Skip to content

DX-809 update to use preferred OIDC for npm publish in github actions #69

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lloyd-cio merged 21 commits into from
Dec 1, 2025
Merged

DX-809 update to use preferred OIDC for npm publish in github actions #69

Changes from 5 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
ac0c9ad
DX-809 update to use preferred OIDC for npm publish in github actions
lloyd-cio Nov 14, 2025
282cbee
bump node version
lloyd-cio Nov 19, 2025
9c34770
configure to run a dry run test publish
lloyd-cio Nov 19, 2025
dea10d6
axe this for now, as well
lloyd-cio Nov 19, 2025
e291530
drop this flag
lloyd-cio Nov 19, 2025
02a39fc
missed these two
lloyd-cio Nov 19, 2025
2bad318
upgrade version
lloyd-cio Nov 19, 2025
03cf762
try this
lloyd-cio Nov 19, 2025
41a99f8
update this
lloyd-cio Nov 19, 2025
8805a3a
yarn install
lloyd-cio Nov 19, 2025
756cad0
publish test versions to confirm the OIDC config is working
lloyd-cio Nov 21, 2025
c3ffbe3
non dry run - publish the actual test versions
lloyd-cio Nov 21, 2025
5a1ce7a
add missing provenance config block required for OIDC
lloyd-cio Nov 21, 2025
ade3c12
revert changes for publishing test package
lloyd-cio Nov 21, 2025
141eddd
add missing permissions t github job
lloyd-cio Nov 24, 2025
8e2a588
resolve commented issues
lloyd-cio Nov 24, 2025
6f0c045
drop unecessary flag
lloyd-cio Nov 24, 2025
c66457d
consistent env and keep the flag for now to avoid issues
lloyd-cio Nov 26, 2025
fff3d3a
clean up
lloyd-cio Nov 26, 2025
61a481c
address cursor's PR comment
lloyd-cio Nov 26, 2025
9a1188c
add access flags
lloyd-cio Dec 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
149 changes: 21 additions & 128 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,85 +20,34 @@ on:
description: Perform a dry run
required: true
default: true
pull_request:
types:
- opened
- synchronize

jobs:
npm:
runs-on: ubuntu-latest
environment: release
permissions:
id-token: write
contents: read

steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Setup node.js for NPM
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: 14
node-version: 20
cache: 'yarn'
registry-url: 'https://registry.npmjs.org'
scope: '@customerio'

- name: Install
run: |
yarn install --frozen-lockfile

- name: Bump core
run: |
cd packages/core
yarn version ${{ github.event.inputs.version }}

- name: Bump browser
run: |
cd packages/browser
yarn version ${{ github.event.inputs.version }}
yarn run build-prep

- name: Bump node
run: |
cd packages/node
yarn version ${{ github.event.inputs.version }}

- name: Build
run: |
yarn build

- name: Publish (dry-run)
if: ${{ github.event.inputs.dry-run == 'true' }}
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
for package in core browser node; do
pushd packages/$package
npm publish --dry-run
popd
done

- name: Publish
if: ${{ github.event.inputs.dry-run == 'false' }}
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
for package in core browser node; do
pushd packages/$package
npm publish
popd
done

github:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Setup node.js for GitHub
uses: actions/setup-node@v3
with:
node-version: 14
cache: 'yarn'
registry-url: 'https://npm.pkg.github.com'
scope: '@customerio'
- name: Install npm 11.5.1+ for OIDC support
run: npm install -g npm@latest

- name: Install
run: |
Expand All @@ -107,88 +56,32 @@ jobs:
- name: Bump core
run: |
cd packages/core
yarn version ${{ github.event.inputs.version }}
yarn version 0.0.0-test-oidc --no-git-tag-version
# yarn version ${{ github.event.inputs.version }}

- name: Bump browser
run: |
cd packages/browser
yarn version ${{ github.event.inputs.version }}
yarn version 0.0.0-test-oidc --no-git-tag-version
# yarn version ${{ github.event.inputs.version }}
yarn run build-prep

- name: Bump node
run: |
cd packages/node
yarn version ${{ github.event.inputs.version }}
yarn version 0.0.0-test-oidc
# yarn version ${{ github.event.inputs.version }}

- name: Build
run: |
yarn build

- name: Publish (dry-run)
if: ${{ github.event.inputs.dry-run == 'true' }}
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
for package in core browser node; do
pushd packages/$package
npm publish --dry-run
popd
done

- name: Publish
if: ${{ github.event.inputs.dry-run == 'false' }}
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
for package in core browser node; do
pushd packages/$package
npm publish
echo "Publishing $package"
npm publish --dry-run --tag test-oidc
popd
done

commit:
runs-on: ubuntu-latest

needs: [npm, github]

steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Set Git Identity
run: |
git config --global user.name "Customer.io"
git config --global user.email "win@customer.io"

- name: Install
run: |
yarn install --frozen-lockfile

- name: Bump core
run: |
cd packages/core
yarn version ${{ github.event.inputs.version }}

- name: Bump browser
run: |
cd packages/browser
yarn version ${{ github.event.inputs.version }}
yarn run build-prep

- name: Bump node
run: |
cd packages/node
yarn version ${{ github.event.inputs.version }}

- name: Show commit (dry-run)
if: ${{ github.event.inputs.dry-run == 'true' }}
run: |
git commit -am "Update version"
git show

- name: Push changes
if: ${{ github.event.inputs.dry-run == 'false' }}
run: |
git commit -am "Update version"
git push
Loading