From 9a53997b1427cd5af09a329def6f50d5d43d28cb Mon Sep 17 00:00:00 2001 From: Boris Starkov Date: Wed, 3 Dec 2025 12:07:05 +0000 Subject: [PATCH 1/2] fix oidc --- .github/workflows/publish.yml | 9 ++-- package.json | 4 +- pnpm-lock.yaml | 77 +++++++++++++++++++++++++++++++++++ 3 files changed, 86 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 5b594ad..e7aede5 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -37,8 +37,6 @@ jobs: - name: Set up pnpm uses: pnpm/action-setup@v4 - with: - version: 9 - name: Install dependencies run: pnpm install --frozen-lockfile @@ -85,4 +83,9 @@ jobs: echo "Publish tag is $PUBLISH_TAG" - name: Publish package - run: pnpm publish --access public --no-git-checks --tag $PUBLISH_TAG --provenance + run: | + # Configure pnpm to use local npm v11.6.4 for OIDC support + NPM_BIN="$PWD/node_modules/.bin/npm" + pnpm config set npm-path "$NPM_BIN" + # Use pnpm publish with --provenance for OIDC authentication + pnpm publish --access public --no-git-checks --tag $PUBLISH_TAG --provenance diff --git a/package.json b/package.json index 5864dce..471e2f0 100644 --- a/package.json +++ b/package.json @@ -59,6 +59,7 @@ }, "devDependencies": { "@eslint/js": "^9.0.0", + "npm": "^11.6.4", "@jest/globals": "^30.0.4", "@types/fs-extra": "^11.0.2", "@types/jest": "^29.5.5", @@ -78,5 +79,6 @@ }, "engines": { "node": ">=16.0.0" - } + }, + "packageManager": "pnpm@10.20.0" } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 02aa1b5..5dfc1cb 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -87,6 +87,9 @@ importers: jest: specifier: ^29.7.0 version: 29.7.0(@types/node@20.19.25) + npm: + specifier: ^11.6.4 + version: 11.6.4 prettier: specifier: ^3.0.3 version: 3.6.2 @@ -1745,6 +1748,78 @@ packages: resolution: {integrity: sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==} engines: {node: '>=8'} + npm@11.6.4: + resolution: {integrity: sha512-ERjKtGoFpQrua/9bG0+h3xiv/4nVdGViCjUYA1AmlV24fFvfnSB7B7dIfZnySQ1FDLd0ZVrWPsLLp78dCtJdRQ==} + engines: {node: ^20.17.0 || >=22.9.0} + hasBin: true + bundledDependencies: + - '@isaacs/string-locale-compare' + - '@npmcli/arborist' + - '@npmcli/config' + - '@npmcli/fs' + - '@npmcli/map-workspaces' + - '@npmcli/metavuln-calculator' + - '@npmcli/package-json' + - '@npmcli/promise-spawn' + - '@npmcli/redact' + - '@npmcli/run-script' + - '@sigstore/tuf' + - abbrev + - archy + - cacache + - chalk + - ci-info + - cli-columns + - fastest-levenshtein + - fs-minipass + - glob + - graceful-fs + - hosted-git-info + - ini + - init-package-json + - is-cidr + - json-parse-even-better-errors + - libnpmaccess + - libnpmdiff + - libnpmexec + - libnpmfund + - libnpmorg + - libnpmpack + - libnpmpublish + - libnpmsearch + - libnpmteam + - libnpmversion + - make-fetch-happen + - minimatch + - minipass + - minipass-pipeline + - ms + - node-gyp + - nopt + - npm-audit-report + - npm-install-checks + - npm-package-arg + - npm-pick-manifest + - npm-profile + - npm-registry-fetch + - npm-user-validate + - p-map + - pacote + - parse-conflict-json + - proc-log + - qrcode-terminal + - read + - semver + - spdx-expression-parse + - ssri + - supports-color + - tar + - text-table + - tiny-relative-date + - treeverse + - validate-npm-package-name + - which + object-assign@4.1.1: resolution: {integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==} engines: {node: '>=0.10.0'} @@ -4247,6 +4322,8 @@ snapshots: dependencies: path-key: 3.1.1 + npm@11.6.4: {} + object-assign@4.1.1: {} once@1.4.0: From e09f70f11b2b58b408e56c22d54149ac7c4099f2 Mon Sep 17 00:00:00 2001 From: Boris Starkov Date: Wed, 3 Dec 2025 12:09:56 +0000 Subject: [PATCH 2/2] ci: remove pnpm version from workflows (use packageManager) --- .github/workflows/build.yml | 2 -- .github/workflows/lint.yml | 2 -- .github/workflows/test-cli.yml | 2 -- .github/workflows/test.yml | 2 -- 4 files changed, 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a7dc7d3..ed70ddb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -20,8 +20,6 @@ jobs: - name: Set up pnpm uses: pnpm/action-setup@v4 - with: - version: 9 - name: Set up node uses: actions/setup-node@v3 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index bd900be..d0ef40f 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -20,8 +20,6 @@ jobs: - name: Set up pnpm uses: pnpm/action-setup@v4 - with: - version: 9 - name: Set up node uses: actions/setup-node@v3 diff --git a/.github/workflows/test-cli.yml b/.github/workflows/test-cli.yml index 30af66a..69ea796 100644 --- a/.github/workflows/test-cli.yml +++ b/.github/workflows/test-cli.yml @@ -18,8 +18,6 @@ jobs: - name: Set up pnpm uses: pnpm/action-setup@v4 - with: - version: 9 - name: Setup Node.js uses: actions/setup-node@v4 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b0ea791..6b4b96e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,8 +19,6 @@ jobs: - name: Set up pnpm uses: pnpm/action-setup@v4 - with: - version: 9 - name: Set up node uses: actions/setup-node@v3