From 8c6c5816cda5f544386abdf9ec07012b599f6260 Mon Sep 17 00:00:00 2001 From: Jakub Novak Date: Mon, 27 Oct 2025 15:07:34 +0100 Subject: [PATCH 1/3] Use OIDC for npm publish --- .github/workflows/publish_packages.yml | 16 ++++++++++------ .github/workflows/release.yml | 5 +++-- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/.github/workflows/publish_packages.yml b/.github/workflows/publish_packages.yml index c243ba4..3948ba3 100644 --- a/.github/workflows/publish_packages.yml +++ b/.github/workflows/publish_packages.yml @@ -5,12 +5,11 @@ on: secrets: E2B_API_KEY: required: true - NPM_TOKEN: - required: true PYPI_TOKEN: required: true permissions: + id-token: write contents: write jobs: @@ -46,10 +45,10 @@ jobs: with: version: 9.5 - - name: Setup Node.js 20 - uses: actions/setup-node@v3 + - name: Setup Node.js 22 + uses: actions/setup-node@v6 with: - node-version: '20.x' + node-version: "22.x" cache: pnpm - name: Configure pnpm @@ -57,6 +56,11 @@ jobs: pnpm config set auto-install-peers true pnpm config set exclude-links-from-lockfile true + - name: Update npm + run: | + npm install -g npm@^11.6 + npm --version + - name: Install dependencies run: pnpm install --frozen-lockfile @@ -84,8 +88,8 @@ jobs: createGithubReleases: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }} + NPM_TOKEN: "" # See https://github.com/changesets/changesets/issues/1152#issuecomment-3190884868 - name: Update lock file run: pnpm i --no-link --no-frozen-lockfile diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e03ed6a..f2dd41a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,7 @@ on: concurrency: ${{ github.workflow }}-${{ github.ref }} permissions: + id-token: write contents: write jobs: @@ -29,8 +30,8 @@ jobs: - name: Setup Node uses: actions/setup-node@v3 with: - node-version: '20.x' - registry-url: 'https://registry.npmjs.org' + node-version: "22.x" + registry-url: "https://registry.npmjs.org" cache: pnpm cache-dependency-path: pnpm-lock.yaml From 00392353e3fca693f587bdd92d5cf364f8fc6ba6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Nov=C3=A1k?= Date: Wed, 29 Oct 2025 08:42:10 -0700 Subject: [PATCH 2/3] Apply suggestion from @jakubno --- .github/workflows/publish_packages.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish_packages.yml b/.github/workflows/publish_packages.yml index 3948ba3..edf12da 100644 --- a/.github/workflows/publish_packages.yml +++ b/.github/workflows/publish_packages.yml @@ -49,6 +49,7 @@ jobs: uses: actions/setup-node@v6 with: node-version: "22.x" + registry-url: "https://registry.npmjs.org" cache: pnpm - name: Configure pnpm From 196e3f28d03b2beed6f92054ee08bf03199bfc5a Mon Sep 17 00:00:00 2001 From: Jakub Novak Date: Wed, 29 Oct 2025 16:44:56 +0100 Subject: [PATCH 3/3] Update node --- .github/workflows/release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f2dd41a..230a427 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: version: 9.5 - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@v6 with: node-version: "22.x" registry-url: "https://registry.npmjs.org" @@ -68,9 +68,9 @@ jobs: version: 9.5 - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@v6 with: - node-version: '20.x' + node-version: '22.x' registry-url: 'https://registry.npmjs.org' cache: pnpm cache-dependency-path: pnpm-lock.yaml