From f45b569552e57a7bcbf87d575e6ba5c5e8b01f73 Mon Sep 17 00:00:00 2001 From: "K.Himeno" <6715229+Himenon@users.noreply.github.com> Date: Sun, 22 Dec 2024 11:51:38 +0900 Subject: [PATCH 1/4] chore: support provenance --- .github/workflows/release.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d89ab2d..28aabde 100755 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,6 +7,10 @@ on: jobs: build: runs-on: ubuntu-latest + environment: npm + permissions: + contents: read + id-token: write steps: - name: Setup Git Config run: | @@ -79,6 +83,6 @@ jobs: - run: pnpm build env: CI: true - - run: pnpm release:npm:registry + - run: NPM_CONFIG_PROVENANCE=true pnpm release:npm:registry env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} From cbc5a217cf0ddf8dbb7eed322210208d8fce1687 Mon Sep 17 00:00:00 2001 From: "K.Himeno" <6715229+Himenon@users.noreply.github.com> Date: Sun, 22 Dec 2024 12:02:39 +0900 Subject: [PATCH 2/4] chore: support provenance --- .github/actions/initialize/action.yml | 12 ++++++++ .github/workflows/build.yml | 4 +-- .github/workflows/release.yml | 42 +++++++++------------------ .github/workflows/versionUp.yml | 2 +- 4 files changed, 28 insertions(+), 32 deletions(-) create mode 100644 .github/actions/initialize/action.yml diff --git a/.github/actions/initialize/action.yml b/.github/actions/initialize/action.yml new file mode 100644 index 0000000..dc938de --- /dev/null +++ b/.github/actions/initialize/action.yml @@ -0,0 +1,12 @@ +name: "initialize" + +runs: + using: "composite" + steps: + - name: Setup Git Config + run: | + git config --global core.autocrlf false + git config --global core.eol lf + git config --global user.email "actions@gihub.com" + git config --global user.name "gh-actions" + shell: bash diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0ab322c..220f41b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,7 +9,7 @@ jobs: strategy: matrix: - node-version: [20.x] + node-version: [22.x] os: [windows-latest, ubuntu-latest] steps: @@ -25,7 +25,7 @@ jobs: version: 9.10.0 - uses: actions/setup-node@v4 with: - node-version: "20.x" + node-version: "22.x" cache: "pnpm" - run: pnpm i --frozen-lockfile - name: Use Node.js ${{ matrix.node-version }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 28aabde..5f7d049 100755 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,66 +4,52 @@ on: release: types: [created] +permissions: + id-token: write + jobs: build: runs-on: ubuntu-latest - environment: npm - permissions: - contents: read - id-token: write steps: - - name: Setup Git Config - run: | - git config --global core.autocrlf false - git config --global core.eol lf - git config --global user.email "actions@gihub.com" - git config --global user.name "gh-actions" - uses: actions/checkout@v3 with: ref: main + - uses: ./.github/actions/initialize - uses: pnpm/action-setup@v4 with: version: 9.10.0 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v2 with: - node-version: "20.x" + node-version: "22.x" registry-url: https://npm.pkg.github.com scope: "@Himenon" cache: "pnpm" - run: pnpm i --frozen-lockfile - run: | pnpm build - env: - CI: true release-github-registry: runs-on: ubuntu-latest steps: - - name: Setup Git Config - run: | - git config --global core.autocrlf false - git config --global core.eol lf - git config --global user.email "actions@gihub.com" - git config --global user.name "gh-actions" - uses: actions/checkout@v3 with: ref: main + - uses: ./.github/actions/initialize - uses: pnpm/action-setup@v4 with: version: 9.10.0 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v2 with: - node-version: "20.x" + node-version: "22.x" registry-url: https://npm.pkg.github.com scope: "@Himenon" cache: "pnpm" - run: pnpm install - run: | pnpm build - pnpm release:github:registry + pnpm run release:github:registry env: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CI: true release-npm-registry: runs-on: ubuntu-latest @@ -74,15 +60,13 @@ jobs: - uses: pnpm/action-setup@v4 with: version: 9.10.0 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v2 with: - node-version: "20.x" + node-version: "22.x" registry-url: "https://registry.npmjs.org" cache: "pnpm" - run: pnpm install - run: pnpm build - env: - CI: true - - run: NPM_CONFIG_PROVENANCE=true pnpm release:npm:registry + - run: NPM_CONFIG_PROVENANCE=true pnpm run release:npm:registry env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/versionUp.yml b/.github/workflows/versionUp.yml index 3783d18..86b0376 100644 --- a/.github/workflows/versionUp.yml +++ b/.github/workflows/versionUp.yml @@ -23,7 +23,7 @@ jobs: version: 9.10.0 - uses: actions/setup-node@v4 with: - node-version: "20.x" + node-version: "22.x" cache: "pnpm" - run: pnpm i --frozen-lockfile - name: Auto version update From a97f77afcb4eb99c2c0f761b9e79c10e8762bce5 Mon Sep 17 00:00:00 2001 From: "K.Himeno" <6715229+Himenon@users.noreply.github.com> Date: Sun, 22 Dec 2024 12:03:52 +0900 Subject: [PATCH 3/4] chore: support provenance --- .github/workflows/build.yml | 14 +++++++------- .github/workflows/release.yml | 6 +++--- .github/workflows/versionUp.yml | 7 +------ 3 files changed, 11 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 220f41b..ce54502 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,19 +7,19 @@ jobs: build: runs-on: ${{ matrix.os }} + # @see https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#concurrency + concurrency: + group: ${{ github.workflow }}-${{ matrix.os }}-${{ github.ref }} + cancel-in-progress: true + strategy: matrix: node-version: [22.x] os: [windows-latest, ubuntu-latest] steps: - - name: Setup Git Config - run: | - git config --global core.autocrlf false - git config --global core.eol lf - git config --global user.email "actions@gihub.com" - git config --global user.name "gh-actions" - uses: actions/checkout@v3 + - uses: ./.github/actions/initialize - uses: pnpm/action-setup@v4 with: version: 9.10.0 @@ -29,7 +29,7 @@ jobs: cache: "pnpm" - run: pnpm i --frozen-lockfile - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v1 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} - name: Test & Build diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5f7d049..b73aebc 100755 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: - uses: pnpm/action-setup@v4 with: version: 9.10.0 - - uses: actions/setup-node@v2 + - uses: actions/setup-node@v4 with: node-version: "22.x" registry-url: https://npm.pkg.github.com @@ -38,7 +38,7 @@ jobs: - uses: pnpm/action-setup@v4 with: version: 9.10.0 - - uses: actions/setup-node@v2 + - uses: actions/setup-node@v4 with: node-version: "22.x" registry-url: https://npm.pkg.github.com @@ -60,7 +60,7 @@ jobs: - uses: pnpm/action-setup@v4 with: version: 9.10.0 - - uses: actions/setup-node@v2 + - uses: actions/setup-node@v4 with: node-version: "22.x" registry-url: "https://registry.npmjs.org" diff --git a/.github/workflows/versionUp.yml b/.github/workflows/versionUp.yml index 86b0376..7554913 100644 --- a/.github/workflows/versionUp.yml +++ b/.github/workflows/versionUp.yml @@ -9,15 +9,10 @@ jobs: if: github.event_name != 'pull_request' runs-on: ubuntu-latest steps: - - name: Setup Git Config - run: | - git config --global core.autocrlf false - git config --global core.eol lf - git config --global user.email "actions@gihub.com" - git config --global user.name "gh-actions" - uses: actions/checkout@v3 with: ref: main + - uses: ./.github/actions/initialize - uses: pnpm/action-setup@v4 with: version: 9.10.0 From 6f3aab820de24520f0a675dbf123740030942f14 Mon Sep 17 00:00:00 2001 From: "K.Himeno" <6715229+Himenon@users.noreply.github.com> Date: Sun, 22 Dec 2024 12:09:24 +0900 Subject: [PATCH 4/4] chore: support provenance --- .github/workflows/release.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b73aebc..ff4fefb 100755 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,9 +4,6 @@ on: release: types: [created] -permissions: - id-token: write - jobs: build: runs-on: ubuntu-latest @@ -53,6 +50,8 @@ jobs: release-npm-registry: runs-on: ubuntu-latest + permissions: + id-token: write steps: - uses: actions/checkout@v2 with: