From 3670a52094985b95a1cd24db7ef7571947061354 Mon Sep 17 00:00:00 2001 From: "adil.rakhaliyev" Date: Thu, 4 Dec 2025 16:35:44 +0500 Subject: [PATCH 1/3] update: workflow npm commands updated and publish configured for OIDC --- .github/workflows/deploy-to-artifacts.yml | 2 +- .github/workflows/license-check.yml | 4 ++-- .github/workflows/publish.yml | 26 +++++++++++------------ .github/workflows/test-dependencies.yml | 2 +- .github/workflows/test-functional.yml | 2 +- .github/workflows/test-server.yml | 2 +- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/deploy-to-artifacts.yml b/.github/workflows/deploy-to-artifacts.yml index 8514f843b5e..a0c75284e5c 100644 --- a/.github/workflows/deploy-to-artifacts.yml +++ b/.github/workflows/deploy-to-artifacts.yml @@ -37,7 +37,7 @@ jobs: with: ref: ${{steps.prep.outputs.sha}} - run: | - npm i + npm ci npx gulp build npm pack - id: package-name diff --git a/.github/workflows/license-check.yml b/.github/workflows/license-check.yml index a33c9e9faee..a53d4d09f99 100644 --- a/.github/workflows/license-check.yml +++ b/.github/workflows/license-check.yml @@ -26,7 +26,7 @@ jobs: node-version: latest - name: Install dependencies - run: npm install + run: npm ci - name: Run Gulp build run: npx gulp build @@ -35,4 +35,4 @@ jobs: run: npm pack - name: Install the application and check licenses - run: mkdir temp && cd temp && npm init -y && npm install ../*.tgz && npx gulp check-licenses + run: mkdir temp && cd temp && npm init -y && npm ci ../*.tgz && npx gulp check-licenses diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c62357729ff..319cc8a62ce 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -4,43 +4,43 @@ on: release: types: [published] +permissions: + id-token: write # Required for OIDC (Trusted Publishing) + contents: read + jobs: npm-publish: if: ${{ !github.event.release.draft }} runs-on: ubuntu-latest - environment: release + environment: npmjs steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: ref: ${{ github.event.release.target_commitish }} - run: git fetch --force --tags - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: 18 + node-version: 24 registry-url: 'https://registry.npmjs.org' - - run: npm install + - run: npm ci - run: npm run publish-please-only - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} docker-publish: needs: npm-publish runs-on: ubuntu-latest environment: release steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: ref: ${{ github.event.release.target_commitish }} - run: git fetch --force --tags - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: 18 + node-version: 24 registry-url: 'https://registry.npmjs.org' - uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - run: npm install + - run: npm ci - run: npx gulp build - run: gulp docker-publish - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/test-dependencies.yml b/.github/workflows/test-dependencies.yml index 4a7f9dbf236..af51fe21a7d 100644 --- a/.github/workflows/test-dependencies.yml +++ b/.github/workflows/test-dependencies.yml @@ -15,5 +15,5 @@ jobs: steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 - - run: npm i --package-lock-only + - run: npm ci --package-lock-only - run: npm audit --production diff --git a/.github/workflows/test-functional.yml b/.github/workflows/test-functional.yml index bc51bfaa80f..21d71428f95 100644 --- a/.github/workflows/test-functional.yml +++ b/.github/workflows/test-functional.yml @@ -131,7 +131,7 @@ jobs: ${{ runner.os }}-node- - run: npm ci if: ${{ !inputs.is-docker }} - - run: npm install + - run: npm ci if: ${{ inputs.is-docker }} - name: Add permissions on MacOS diff --git a/.github/workflows/test-server.yml b/.github/workflows/test-server.yml index adf551e5623..e596d4878b7 100644 --- a/.github/workflows/test-server.yml +++ b/.github/workflows/test-server.yml @@ -56,7 +56,7 @@ jobs: ${{ runner.os }}-node- - run: npm ci if: ${{ !inputs.is-docker }} - - run: npm install + - run: npm ci if: ${{ inputs.is-docker }} - run: ${{ inputs.test-script }} From f02b35e45d2adcf7f75332fc2f8fa7165fbde34f Mon Sep 17 00:00:00 2001 From: "adil.rakhaliyev" Date: Thu, 18 Dec 2025 19:06:07 +0500 Subject: [PATCH 2/3] fix: update workflow --- .github/workflows/test-dependencies.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test-dependencies.yml b/.github/workflows/test-dependencies.yml index af51fe21a7d..8ecebde9898 100644 --- a/.github/workflows/test-dependencies.yml +++ b/.github/workflows/test-dependencies.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 - - run: npm ci --package-lock-only + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + - run: npm ci - run: npm audit --production From e4263d0b3fb80265ef821d82246abbb4c34c9a70 Mon Sep 17 00:00:00 2001 From: "adil.rakhaliyev" Date: Thu, 18 Dec 2025 19:10:09 +0500 Subject: [PATCH 3/3] fix: update workflow --- .github/workflows/license-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/license-check.yml b/.github/workflows/license-check.yml index a53d4d09f99..40773cf2cf8 100644 --- a/.github/workflows/license-check.yml +++ b/.github/workflows/license-check.yml @@ -35,4 +35,4 @@ jobs: run: npm pack - name: Install the application and check licenses - run: mkdir temp && cd temp && npm init -y && npm ci ../*.tgz && npx gulp check-licenses + run: mkdir temp && cd temp && npm init -y && npm install ../*.tgz && npx gulp check-licenses