From 4f6fdae3c22eee90303c2bba3e0669d07ee0bc31 Mon Sep 17 00:00:00 2001 From: Chengzhong Wu Date: Mon, 2 Dec 2024 15:34:47 +0000 Subject: [PATCH] chore: fix npm-publish dependencies and add provenance --- .github/workflows/release-please.yml | 35 ++++++++++++---------------- .github/workflows/tests.yml | 3 ++- 2 files changed, 17 insertions(+), 21 deletions(-) diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index a68a589513..2bef09ec91 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -4,45 +4,40 @@ on: push: branches: - main - pull_request: jobs: release-please: outputs: - pr: ${{ steps.release.outputs.pr }} + release_created: ${{ steps.release.outputs.release_created }} permissions: contents: write # to create release commit (googleapis/release-please-action) pull-requests: write # to create release PR (googleapis/release-please-action) - if: github.event_name == 'push' runs-on: ubuntu-latest steps: - - uses: googleapis/release-please-action@v4 - id: release - # Standard Conventional Commits: `feat` and `fix` - # node-gyp subdirectories: `bin`, `gyp`, `lib`, `src`, `test` - # node-gyp subcommands: `build`, `clean`, `configure`, `install`, `list`, `rebuild`, `remove` - # Core abstract category: `deps` - # Languages/platforms: `python`, `lin`, `linux`, `mac`, `macos`, `win`, `window`, `zos` - # Documentation: `doc`, `docs`, `readme` - # Standard Conventional Commits: `chore` (under "Miscellaneous") - # Miscellaneous abstract categories: `refactor`, `ci`, `meta` - - test: - name: Release Test - needs: [ release-please ] - if: needs.release-please.outputs.pr || startsWith(github.head_ref, 'release-please--') - uses: ./.github/workflows/tests.yml + - uses: googleapis/release-please-action@v4 + id: release + # Standard Conventional Commits: `feat` and `fix` + # node-gyp subdirectories: `bin`, `gyp`, `lib`, `src`, `test` + # node-gyp subcommands: `build`, `clean`, `configure`, `install`, `list`, `rebuild`, `remove` + # Core abstract category: `deps` + # Languages/platforms: `python`, `lin`, `linux`, `mac`, `macos`, `win`, `window`, `zos` + # Documentation: `doc`, `docs`, `readme` + # Standard Conventional Commits: `chore` (under "Miscellaneous") + # Miscellaneous abstract categories: `refactor`, `ci`, `meta` npm-publish: needs: release-please if: ${{ needs.release-please.outputs.release_created }} runs-on: ubuntu-latest + permissions: + contents: read + id-token: write # to generate npm provenance statements steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: lts/* registry-url: 'https://registry.npmjs.org' - - run: npm publish --access public + - run: npm publish --provenance --access public env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 147ecde6c9..c1557d5587 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -19,7 +19,8 @@ jobs: steps: - uses: actions/checkout@v4 - run: pip install --user ruff - - run: ruff check --output-format=github --select="E,F,PLC,PLE,UP,W,YTT" --ignore="E721,PLC1901,S101,UP031" --target-version=py38 . + # Excluding `/gyp` directory as it is been checked in https://github.com/nodejs/gyp-next/ already + - run: ruff check --output-format=github --extend-exclude=gyp --select="E,F,PLC,PLE,UP,W,YTT" --ignore="E721,PLC1901,S101,UP031" --target-version=py38 . lint-js: name: Lint JS