Update workflow

.github/workflows/deploy-published-releases.yaml

@@ -14,7 +14,26 @@ env:
   PREVIEW_WIDGET_URL: https://cdn.croct.io/js/v1/lib/plug/widget-${{ github.ref_name }}.html
 
 jobs:
+  publish-npm:
+    uses: croct-tech/github-workflows/.github/workflows/publish-npm-package.yml@unify-workflows
+    with:
+      publish-access: "public"
+      prepare-script: >-
+        cp LICENSE README.md build/ &&
+        cd build &&
+        find . -type f -path '*/*\.js.map' -exec sed -i -e "s~../src~src~" {} + &&
+        sed -i -e "s~\"version\": \"0.0.0-dev\"~\"version\": \"${GITHUB_REF##*/}\"~" package.json &&
+        sed -i -e "s~<@cdnUrl@>~${CDN_URL}~" constants.* &&
+        sed -i -e "s~<@playgroundOrigin@>~${PLAYGROUND_ORIGIN}~" constants.* &&
+        sed -i -e "s~<@playgroundConnectUrl@>~${PLAYGROUND_CONNECT_URL}~" constants.* &&
+        sed -i -e "s~<@previewWidgetOrigin@>~${PREVIEW_WIDGET_ORIGIN}~" constants.* &&
+        sed -i -e "s~<@previewWidgetUrl@>~${PREVIEW_WIDGET_URL}~" constants.*
+    secrets:
+      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+
   deploy-library:
+    if: ${{ !github.event.release.prerelease }}
+    needs: publish-npm
     permissions:
       id-token: write # This is required for requesting the JWT
       contents: read  # This is required for actions/checkout
@@ -37,44 +56,9 @@ jobs:
 
       - name: Install dependencies
         if: steps.cache-dependencies.outputs.cache-hit != 'true'
-        run: |-
-          npm ci
-          rm -rf ~/.npmrc
-
-      - name: Build package
-        run: |-
-          npm run build
-
-      - name: Prepare release
-        run: |-
-          cp LICENSE README.md build/
-          cd build
-          find . -type f -path '*/*\.js.map' -exec sed -i -e "s~../src~src~" {} +
-          sed -i -e "s~\"version\": \"0.0.0-dev\"~\"version\": \"${GITHUB_REF##*/}\"~" package.json
-          sed -i -e "s~<@cdnUrl@>~${CDN_URL}~" constants.*
-          sed -i -e "s~<@playgroundOrigin@>~${PLAYGROUND_ORIGIN}~" constants.*
-          sed -i -e "s~<@playgroundConnectUrl@>~${PLAYGROUND_CONNECT_URL}~" constants.*
-          sed -i -e "s~<@previewWidgetOrigin@>~${PREVIEW_WIDGET_ORIGIN}~" constants.*
-          sed -i -e "s~<@previewWidgetUrl@>~${PREVIEW_WIDGET_URL}~" constants.*
-
-      - name: Publish pre-release to NPM
-        if: ${{ github.event.release.prerelease }}
-        run: |-
-          cd build
-          npm publish --access public --tag next
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-
-      - name: Publish release to NPM
-        if: ${{ !github.event.release.prerelease }}
-        run: |-
-          cd build
-          npm publish --access public
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npm ci
 
       - name: Bundle package
-        if: ${{ !github.event.release.prerelease }}
         run: |-
           rm -rf build
           npm run bundle -- --config-cdn-url=${CDN_URL} \
@@ -85,7 +69,6 @@ jobs:
 
       - id: 'auth'
         name: 'Authenticate to Google Cloud'
-        if: ${{ !github.event.release.prerelease }}
         uses: 'google-github-actions/auth@v3'
         with:
           workload_identity_provider: '${{ secrets.GCLOUD_WORKLOAD_IDENTITY }}'
@@ -95,7 +78,6 @@ jobs:
         uses: google-github-actions/setup-gcloud@v3
 
       - name: Deploy to GCS
-        if: ${{ !github.event.release.prerelease }}
         env:
           GCLOUD_BUCKET: ${{ secrets.GCLOUD_BUCKET }}
         run: |-

.github/workflows/library-validations.yaml

@@ -12,92 +12,8 @@ on:
       - opened
 
 jobs:
-  security-checks:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-node@v6
-        with:
-          node-version: 23
-
-      - name: Cache dependencies
-        id: cache-dependencies
-        uses: actions/cache@v5
-        with:
-          path: node_modules
-          key: node_modules-${{ hashFiles('package-lock.json') }}
-
-      - name: Install dependencies
-        if: steps.cache-dependencies.outputs.cache-hit != 'true'
-        run: npm ci
-
-      - name: Check dependency vulnerabilities
-        run: npm audit
-
-  validate:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-node@v6
-        with:
-          node-version: 23
-
-      - name: Cache dependencies
-        id: cache-dependencies
-        uses: actions/cache@v5
-        with:
-          path: node_modules
-          key: node_modules-${{ hashFiles('package-lock.json') }}
-
-      - name: Install dependencies
-        if: steps.cache-dependencies.outputs.cache-hit != 'true'
-        run: npm ci
-
-      - name: Check compilation errors
-        run: npm run validate
-
-  lint:
-    runs-on: ubuntu-latest
-    needs: [ validate ]
-    steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-node@v6
-        with:
-          node-version: 23
-
-      - name: Cache dependencies
-        id: cache-dependencies
-        uses: actions/cache@v5
-        with:
-          path: node_modules
-          key: node_modules-${{ hashFiles('package-lock.json') }}
-
-      - name: Install dependencies
-        if: steps.cache-dependencies.outputs.cache-hit != 'true'
-        run: npm ci
-
-      - name: Check coding standard violations
-        run: npm run lint
-
-  test:
-    runs-on: ubuntu-latest
-    needs: [ validate ]
-    steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-node@v6
-        with:
-          node-version: 23
-
-      - name: Cache dependencies
-        id: cache-dependencies
-        uses: actions/cache@v5
-        with:
-          path: node_modules
-          key: node_modules-${{ hashFiles('package-lock.json') }}
-
-      - name: Install dependencies
-        if: steps.cache-dependencies.outputs.cache-hit != 'true'
-        run: npm ci
-
-      - name: Run tests
-        run: npm run test
+  validations:
+    uses: croct-tech/renovate-public-presets/.github/workflows/javascript-validations.yml@unify-workflows
+    with:
+      run-security: true
+      use-private-registry: false