From 48b664c23708af01825189781f83f3e7bd479f31 Mon Sep 17 00:00:00 2001 From: arshiya-moengage Date: Thu, 19 Feb 2026 21:11:35 +0530 Subject: [PATCH 1/3] MOEN-43151: npm OIDC token management update for CI/CD --- .github/workflows/release.yml | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b881937..7b919cd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,15 +5,19 @@ on: inputs: releaseNotes: type: string - description: 'Enter the Release note' + description: "Enter the Release note" required: true releaseTicket: type: string - description: 'Enter the Release ticket' + description: "Enter the Release ticket" required: true + +permissions: + id-token: write # Required for OIDC + contents: read # push: # on push to master branch - # branches: - # - master + # branches: + # - master jobs: release: @@ -27,10 +31,10 @@ jobs: path: sdk-automation-scripts token: ${{ secrets.SDK_BOT_ACCESS_TOKEN }} - name: Automation script setup - uses: ./sdk-automation-scripts/actions/npm-repository-setup + uses: ./sdk-automation-scripts/actions/npm-repository-setup - name: Checkout code uses: actions/checkout@v3 - with: + with: path: source fetch-depth: 0 fetch-tags: true @@ -45,9 +49,8 @@ jobs: run: | .github/scripts/release.main.kts ${{ github.event.inputs.releaseNotes }} ${{ github.event.inputs.releaseTicket }} env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} GH_TOKEN: ${{ github.token }} - name: Notify release working-directory: source run: | - kotlin .github/scripts/notify-release.main.kts ${{ github.event.inputs.releaseNotes }} \ No newline at end of file + kotlin .github/scripts/notify-release.main.kts ${{ github.event.inputs.releaseNotes }} From 5d86d113f2078f9538ba01b3a13388415fe52bcf Mon Sep 17 00:00:00 2001 From: arshiya-moengage Date: Fri, 20 Feb 2026 15:24:44 +0530 Subject: [PATCH 2/3] cosmetic error --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7b919cd..ffccd6c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,7 +5,7 @@ on: inputs: releaseNotes: type: string - description: "Enter the Release note" + description: 'Enter the Release note' required: true releaseTicket: type: string From 888b0025b27b8937a7686fd7a10c9efef073e98a Mon Sep 17 00:00:00 2001 From: arshiya-moengage Date: Fri, 20 Feb 2026 17:19:05 +0530 Subject: [PATCH 3/3] cosmetic --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ffccd6c..dcd8be5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,7 +9,7 @@ on: required: true releaseTicket: type: string - description: "Enter the Release ticket" + description: 'Enter the Release ticket' required: true permissions: @@ -22,7 +22,7 @@ permissions: jobs: release: runs-on: ubuntu-latest - if: contains(fromJSON('["umangmoe", "arshiya-moengage", "badri-engg-data"]'), github.actor) + if: contains(fromJSON('["umangmoe", "arshiya-moengage"]'), github.actor) steps: - name: Checkout sdk automation scripts uses: actions/checkout@v3