From 6d51074b8ee2e354f35038e73f7ab1de0898f869 Mon Sep 17 00:00:00 2001 From: JamesHenry Date: Wed, 27 Aug 2025 22:24:56 +0400 Subject: [PATCH 1/3] chore(repo): enable trusted publishing --- .github/actions/prepare-install/action.yml | 4 ++++ .github/workflows/ci.yml | 2 -- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/actions/prepare-install/action.yml b/.github/actions/prepare-install/action.yml index 7686f9cd4de2..70390db3a883 100644 --- a/.github/actions/prepare-install/action.yml +++ b/.github/actions/prepare-install/action.yml @@ -36,6 +36,10 @@ runs: node-version: ${{ inputs.node-version }} registry-url: ${{ inputs.registry-url }} + # 11.5.2 and later required for trusted publishing + - name: Use npm 11.5.2 + run: npm install -g npm@11.5.2 + # Yarn 3 caching strategy which follows taken from https://gist.github.com/belgattitude/042f9caf10d029badbde6cf9d43e400a - name: Expose yarn config as "$GITHUB_OUTPUT" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bc7c9d47147e..7411021d56a4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -321,6 +321,4 @@ jobs: run: npx nx release publish --tag canary --verbose env: NX_CLOUD_DISTRIBUTED_EXECUTION: false - # This secret is only accessible on the GitHub environment "main" - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} NPM_CONFIG_PROVENANCE: true From 48d8c80eca3dcb1ab6e4272deb7706cee34d5a2c Mon Sep 17 00:00:00 2001 From: JamesHenry Date: Wed, 27 Aug 2025 22:26:09 +0400 Subject: [PATCH 2/3] chore: repo --- .github/actions/prepare-install/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/prepare-install/action.yml b/.github/actions/prepare-install/action.yml index 70390db3a883..d925967d48ff 100644 --- a/.github/actions/prepare-install/action.yml +++ b/.github/actions/prepare-install/action.yml @@ -38,6 +38,7 @@ runs: # 11.5.2 and later required for trusted publishing - name: Use npm 11.5.2 + shell: bash run: npm install -g npm@11.5.2 # Yarn 3 caching strategy which follows taken from https://gist.github.com/belgattitude/042f9caf10d029badbde6cf9d43e400a From dc39514c0af441b7d8c7e087bfc9b92480274639 Mon Sep 17 00:00:00 2001 From: JamesHenry Date: Wed, 27 Aug 2025 22:29:51 +0400 Subject: [PATCH 3/3] chore: npm 11 to publish step --- .github/actions/prepare-install/action.yml | 5 ----- .github/workflows/ci.yml | 4 ++++ 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/actions/prepare-install/action.yml b/.github/actions/prepare-install/action.yml index d925967d48ff..7686f9cd4de2 100644 --- a/.github/actions/prepare-install/action.yml +++ b/.github/actions/prepare-install/action.yml @@ -36,11 +36,6 @@ runs: node-version: ${{ inputs.node-version }} registry-url: ${{ inputs.registry-url }} - # 11.5.2 and later required for trusted publishing - - name: Use npm 11.5.2 - shell: bash - run: npm install -g npm@11.5.2 - # Yarn 3 caching strategy which follows taken from https://gist.github.com/belgattitude/042f9caf10d029badbde6cf9d43e400a - name: Expose yarn config as "$GITHUB_OUTPUT" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7411021d56a4..b914e435b247 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -310,6 +310,10 @@ jobs: node-version: ${{ env.PRIMARY_NODE_VERSION }} registry-url: 'https://registry.npmjs.org' + # 11.5.2 and later required for trusted publishing + - name: Use npm 11.5.2 + run: npm install -g npm@11.5.2 + - name: Build uses: ./.github/actions/prepare-build