npm - semantic-release-lerna - Versions diffs - 2.14.0 → 2.14.1 - Mend

semantic-release-lerna 2.14.0 → 2.14.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -48,6 +48,12 @@ $ npm install semantic-release-lerna -D
 When publishing to the [official registry](https://registry.npmjs.org/), it is recommended to use [trusted publishing](https://docs.npmjs.com/trusted-publishers) for authentication.
 See the [npm registry authentication](https://github.com/semantic-release/npm?tab=readme-ov-file#npm-registry-authentication) section for `@semantic-release/npm` for details.
+> [!IMPORTANT]
+> Trusted publishing requires Lerna v9 or later.
+> If you still use an older version you need to either use `NPM_TOKEN` or update your Lerna version.
+Each non-private package will need trusted publishing to be enabled.
 For alternative registries or when trusted publishing cannot be used the `NPM_TOKEN` environment variable must be set.
 ### semantic release configuration

package/dist/index.js CHANGED Viewed

@@ -32073,7 +32073,7 @@ async function exchangeIdToken(idToken, packageName, logger) {
 }
 async function exchangeGithubActionsToken(packageName, logger) {
   let idToken;
-  logger.log("Verifying OIDC context for publishing from GitHub Actions");
+  logger.log(`Verifying OIDC context for publishing "${packageName}" from GitHub Actions`);
   try {
     idToken = await getIDToken("npm:registry.npmjs.org");
   } catch (e) {
@@ -32085,8 +32085,10 @@ async function exchangeGithubActionsToken(packageName, logger) {
 }
 async function exchangeGitlabPipelinesToken(packageName, logger) {
   const idToken = process.env.NPM_ID_TOKEN;
-  logger.log("Verifying OIDC context for publishing from GitLab Pipelines");
+  logger.log(`Verifying OIDC context for publishing "${packageName}" from GitLab Pipelines`);
   if (!idToken) {
+    logger.log(`Retrieval of GitLab Pipelines OIDC token failed`);
+    logger.log("Have you set the `id_tokens.NPM_ID_TOKEN` property to this pipeline job?");
     return void 0;
   }
   return exchangeIdToken(idToken, packageName, logger);
@@ -32103,8 +32105,20 @@ function exchangeToken(pkg, { logger }) {
 }
 // src/trusted-publishing/oidc-context.js
-async function oidcContextEstablished(registry, pkg, context) {
-  return OFFICIAL_REGISTRY === registry && Boolean(await exchangeToken(pkg, context));
+async function oidcContextEstablished(registry, packages, context) {
+  if (OFFICIAL_REGISTRY !== registry) {
+    return false;
+  }
+  if (packages.length === 0) {
+    return false;
+  }
+  for (const pkg of packages) {
+    const ok = await exchangeToken(pkg, context);
+    if (!ok) {
+      return false;
+    }
+  }
+  return true;
 }
 // src/verify-auth.js
@@ -32135,8 +32149,11 @@ async function verifyTokenAuth(registry, npmrc2, context) {
   }
 }
 async function verify_auth_default(npmrc2, pkg, context) {
+  const { cwd, logger } = context;
   const registry = get_registry_default(pkg, context);
-  if (await oidcContextEstablished(registry, pkg, context)) {
+  const project = new Project(cwd, logger);
+  const packages = (await project.getPackages()).filter((pkg2) => !pkg2.private);
+  if (await oidcContextEstablished(registry, packages, context)) {
     return;
   }
   await set_npmrc_auth_default(npmrc2, registry, context);
@@ -34479,7 +34496,11 @@ async function verifyConditions(pluginConfig, context) {
       await verify_auth_default(npmrc, pkg, context);
     }
   } catch (error) {
-    errors.push(...error.errors);
+    if (Array.isArray(error.errors)) {
+      errors.push(...error.errors);
+    } else {
+      errors.push(error);
+    }
   }
   if (errors.length > 0) {
     throw new AggregateError2(errors);
@@ -34495,7 +34516,11 @@ async function prepare(pluginConfig, context) {
       await verify_auth_default(npmrc, pkg, context);
     }
   } catch (error) {
-    errors.push(...error);
+    if (Array.isArray(error.errors)) {
+      errors.push(...error.errors);
+    } else {
+      errors.push(error);
+    }
   }
   if (errors.length > 0) {
     throw new AggregateError2(errors);
@@ -34511,7 +34536,11 @@ async function publish(pluginConfig, context) {
       await verify_auth_default(npmrc, pkg, context);
     }
   } catch (error) {
-    errors.push(...error);
+    if (Array.isArray(error.errors)) {
+      errors.push(...error.errors);
+    } else {
+      errors.push(error);
+    }
   }
   if (errors.length > 0) {
     throw new AggregateError2(errors);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "semantic-release-lerna",
-  "version": "2.14.0",
+  "version": "2.14.1",
   "description": "semantic-release plugin to publish lerna monorepo packages to npm",
   "keywords": [
     "npm",
@@ -18,6 +18,12 @@
     "type": "git",
     "url": "git+https://github.com/ext/semantic-release-lerna.git"
   },
+  "funding": [
+    {
+      "type": "github",
+      "url": "https://github.com/sponsors/ext"
+    }
+  ],
   "license": "MIT",
   "author": "David Sveningsson <ext@sidvind.com>",
   "contributors": [