier but tag is 'latest'
151155 if [[ "$VERSION" =~ -(alpha|beta|rc|dev|canary) ]] && [[ "$TAG" == "latest" ]]; then
152156 echo "⚠️ Warning: Publishing prerelease version ($VERSION) with 'latest' tag"
153157 echo " Consider using a prerelease tag (alpha, beta, rc, etc.)"
154158 fi
155-
159+
156160 # Warn if version is stable but tag is not 'latest'
157161 if [[ ! "$VERSION" =~ -(alpha|beta|rc|dev|canary) ]] && [[ "$TAG" != "latest" ]]; then
158162 echo "⚠️ Warning: Publishing stable version ($VERSION) with '$TAG' tag"
159163 echo " Consider using 'latest' tag for stable releases"
160164 fi
161-
165+
162166 # Info about access levels
163167 if [[ "$ACCESS" == "restricted" ]]; then
164168 echo "📝 Note: Package will be published as RESTRICTED (private access)"
@@ -189,19 +193,15 @@ jobs:
189193 node -e "console.log(JSON.parse(require('fs').readFileSync('package.json', 'utf8')).version)"
190194 echo ""
191195 echo "This would be published with tag 'latest' by default"
192-
193- name : Create .npmrc for NPM
194- if : github.event_name == 'workflow_dispatch'
195- run : echo "//registry.npmjs.org/:_authToken=${{ secrets.NPMJS_NPM_MATTERLABS_AUTOMATION_TOKEN }}" > ~/.npmrc
196-
196+
197197name : Publish to NPM
198198 if : github.event_name == 'workflow_dispatch'
199199 working-directory : packages/sdk-platforms/react-native/react-native-zksync-sso
200- run : npm publish --access ${{ github.event.inputs.access }} --tag ${{ github.event.inputs.tag }}
201-
200+ run : npm publish --access ${{ github.event.inputs.access }} --tag ${{ github.event.inputs.tag }} --provenance
201+
202202 # - name: Create .npmrc for GitHub Packages
203203 # run: echo "@OWNER:registry=https://npm.pkg.github.com\n//npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}" > ~/.npmrc
204204
205205 # - name: Publish to GitHub Packages
206206 # working-directory: packages/sdk-platforms/react-native/react-native-zksync-sso
207- # run: npm publish --access public
207+ # run: npm publish --access public --provenance
0 commit comments