ui-soxo-bootstrap-core 2.6.32-dev.1 → 2.6.32-dev.5

package/.github/workflows/npm-publish.yml

@@ -1,6 +1,3 @@
-# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
-# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages
-
 name: Node.js Package
 
 on:
@@ -8,26 +5,55 @@ on:
     types: [created]
 
 jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-      - run: npm i
-#       - run: npm test
-
   publish-npm:
-    needs: build
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: 16
+          node-version: 20
           registry-url: https://registry.npmjs.org/
-      - run: npm i
-      - run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
+      - run: npm install -g npm@latest
+      - run: npm install
+
+      - name: Determine npm dist-tag
+        id: dist_tag
+        shell: bash
+        run: |
+          VERSION=$(node -p "require('./package.json').version")
+          echo "package.json version: $VERSION"
+          echo "release tag:          ${GITHUB_REF_NAME}"
+          if [[ "v${VERSION}" != "${GITHUB_REF_NAME}" ]]; then
+            echo "::error::Release tag '${GITHUB_REF_NAME}' does not match package.json version 'v${VERSION}'."
+            echo "::error::Bump the version with 'npm version' and re-create the release."
+            exit 1
+          fi
+          if [[ "$VERSION" == *-dev* ]]; then
+            echo "tag=dev" >> "$GITHUB_OUTPUT"
+            echo "Will publish with dist-tag: dev"
+          else
+            echo "tag=latest" >> "$GITHUB_OUTPUT"
+            echo "Will publish with dist-tag: latest"
+          fi
+
+      - name: Diagnose npm + OIDC environment
+        shell: bash
+        run: |
+          echo "--- versions ---"
+          node --version
+          npm --version
+          echo "--- OIDC env presence (must both be 'yes' for trusted publishing) ---"
+          echo "ACTIONS_ID_TOKEN_REQUEST_URL set:   ${ACTIONS_ID_TOKEN_REQUEST_URL:+yes}"
+          echo "ACTIONS_ID_TOKEN_REQUEST_TOKEN set: ${ACTIONS_ID_TOKEN_REQUEST_TOKEN:+yes}"
+          echo "--- effective .npmrc (user) ---"
+          cat ~/.npmrc 2>/dev/null || echo "(none)"
+          echo "--- effective .npmrc (project) ---"
+          cat .npmrc 2>/dev/null || echo "(none)"
+          echo "--- npm config (auth-related) ---"
+          npm config get registry
+          npm config get //registry.npmjs.org/:_authToken || true
+
+      - run: npm publish --provenance --access public --tag ${{ steps.dist_tag.outputs.tag }} --loglevel=verbose

package/DEVELOPER_GUIDE.md

@@ -17,6 +17,7 @@ Incorrect versioning or incorrect tags will break the publish pipeline — follo
 - Publishing via GitHub Release UI
 - How GitHub Action Detects Release Type
 - Summary Table
+- CI/CD Authentication (Trusted Publishing)
 - Common Mistakes & Fixes
 
 ---
@@ -255,17 +256,14 @@ npm publish --tag dev
 
 # ⚙️ How GitHub Action Detects Release Type
 
-If version contains `dev`:
+The workflow reads the `version` field from `package.json` at publish time:
 
-```
-npm publish --tag dev
-```
+| Condition                    | Command                                                 | Result                             |
+| ---------------------------- | ------------------------------------------------------- | ---------------------------------- |
+| Version contains `-dev`      | `npm publish --provenance --access public --tag dev`    | Publishes to the `dev` dist-tag    |
+| Version has no `-dev` suffix | `npm publish --provenance --access public --tag latest` | Publishes to the `latest` dist-tag |
 
-Otherwise:
-
-```
-npm publish
-```
+The workflow also enforces that the GitHub release tag matches `v<version>` from `package.json` and fails the run immediately if they diverge — this prevents the most common publish failure described below.
 
 ---
 
@@ -283,6 +281,37 @@ npm publish
 
 ---
 
+# 🔐 CI/CD Authentication (Trusted Publishing)
+
+As of npm's 2025 policy changes, classic automation tokens (`NPM_TOKEN`) are deprecated. This repo now authenticates to npm via **OIDC Trusted Publishing** — GitHub Actions exchanges a short-lived OIDC token for a publish token at run time, so **no secret is stored in the repository**.
+
+## What this means for developers
+
+Nothing. You still follow the same flow: `npm version` → push tag → create GitHub Release. The auth happens transparently in CI.
+
+## What this means for maintainers
+
+The first-time setup on npmjs.com must be done once per package:
+
+1. Log in to [npmjs.com](https://www.npmjs.com) → open the package (`ui-soxo-bootstrap-core`) → **Settings**.
+2. Under **Trusted Publisher**, click **Add trusted publisher** and fill in:
+   - Publisher: **GitHub Actions**
+   - Organization or user: `soxo-tech`
+   - Repository: `bootstrap-core`
+   - Workflow filename: `npm-publish.yml`
+   - Environment name: *(leave blank)*
+3. Save. Any old `NPM_TOKEN` repository secret can be removed.
+
+## Runtime requirements
+
+The workflow runs on Node 20 and upgrades npm to the latest CLI (`npm install -g npm@latest`) because OIDC trusted publishing requires **npm ≥ 11.5.1**. The `--provenance` flag attaches a verifiable build attestation to every published version, visible on the npmjs.com package page.
+
+## If publish fails with `403 Forbidden` or `ENEEDAUTH`
+
+The trusted publisher config on npmjs.com no longer matches the workflow. Check that org, repo, and workflow filename match exactly — including case.
+
+---
+
 # ⚠️ Common Mistakes & Fixes
 
 | Mistake                   | Issue              | Fix                          |

package/core/lib/components/global-header/global-header.js

@@ -243,7 +243,7 @@ function GlobalHeaderContent({ loading, appSettings, children, isConnected, hist
             marginTop: '3rem',
             right: '2%',
             position: 'absolute',
-            zIndex: 1001,
+            zIndex: 1008,
           }}
         >
           <LicenseAlert data={licenseData} />

package/core/lib/elements/complex/qrscanner/qrscanner.js

@@ -8,7 +8,7 @@
  */
 
 import React, { useEffect, useRef } from 'react';
-import { Html5Qrcode } from 'html5-qrcode';
+import { Html5Qrcode } from 'html5-qrcode/cjs/index.js';
 
 /**
  * QrScanner Component

package/core/models/users/components/user-add/user-add.js

@@ -161,6 +161,10 @@ const UserAdd = ({ model, callback, edit, history, formContent, match, additiona
 
         setDisabled(true);
       }
+      /** If user has FA set to false , then disable authentication */
+      if (formContent?.FA === false) {
+        setAuthentication(false);
+      }
     }
   }, []);
 

package/core/models/users/components/user-add/user-edit.js

@@ -68,7 +68,7 @@ export default function UserEdit(record) {
             doctor_code: apiData.doctor_code,
             staff_code: apiData.staff_id,
             auth_type: apiData.auth_type,
-            FA: apiData.FA,
+            FA: otherDetails.FA,
             active: apiData.active ? true : false,
           };
           // Set form data state

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ui-soxo-bootstrap-core",
-  "version": "2.6.32-dev.1",
+  "version": "2.6.32-dev.5",
   "description": "All the Core Components for you to start",
   "keywords": [
     "all in one"