diff --git a/.github/workflows/deploy-react-native-package.yml b/.github/workflows/deploy-react-native-package.yml index c225802e..185fbb08 100644 --- a/.github/workflows/deploy-react-native-package.yml +++ b/.github/workflows/deploy-react-native-package.yml @@ -34,20 +34,24 @@ jobs: runs-on: macos-15 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: submodules: recursive - name: Setup pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2 with: version: 9.11.0 - name: Use Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4 with: node-version: lts/Iron - cache: 'pnpm' + cache: "pnpm" + registry-url: "https://registry.npmjs.org" + + - name: Update npm for OIDC support + run: npm install -g npm@latest - name: Setup Yarn 3.6.1 for React Native package working-directory: packages/sdk-platforms/react-native/react-native-zksync-sso @@ -99,7 +103,7 @@ jobs: run: sudo xcode-select -s /Applications/Xcode_16.3.app - name: Setup Android SDK - uses: android-actions/setup-android@v3 + uses: android-actions/setup-android@9fc6c4e9069bf8d3d10b2204b1fb8f6ef7065407 # v3.2 with: cmdline-tools-version: 12266719 log-accepted-android-sdk-licenses: false @@ -116,7 +120,7 @@ jobs: echo "ANDROID_API_LEVEL=36" >> $GITHUB_ENV - name: Install Rust toolchain - uses: actions-rs/toolchain@v1 + uses: actions-rs/toolchain@b2417cde72dcf67f306c0ae8e0828a81bf0b189f # v1.0 with: toolchain: stable profile: minimal @@ -144,21 +148,21 @@ jobs: VERSION="${{ github.event.inputs.version }}" TAG="${{ github.event.inputs.tag }}" ACCESS="${{ github.event.inputs.access }}" - + echo "Publishing version: $VERSION with tag: $TAG and access: $ACCESS" - + # Warn if version contains prerelease identifier but tag is 'latest' if [[ "$VERSION" =~ -(alpha|beta|rc|dev|canary) ]] && [[ "$TAG" == "latest" ]]; then echo "⚠️ Warning: Publishing prerelease version ($VERSION) with 'latest' tag" echo " Consider using a prerelease tag (alpha, beta, rc, etc.)" fi - + # Warn if version is stable but tag is not 'latest' if [[ ! "$VERSION" =~ -(alpha|beta|rc|dev|canary) ]] && [[ "$TAG" != "latest" ]]; then echo "⚠️ Warning: Publishing stable version ($VERSION) with '$TAG' tag" echo " Consider using 'latest' tag for stable releases" fi - + # Info about access levels if [[ "$ACCESS" == "restricted" ]]; then echo "📝 Note: Package will be published as RESTRICTED (private access)" @@ -189,19 +193,15 @@ jobs: node -e "console.log(JSON.parse(require('fs').readFileSync('package.json', 'utf8')).version)" echo "" echo "This would be published with tag 'latest' by default" - - - name: Create .npmrc for NPM - if: github.event_name == 'workflow_dispatch' - run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPMJS_NPM_MATTERLABS_AUTOMATION_TOKEN }}" > ~/.npmrc - + - name: Publish to NPM if: github.event_name == 'workflow_dispatch' working-directory: packages/sdk-platforms/react-native/react-native-zksync-sso - run: npm publish --access ${{ github.event.inputs.access }} --tag ${{ github.event.inputs.tag }} - + run: npm publish --access ${{ github.event.inputs.access }} --tag ${{ github.event.inputs.tag }} --provenance + # - name: Create .npmrc for GitHub Packages # run: echo "@OWNER:registry=https://npm.pkg.github.com\n//npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}" > ~/.npmrc # - name: Publish to GitHub Packages # working-directory: packages/sdk-platforms/react-native/react-native-zksync-sso - # run: npm publish --access public \ No newline at end of file + # run: npm publish --access public --provenance