@nimbuslab/cli 0.3.0 → 0.3.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/workflows/publish.yml +1 -4
- package/README.md +48 -3
- package/bun.lock +36 -0
- package/package.json +1 -1
|
@@ -24,7 +24,7 @@ jobs:
|
|
|
24
24
|
- name: Setup Node (for npm publish)
|
|
25
25
|
uses: actions/setup-node@v4
|
|
26
26
|
with:
|
|
27
|
-
node-version: "
|
|
27
|
+
node-version: "24"
|
|
28
28
|
registry-url: "https://registry.npmjs.org"
|
|
29
29
|
|
|
30
30
|
- name: Install dependencies
|
|
@@ -36,8 +36,5 @@ jobs:
|
|
|
36
36
|
- name: Build
|
|
37
37
|
run: bun run build
|
|
38
38
|
|
|
39
|
-
- name: Configure npm auth
|
|
40
|
-
run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc
|
|
41
|
-
|
|
42
39
|
- name: Publish to npm
|
|
43
40
|
run: npm publish --access public
|
package/README.md
CHANGED
|
@@ -95,10 +95,55 @@ npm version major
|
|
|
95
95
|
### Fluxo de release
|
|
96
96
|
|
|
97
97
|
1. Desenvolva na branch `develop`
|
|
98
|
-
2. Avance a versao
|
|
98
|
+
2. Avance a versao no `package.json`
|
|
99
99
|
3. Commit e push: `git push origin develop`
|
|
100
|
-
4.
|
|
101
|
-
5.
|
|
100
|
+
4. Merge para `main`: `git checkout main && git merge develop && git push origin main`
|
|
101
|
+
5. GitHub Actions publica automaticamente no npm via OIDC
|
|
102
|
+
|
|
103
|
+
## CI/CD - Publicacao Automatica
|
|
104
|
+
|
|
105
|
+
O projeto usa **OIDC Trusted Publishing** para publicar no npm sem tokens.
|
|
106
|
+
|
|
107
|
+
### Como funciona
|
|
108
|
+
|
|
109
|
+
1. GitHub Actions autentica via OIDC (OpenID Connect)
|
|
110
|
+
2. npm valida a identidade do workflow
|
|
111
|
+
3. Pacote e publicado sem necessidade de token
|
|
112
|
+
|
|
113
|
+
### Configuracao inicial (ja feita)
|
|
114
|
+
|
|
115
|
+
**No npmjs.com:**
|
|
116
|
+
1. Acesse: https://www.npmjs.com/package/@nimbuslab/cli/access
|
|
117
|
+
2. Em "Trusted Publisher", adicione:
|
|
118
|
+
- Organization: `nimbuslab`
|
|
119
|
+
- Repository: `cli`
|
|
120
|
+
- Workflow: `publish.yml`
|
|
121
|
+
3. Em "Publishing access", selecione: "Require 2FA or granular token with bypass"
|
|
122
|
+
|
|
123
|
+
**No GitHub:**
|
|
124
|
+
1. Workflow em `.github/workflows/publish.yml`
|
|
125
|
+
2. Permissoes: `id-token: write` (obrigatorio para OIDC)
|
|
126
|
+
3. Node.js 24+ (versoes anteriores tem bug)
|
|
127
|
+
|
|
128
|
+
### Limitacoes (repo privado)
|
|
129
|
+
|
|
130
|
+
- `--provenance` NAO funciona em repos privados
|
|
131
|
+
- OIDC Trusted Publishing funciona normalmente
|
|
132
|
+
- Se tornar o repo publico, adicionar `--provenance` ao publish
|
|
133
|
+
|
|
134
|
+
### Troubleshooting
|
|
135
|
+
|
|
136
|
+
| Erro | Causa | Solucao |
|
|
137
|
+
|------|-------|---------|
|
|
138
|
+
| "Access token expired" | Token classico deprecado | Usar OIDC Trusted Publishing |
|
|
139
|
+
| E404 + "not in registry" | OIDC nao configurado | Configurar Trusted Publisher no npm |
|
|
140
|
+
| E422 + "private repository" | --provenance em repo privado | Remover --provenance |
|
|
141
|
+
| "id-token permission" | Falta permissao no workflow | Adicionar `id-token: write` |
|
|
142
|
+
|
|
143
|
+
### Referencias
|
|
144
|
+
|
|
145
|
+
- [npm Trusted Publishing](https://docs.npmjs.com/trusted-publishers/)
|
|
146
|
+
- [OIDC Announcement](https://github.blog/changelog/2025-07-31-npm-trusted-publishing-with-oidc-is-generally-available/)
|
|
102
147
|
|
|
103
148
|
## Stack
|
|
104
149
|
|
package/bun.lock
ADDED
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
{
|
|
2
|
+
"lockfileVersion": 1,
|
|
3
|
+
"configVersion": 1,
|
|
4
|
+
"workspaces": {
|
|
5
|
+
"": {
|
|
6
|
+
"name": "nimbus-cli",
|
|
7
|
+
"dependencies": {
|
|
8
|
+
"@clack/prompts": "^0.11.0",
|
|
9
|
+
"picocolors": "^1.1.1",
|
|
10
|
+
},
|
|
11
|
+
"devDependencies": {
|
|
12
|
+
"@types/bun": "latest",
|
|
13
|
+
"typescript": "^5",
|
|
14
|
+
},
|
|
15
|
+
},
|
|
16
|
+
},
|
|
17
|
+
"packages": {
|
|
18
|
+
"@clack/core": ["@clack/core@0.5.0", "", { "dependencies": { "picocolors": "^1.0.0", "sisteransi": "^1.0.5" } }, "sha512-p3y0FIOwaYRUPRcMO7+dlmLh8PSRcrjuTndsiA0WAFbWES0mLZlrjVoBRZ9DzkPFJZG6KGkJmoEAY0ZcVWTkow=="],
|
|
19
|
+
|
|
20
|
+
"@clack/prompts": ["@clack/prompts@0.11.0", "", { "dependencies": { "@clack/core": "0.5.0", "picocolors": "^1.0.0", "sisteransi": "^1.0.5" } }, "sha512-pMN5FcrEw9hUkZA4f+zLlzivQSeQf5dRGJjSUbvVYDLvpKCdQx5OaknvKzgbtXOizhP+SJJJjqEbOe55uKKfAw=="],
|
|
21
|
+
|
|
22
|
+
"@types/bun": ["@types/bun@1.3.6", "", { "dependencies": { "bun-types": "1.3.6" } }, "sha512-uWCv6FO/8LcpREhenN1d1b6fcspAB+cefwD7uti8C8VffIv0Um08TKMn98FynpTiU38+y2dUO55T11NgDt8VAA=="],
|
|
23
|
+
|
|
24
|
+
"@types/node": ["@types/node@25.0.10", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-zWW5KPngR/yvakJgGOmZ5vTBemDoSqF3AcV/LrO5u5wTWyEAVVh+IT39G4gtyAkh3CtTZs8aX/yRM82OfzHJRg=="],
|
|
25
|
+
|
|
26
|
+
"bun-types": ["bun-types@1.3.6", "", { "dependencies": { "@types/node": "*" } }, "sha512-OlFwHcnNV99r//9v5IIOgQ9Uk37gZqrNMCcqEaExdkVq3Avwqok1bJFmvGMCkCE0FqzdY8VMOZpfpR3lwI+CsQ=="],
|
|
27
|
+
|
|
28
|
+
"picocolors": ["picocolors@1.1.1", "", {}, "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA=="],
|
|
29
|
+
|
|
30
|
+
"sisteransi": ["sisteransi@1.0.5", "", {}, "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg=="],
|
|
31
|
+
|
|
32
|
+
"typescript": ["typescript@5.9.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw=="],
|
|
33
|
+
|
|
34
|
+
"undici-types": ["undici-types@7.16.0", "", {}, "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw=="],
|
|
35
|
+
}
|
|
36
|
+
}
|