@daiyam/artifact-npm 0.6.3 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/configs/.github/workflows/publish.yml +23 -10
  2. package/configs/.github/zizmor.yml +5 -0
  3. package/configs/package.json +1 -6
  4. package/package.json +2 -2
package/configs/.github/workflows/publish.yml CHANGED
@@ -1,20 +1,25 @@
1
1
  name: Publish Package
2
+
2
3
  on:
3
- workflow_dispatch: null
4
+ workflow_dispatch: {}
4
5
  push:
5
6
  tags:
6
7
  - v*
8
+
7
9
  permissions:
8
10
  id-token: write # NPM
9
11
  contents: write # Release
12
+
10
13
  jobs:
11
14
  publish:
12
15
  runs-on: ubuntu-latest
13
16
  steps:
14
17
  - name: Checkout code
15
- uses: actions/checkout@v6
18
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
16
19
  with:
17
20
  fetch-depth: 0
21
+ persist-credentials: false
22
+
18
23
  - name: Get Version
19
24
  run: |
20
25
  # Get the latest tag
@@ -25,10 +30,11 @@ jobs:
25
30
  fi
26
31
  echo "VERSION=$LATEST_TAG" >> $GITHUB_ENV
27
32
  echo "Using version: $LATEST_TAG"
33
+
28
34
  - name: Check Existing Release
29
35
  run: |
30
36
  # Try to get the release information
31
- RELEASE_INFO=$(gh release view ${{ env.VERSION }} --json assets,url 2>/dev/null || echo "")
37
+ RELEASE_INFO=$(gh release view ${VERSION} --json assets,url 2>/dev/null || echo "")
32
38
  if [ ! -z "$RELEASE_INFO" ]; then
33
39
  echo "Release exists"
34
40
  echo "RELEASE_EXISTS=yes" >> $GITHUB_ENV
@@ -44,19 +50,23 @@ jobs:
44
50
  fi
45
51
  env:
46
52
  GH_TOKEN: ${{ github.token }}
53
+
47
54
  - name: Download Existing TGZ
48
55
  if: env.RELEASE_EXISTS == 'yes' && env.TGZ_URL != ''
49
56
  run: |
50
- gh api ${{ env.TGZ_URL }} --header 'Accept: application/octet-stream' > ${{ env.TGZ_NAME }}
51
- echo "CHECKSUM=$(sha256sum ${{ env.TGZ_NAME }} | cut -d ' ' -f 1)" >> $GITHUB_ENV
57
+ gh api ${TGZ_URL} --header 'Accept: application/octet-stream' > ${TGZ_NAME}
58
+ echo "CHECKSUM=$(sha256sum ${TGZ_NAME} | cut -d ' ' -f 1)" >> $GITHUB_ENV
52
59
  env:
53
60
  GH_TOKEN: ${{ github.token }}
61
+
54
62
  - name: Setup Node.js
55
63
  if: env.RELEASE_EXISTS == 'no'
56
- uses: actions/setup-node@v6
64
+ uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
57
65
  with:
58
- node-version: "24"
66
+ node-version: latest
59
67
  registry-url: https://registry.npmjs.org
68
+ package-manager-cache: false
69
+
60
70
  - name: Build
61
71
  if: env.RELEASE_EXISTS == 'no'
62
72
  run: |
@@ -67,18 +77,20 @@ jobs:
67
77
  echo "TGZ_NAME=$TGZ_NAME" >> $GITHUB_ENV
68
78
  echo "CHECKSUM=$CHECKSUM" >> $GITHUB_ENV
69
79
  echo "$CHECKSUM" > "$TGZ_NAME.sha256"
80
+
70
81
  - name: Get Changelog
71
82
  if: env.RELEASE_EXISTS == 'no'
72
83
  run: |
73
- CHANGELOG_ENTRY=$(node .github/scripts/get-changelog.js ${{ env.VERSION }})
84
+ CHANGELOG_ENTRY=$(node .github/scripts/get-changelog.js ${VERSION})
74
85
  # Properly handle multiline output in GitHub Actions
75
86
  EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
76
87
  echo "CHANGELOG_ENTRY<<$EOF" >> $GITHUB_ENV
77
88
  echo "$CHANGELOG_ENTRY" >> $GITHUB_ENV
78
89
  echo "$EOF" >> $GITHUB_ENV
90
+
79
91
  - name: Release
80
92
  if: env.RELEASE_EXISTS == 'no'
81
- uses: softprops/action-gh-release@v2
93
+ uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1
82
94
  with:
83
95
  files: |
84
96
  ${{ env.TGZ_NAME }}
@@ -95,5 +107,6 @@ jobs:
95
107
  ```
96
108
  ${{ env.CHECKSUM }}
97
109
  ```
110
+
98
111
  - name: Publish to NPM Registry
99
- run: npm publish --access=public
112
+ run: npm publish --provenance --access=public
package/configs/.github/zizmor.yml ADDED
@@ -0,0 +1,5 @@
1
+ rules:
2
+ superfluous-actions:
3
+ ignore:
4
+ # allows `softprops/action-gh-release` action
5
+ - publish.yml:93
package/configs/package.json CHANGED
@@ -3,11 +3,6 @@
3
3
  "release": "release-it"
4
4
  },
5
5
  "devDependencies": {
6
- "release-it": "^19.2.4"
7
- },
8
- "overrides": {
9
- "release-it": {
10
- "undici": "^6.24.1"
11
- }
6
+ "release-it": "20.0.0-1"
12
7
  }
13
8
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@daiyam/artifact-npm",
3
- "version": "0.6.3",
3
+ "version": "0.7.1",
4
4
  "description": "The configuration to create node modules and publish them on npm.",
5
5
  "author": {
6
6
  "name": "Baptiste Augrain",
@@ -31,5 +31,5 @@
31
31
  "project-template",
32
32
  "scaffold"
33
33
  ],
34
- "gitHead": "0e08b728d3788009c0c81f21b0e06d8682964c82"
34
+ "gitHead": "6c3e6970d79755e6a60f51a0653fc66702973eb2"
35
35
  }