@nimbuslab/cli 0.3.4 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +48 -3
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -95,10 +95,55 @@ npm version major
95
95
  ### Fluxo de release
96
96
 
97
97
  1. Desenvolva na branch `develop`
98
- 2. Avance a versao: `npm version patch|minor|major`
98
+ 2. Avance a versao no `package.json`
99
99
  3. Commit e push: `git push origin develop`
100
- 4. Crie PR para `main`
101
- 5. Apos merge, GitHub Actions publica automaticamente no npm
100
+ 4. Merge para `main`: `git checkout main && git merge develop && git push origin main`
101
+ 5. GitHub Actions publica automaticamente no npm via OIDC
102
+
103
+ ## CI/CD - Publicacao Automatica
104
+
105
+ O projeto usa **OIDC Trusted Publishing** para publicar no npm sem tokens.
106
+
107
+ ### Como funciona
108
+
109
+ 1. GitHub Actions autentica via OIDC (OpenID Connect)
110
+ 2. npm valida a identidade do workflow
111
+ 3. Pacote e publicado sem necessidade de token
112
+
113
+ ### Configuracao inicial (ja feita)
114
+
115
+ **No npmjs.com:**
116
+ 1. Acesse: https://www.npmjs.com/package/@nimbuslab/cli/access
117
+ 2. Em "Trusted Publisher", adicione:
118
+ - Organization: `nimbuslab`
119
+ - Repository: `cli`
120
+ - Workflow: `publish.yml`
121
+ 3. Em "Publishing access", selecione: "Require 2FA or granular token with bypass"
122
+
123
+ **No GitHub:**
124
+ 1. Workflow em `.github/workflows/publish.yml`
125
+ 2. Permissoes: `id-token: write` (obrigatorio para OIDC)
126
+ 3. Node.js 24+ (versoes anteriores tem bug)
127
+
128
+ ### Limitacoes (repo privado)
129
+
130
+ - `--provenance` NAO funciona em repos privados
131
+ - OIDC Trusted Publishing funciona normalmente
132
+ - Se tornar o repo publico, adicionar `--provenance` ao publish
133
+
134
+ ### Troubleshooting
135
+
136
+ | Erro | Causa | Solucao |
137
+ |------|-------|---------|
138
+ | "Access token expired" | Token classico deprecado | Usar OIDC Trusted Publishing |
139
+ | E404 + "not in registry" | OIDC nao configurado | Configurar Trusted Publisher no npm |
140
+ | E422 + "private repository" | --provenance em repo privado | Remover --provenance |
141
+ | "id-token permission" | Falta permissao no workflow | Adicionar `id-token: write` |
142
+
143
+ ### Referencias
144
+
145
+ - [npm Trusted Publishing](https://docs.npmjs.com/trusted-publishers/)
146
+ - [OIDC Announcement](https://github.blog/changelog/2025-07-31-npm-trusted-publishing-with-oidc-is-generally-available/)
102
147
 
103
148
  ## Stack
104
149
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nimbuslab/cli",
3
- "version": "0.3.4",
3
+ "version": "0.3.5",
4
4
  "description": "CLI para criar projetos nimbuslab",
5
5
  "type": "module",
6
6
  "bin": {