javascript/ionic-framework
1
0
Fork 0
mirror of https://github.com/ionic-team/ionic-framework.git synced 2025-12-19 05:19:42 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
fix/focus-trap
ionic-framework/.github/workflows/dev-build.yml
Gonçalo M. c37e2a5d9e chore(npm): Update release npm action to stop using tokens (#30778) 
Issue number: internal

---------

<!-- Please do not submit updates to dependencies unless it fixes an
issue. -->

<!-- Please try to limit your pull request to one type (bugfix, feature,
etc). Submit multiple pull requests if needed. -->

## What is the current behavior?
<!-- Please describe the current behavior that you are modifying. -->

- Release workflows still inject a long-lived `NPM_TOKEN` via `.npmrc`,
so publishes do not use npm’s trusted OIDC flow.

## What is the new behavior?
<!-- Please describe the behavior or changes that are being added by
this PR. -->

- The shared `actions/publish-npm` composite action now configures
`setup-node` with the npm registry, upgrades npm in place, and publishes
with `--provenance` without writing `.npmrc`.
- `release-dev.yml`, `release-nightly.yml`, and `release-production.yml`
call into that trusted flow by removing the token input and (for
production) inlining the same OIDC setup before `npm run release.ci`.
- Allows npm to authenticate through trusted publishing requirements
[docs.npmjs.com/trusted-publishers](https://docs.npmjs.com/trusted-publishers).
- Step names were refreshed with emojis, but there are no other
behavioral changes.


## Does this introduce a breaking change?

- [ ] Yes
- [x] No

<!--
  If this introduces a breaking change:
1. Describe the impact and migration path for existing applications
below.
  2. Update the BREAKING.md file with the breaking change.
3. Add "BREAKING CHANGE: [...]" to the commit description when merging.
See
https://github.com/ionic-team/ionic-framework/blob/main/docs/CONTRIBUTING.md#footer
for more information.
-->


## Other information

<!-- Any other information that is important to this PR such as
screenshots of how the component looks before and after the change. -->

- These changes align the Ionic release automation with npm’s
trusted-publisher enforcement while keeping the existing Lerna
build/publish process intact.

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-11-11 19:35:11 +00:00

41 lines
1.1 KiB
YAML
Raw Permalink Blame History

name: 'Ionic Dev Build'
on:
workflow_dispatch:
jobs:
create-dev-hash:
runs-on: ubuntu-latest
outputs:
dev-hash: ${{ steps.create-dev-hash.outputs.DEV_HASH }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
# A 1 is required before the timestamp
# as lerna will fail when there is a leading 0
# See https://github.com/lerna/lerna/issues/2840
- name: Install Dependencies
run: npm ci
shell: bash
- id: create-dev-hash
name: Create Dev Hash
run: |
echo "DEV_HASH=$(node ./.scripts/bump-version.js)-dev.1$(date +%s).1$(git log -1 --format=%H | cut -c 1-7)" >> $GITHUB_OUTPUT
shell: bash
release-ionic:
needs: [create-dev-hash]
permissions:
id-token: write
uses: ./.github/workflows/release-ionic.yml
with:
tag: dev
version: ${{ needs.create-dev-hash.outputs.dev-hash }}
get-build:
name: Get your dev build!
runs-on: ubuntu-latest
needs: [create-dev-hash, release-ionic]
steps:
- run: echo ${{ needs.create-dev-hash.outputs.dev-hash }}
Reference in New Issue View Git Blame Copy Permalink