From 464d6f609d6de718192c5841ff31def5cf4c3ca0 Mon Sep 17 00:00:00 2001 From: Sylvain Joubert Date: Mon, 1 Sep 2025 12:56:27 +0200 Subject: [PATCH 1/2] Remove config with hardcoded invalid user The git config should not be needed in the workflow to publish to the repository anyway --- .github/workflows/publish.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 0203f7a..45a8ebc 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -12,9 +12,8 @@ jobs: with: node-version: '14.x' registry-url: 'https://registry.npmjs.org' - scope: '@cosmotech' + scope: '@cosmotech' - run: yarn - - run: git config --global user.email "vincent.carluer@cosmotech.com" && git config --global user.name "Vincent Carluer" - run: npm version ${{ github.event.release.tag_name }} --allow-same-version - run: npm publish env: From b29a90646cc6cd734eb0141917ba1e9dfeefaf06 Mon Sep 17 00:00:00 2001 From: Sylvain Joubert Date: Mon, 1 Sep 2025 13:00:21 +0200 Subject: [PATCH 2/2] [PROD-14602] Don't use yarn to install dependencies We need to make sure all install are done with the same tools, in particular the ones for the publish workflow and SBOM generation to have a consistent result See https://darekkay.com/blog/npm-yarn-dependency-resolution/ --- .github/workflows/publish.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 45a8ebc..cfa0b28 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -13,7 +13,7 @@ jobs: node-version: '14.x' registry-url: 'https://registry.npmjs.org' scope: '@cosmotech' - - run: yarn + - run: npm install - run: npm version ${{ github.event.release.tag_name }} --allow-same-version - run: npm publish env: