javascript/ionic-framework
1
0
Fork 0
mirror of https://github.com/ionic-team/ionic-framework.git synced 2026-03-13 10:22:08 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c37e2a5d9e765cf48d768061c9d453a13b187e13
ionic-framework/.github/workflows/update-screenshots.yml
Gonçalo M. c37e2a5d9e chore(npm): Update release npm action to stop using tokens (#30778) 
Issue number: internal

---------

<!-- Please do not submit updates to dependencies unless it fixes an
issue. -->

<!-- Please try to limit your pull request to one type (bugfix, feature,
etc). Submit multiple pull requests if needed. -->

## What is the current behavior?
<!-- Please describe the current behavior that you are modifying. -->

- Release workflows still inject a long-lived `NPM_TOKEN` via `.npmrc`,
so publishes do not use npm’s trusted OIDC flow.

## What is the new behavior?
<!-- Please describe the behavior or changes that are being added by
this PR. -->

- The shared `actions/publish-npm` composite action now configures
`setup-node` with the npm registry, upgrades npm in place, and publishes
with `--provenance` without writing `.npmrc`.
- `release-dev.yml`, `release-nightly.yml`, and `release-production.yml`
call into that trusted flow by removing the token input and (for
production) inlining the same OIDC setup before `npm run release.ci`.
- Allows npm to authenticate through trusted publishing requirements
[docs.npmjs.com/trusted-publishers](https://docs.npmjs.com/trusted-publishers).
- Step names were refreshed with emojis, but there are no other
behavioral changes.


## Does this introduce a breaking change?

- [ ] Yes
- [x] No

<!--
  If this introduces a breaking change:
1. Describe the impact and migration path for existing applications
below.
  2. Update the BREAKING.md file with the breaking change.
3. Add "BREAKING CHANGE: [...]" to the commit description when merging.
See
https://github.com/ionic-team/ionic-framework/blob/main/docs/CONTRIBUTING.md#footer
for more information.
-->


## Other information

<!-- Any other information that is important to this PR such as
screenshots of how the component looks before and after the change. -->

- These changes align the Ionic release automation with npm’s
trusted-publisher enforcement while keeping the existing Lerna
build/publish process intact.

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-11-11 19:35:11 +00:00

73 lines
3.3 KiB
YAML
Raw Blame History

name: 'Update Reference Screenshots'
on:
workflow_dispatch:
inputs:
# Screenshots can be updated for all components or specified component(s).
# If the `component` variable is set, then the test has the option to
# - run all the instances of the specified component(s) in the `src/components` folder
# -- For example: if the `component` value is "item", then the following command will be: `npm run test.e2e item`
# - run the specified file path
# -- For example: if the `component` value is "src/components/item/test/basic", then the following command will be: `npm run test.e2e src/components/item/test/basic`
# - run multiple specified components based on the space-separated value
# -- For example: if the `component` value is "item basic", then the following command will be: `npm run test.e2e item basic`
# -- For example: if the `component` value is "src/components/item/test/basic src/components/item/test/a11y", then the following command will be: `npm run test.e2e src/components/item/test/basic src/components/item/test/a11y`
#
# If the `component` variable is not set, then the test will run all the instances of the components in the `src/components` folder.
# - For example: `npm run test.e2e`
#
# More common options can be found at the Playwright Command line page: https://playwright.dev/docs/test-cli
component:
description: 'What component(s) should be updated? (leave blank to update all or use a space-separated list for multiple components)'
required: false
default: ''
jobs:
build-core:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/workflows/actions/build-core
test-core-screenshot:
strategy:
# This ensures that all screenshot shard
# failures are reported so the dev can
# review everything at once.
fail-fast: false
matrix:
# Divide the tests into n buckets
# and run those buckets in parallel.
# To increase the number of shards,
# add new items to the shard array
# and change the value of totalShards
# to be the length of the shard array.
shard: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20]
totalShards: [20]
needs: [build-core]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/workflows/actions/test-core-screenshot
with:
shard: ${{ matrix.shard }}
totalShards: ${{ matrix.totalShards }}
update: true
component: ${{ inputs.component }}
update-reference-screenshots:
runs-on: ubuntu-latest
needs: [test-core-screenshot]
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
# Normally, we could just push with the
# default GITHUB_TOKEN, but that will
# not cause the build workflow
# to re-run. We use Ionitron's
# Personal Access Token instead
# to allow for this build workflow
# to run when the screenshots are pushed.
with:
token: ${{ secrets.IONITRON_TOKEN }}
- uses: ./.github/workflows/actions/update-reference-screenshots
Reference in New Issue View Git Blame Copy Permalink