@khanacademy/graphql-flow 3.4.0 → 3.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/.github/workflows/changeset-release.yml +17 -2
  2. package/CHANGELOG.md +12 -0
  3. package/package.json +13 -2
package/.github/workflows/changeset-release.yml CHANGED
@@ -5,6 +5,10 @@ on:
5
5
  branches:
6
6
  - main
7
7
 
8
+ permissions:
9
+ id-token: write # required for publishing to npm
10
+ contents: write # required to `git push`
11
+
8
12
  # This workflow will run changesets depending on two different scenarios:
9
13
  #
10
14
  # 1. If we are landing a specific commit into main (Author PR), then
@@ -36,18 +40,29 @@ jobs:
36
40
  with:
37
41
  node-version: 20.x
38
42
 
43
+ - name: ⬆️ Upgrade npm for OIDC support
44
+ shell: bash
45
+ run: |
46
+ # npm trusted publishing requires npm CLI v11.5.1+
47
+ # Node.js 22 ships with npm 10.x, so we need to upgrade
48
+ npm install -g npm@latest
49
+ echo "✅ npm upgraded to $(npm --version)"
50
+
39
51
  - name: Create Release Pull Request or Publish to npm
40
52
  id: changesets
41
53
  uses: changesets/action@v1
42
54
  with:
43
- publish: yarn publish:ci
55
+ publish: npm run publish:ci
44
56
  env:
45
57
  # We use a Personal Access Token here rather than the GITHUB_TOKEN
46
58
  # so that it will trigger our other actions. The token has to be on
47
59
  # the account of someone with appropriate access levels and given the
48
60
  # repo scope.
49
61
  GITHUB_TOKEN: ${{ secrets.KHAN_ACTIONS_BOT_TOKEN }}
50
- NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
62
+ # Note: we no longer use the NPM_TOKEN secret because we've enabled
63
+ # Trusted Publishing (https://docs.npmjs.com/trusted-publishers) on
64
+ # the npmjs.com side:
65
+ # https://www.npmjs.com/package/@khanacademy/graphql-flow/access
51
66
 
52
67
  - name: Send a Slack notification for web if a publish happens
53
68
  if: steps.changesets.outputs.published == 'true'
package/CHANGELOG.md CHANGED
@@ -1,5 +1,17 @@
1
1
  # @khanacademy/graphql-flow
2
2
 
3
+ ## 3.4.2
4
+
5
+ ### Patch Changes
6
+
7
+ - 958d35e: Enable Trusted Publishing for npm
8
+
9
+ ## 3.4.1
10
+
11
+ ### Patch Changes
12
+
13
+ - 92b8412: Update project to use Trusted Publishing
14
+
3
15
  ## 3.4.0
4
16
 
5
17
  ### Minor Changes
package/package.json CHANGED
@@ -1,8 +1,19 @@
1
1
  {
2
2
  "name": "@khanacademy/graphql-flow",
3
- "version": "3.4.0",
3
+ "version": "3.4.2",
4
+ "repository": {
5
+ "type": "git",
6
+ "url": "https://github.com/Khan/graphql-flow.git"
7
+ },
8
+ "bugs": {
9
+ "url": "https://github.com/Khan/graphql-flow/issues"
10
+ },
11
+ "publishConfig": {
12
+ "access": "public",
13
+ "provenance": true
14
+ },
4
15
  "bin": {
5
- "graphql-flow": "./dist/cli/run.js"
16
+ "graphql-flow": "dist/cli/run.js"
6
17
  },
7
18
  "jest": {
8
19
  "testPathIgnorePatterns": [