IABTechLab · clarkxuyang · Oct 1, 2025 · Sep 30, 2025 · Sep 30, 2025 · Sep 30, 2025
diff --git a/.github/actions/cdn_deployment_aws/action.yaml b/.github/actions/cdn_deployment_aws/action.yaml
@@ -1,9 +1,6 @@
 name: CDN Deployment for AWS
 description: Deploys to AWS CDN and optionally invalidates the path in CloudFront
 inputs:
-  environment:
-    description: Environment to deploy to
-    default: 'integ'
   artifact:
     description: Name of the artifact
     required: true

diff --git a/.github/workflows/publish-package-to-cdn.yml b/.github/workflows/publish-package-to-cdn.yml
@@ -0,0 +1,189 @@
+name: Release SDK Package to NPM and CDN (v2)
+run-name: ${{ inputs.release_type == 'Snapshot' && 'Publish Pre-release' || format('Release {0}', inputs.release_type)}} SDK Package to NPM and CDN by @${{ github.actor }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_type:
+        type: choice
+        description: The type of release
+        options:
+          - Major
+          - Minor
+          - Patch
+          - Snapshot
+        required: true
+      with_tag:
+        description: By default, running npm publish will tag your package with the latest dist-tag. To use another dist-tag, please add tag here
+        required: false
+      publish_to_npm:
+        type: boolean
+        description: Publish package to NPM (In general, always release to both)
+        required: false
+        default: true
+      publish_to_cdn:
+        type: boolean
+        description: Publish package to CDN (In general, always release to both)
+        required: false
+        default: true
+
+jobs:
+  incrementVersionNumber:
+    uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-increase-version-number.yaml@v2
+    with:
+      release_type: ${{ inputs.release_type }}
+    secrets: inherit
+
+  build:
+    runs-on: ubuntu-latest
+    needs: [incrementVersionNumber]
+    strategy:
+      matrix:
+        node-version: [20.x]
+        target: [development, production]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }}
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+      - name: Get Package Version
+        id: version
+        run: |
+          echo "package_version=$(cat package.json | jq -r '.version')" >> $GITHUB_OUTPUT
+      - name: Install dependencies
+        run: npm install
+      - name: Build script
+        run: npm run build -- --mode=${{ matrix.target }}
+      - uses: actions/upload-artifact@v4
+        if: inputs.publish_to_cdn
+        with:
+          name: uid2SDK-${{ matrix.target }}-${{ steps.version.outputs.package_version }}
+          path: ./dist/uid2-sdk-${{ steps.version.outputs.package_version }}.js
+      - uses: actions/upload-artifact@v4
+        if: inputs.publish_to_cdn
+        with:
+          name: euidSDK-${{ matrix.target }}-${{ steps.version.outputs.package_version }}
+          path: ./dist/euid-sdk-${{ steps.version.outputs.package_version }}.js
+    outputs:
+      sdkVersion: ${{ steps.version.outputs.package_version }}
+
+  createNpmJsRelease:
+    needs: [incrementVersionNumber, build]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Build Changelog
+        id: github_release_changelog
+        uses: mikepenz/release-changelog-builder-action@v4
+        with:
+          toTag: v${{ needs.incrementVersionNumber.outputs.new_version }}
+          configurationJson: |
+            {
+              "pr_template": " - #{{TITLE}} - ( PR: ##{{NUMBER}} )"
+            }
+      - name: Create Release Notes
+        uses: softprops/action-gh-release@v2
+        with:
+          name: v${{ needs.incrementVersionNumber.outputs.new_version }}
+          body: ${{ steps.github_release_changelog.outputs.changelog }}
+          draft: true
+
+  publish-package:
+    if: inputs.publish_to_npm
+    needs: [build, incrementVersionNumber]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }}
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          registry-url: 'https://registry.npmjs.org'
+          scope: uid2
+      - run: npm ci
+      - name: Build package
+        run: npm run build-package
+      - name: Publish Latest package
+        if: ${{!github.event.inputs.with_tag}}
+        run: |
+          npm publish ./dist/uid2-npm --access public
+          npm publish ./dist/euid-npm --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+      - name: Publish Latest package with tag
+        if: ${{github.event.inputs.with_tag}}
+        run: |
+          npm publish ./dist/uid2-npm --tag ${{github.event.inputs.with_tag}} --access public
+          npm publish ./dist/euid-npm --tag ${{github.event.inputs.with_tag}} --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  # Test Environment - UID2 only first
+  cdn-deployment-test:
+    if: inputs.publish_to_cdn
+    needs: [build, incrementVersionNumber]
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    environment: test
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }}
+      - uses: ./.github/actions/cdn_deployment_aws
+        with:
+          artifact: uid2SDK-development-${{ needs.build.outputs.sdkVersion}}
+          invalidate_paths: '/uid2-sdk-${{ needs.build.outputs.sdkVersion}}.js'
+          aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
+          aws_bucket_name: ${{ secrets.S3_BUCKET }}
+          aws_distribution_id: ${{ secrets.AWS_DISTRIBUTION_ID }}
+
+  approval-to-deploy:
+    name: Approval To Deploy
+    needs: [cdn-deployment-test]
+    runs-on: ubuntu-latest
+    environment: production
+    steps:
+      - name: Approval to deploy
+        shell: bash
+        run: echo "Approved"
+
+  # Consolidated CDN Deployment with Matrix
+  cdn-deployment:
+    if: inputs.publish_to_cdn
+    needs: [build, incrementVersionNumber, approval-to-deploy]
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    strategy:
+      matrix:
+        include:
+          # UID2 Environments
+          - product: uid2
+            github_env: uid2-integ
+            build_type: development
+          - product: uid2
+            github_env: uid2-prod
+            build_type: production
+          # EUID Environments
+          - product: euid
+            github_env: euid-integ
+            build_type: development
+          - product: euid
+            github_env: euid-prod
+            build_type: production
+    environment: ${{ matrix.github_env }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.incrementVersionNumber.outputs.git_tag_or_hash }}
+      - uses: ./.github/actions/cdn_deployment_aws
+        with:
+          artifact: ${{ matrix.product }}SDK-${{ matrix.build_type }}-${{ needs.build.outputs.sdkVersion}}
+          invalidate_paths: '/${{ matrix.product }}-sdk-${{ needs.build.outputs.sdkVersion}}.js'
+          aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
+          aws_bucket_name: ${{ secrets.S3_BUCKET }}
+          aws_distribution_id: ${{ secrets.AWS_DISTRIBUTION_ID }}
diff --git a/.github/workflows/secureSignal-cd.yaml b/.github/workflows/secureSignal-cd.yaml
@@ -74,7 +74,6 @@ jobs:
       - name: Deploy UID2 Secure Signals to CDN
         uses: ./.github/actions/cdn_deployment_aws
         with:
-          environment: ${{ matrix.environment }}
           artifact: ${{ (matrix.environment == 'integ' && 'development') || matrix.environment }}Uid2SecureSignalScript
           invalidate_paths: '/uid2SecureSignal.js'
           aws_account_id: ${{ vars.AWS_ACCOUNT_ID }}
@@ -83,7 +82,6 @@ jobs:
       - name: Deploy EUID Secure Signals to CDN
         uses: ./.github/actions/cdn_deployment_aws
         with:
-          environment: ${{ matrix.environment }}
           artifact: ${{ (matrix.environment == 'integ' && 'development') || matrix.environment }}EuidSecureSignalScript
           invalidate_paths: '/euidSecureSignal.js'
           aws_account_id: ${{ vars.EUID_AWS_ACCOUNT_ID }}

diff --git a/.github/workflows/secureSignal-to-cdn.yaml b/.github/workflows/secureSignal-to-cdn.yaml
@@ -0,0 +1,126 @@
+name: Release UID2/EUID Secure Signal Package to CDN (Five Environments)
+run-name: ${{ github.action_ref == 'refs/head/main' && 'Release' || 'Publish Pre-release' }} UID2/EUID Secure Signal Package to CDN (Five Environments) by @${{ github.actor }}
+
+on:
+  workflow_dispatch:
+
+env:
+  WORKING_DIR: ./
+
+jobs:
+  verify:
+    runs-on: ubuntu-latest
+    outputs:
+      uid2_modified: ${{ steps.verify_uid2.outputs.any_modified }}
+      euid_modified: ${{ steps.verify_euid.outputs.any_modified }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check for change to src/secureSignalUid2.ts
+        id: verify_uid2
+        uses: tj-actions/changed-files@v41
+        with:
+          files: src/secureSignalUid2.ts
+      - name: Check for change to src/secureSignalEuid.ts
+        id: verify_euid
+        uses: tj-actions/changed-files@v41
+        with:
+          files: src/secureSignalEuid.ts
+
+  build:
+    needs: [verify]
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [20.x]
+        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
+        target: [development, production]
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+          cache-dependency-path: ${{ env.WORKING_DIR }}/package-lock.json
+      - name: Install dependencies
+        run: npm install
+      - name: Build
+        run: npm run build:esp -- --mode=${{ matrix.target }}
+      - name: Upload UID2 Secure Signals Files
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.target }}Uid2SecureSignalScript
+          path: ./dist/uid2SecureSignal.js
+      - name: Upload EUID Secure Signals Files
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.target }}EuidSecureSignalScript
+          path: ./dist/euidSecureSignal.js
+
+  # Test Environment - UID2 only (first deployment)
+  deployment-test:
+    needs: [build]
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    environment: test
+    steps:
+      - uses: actions/checkout@v4
+      - name: Deploy UID2 Secure Signals to Test CDN
+        uses: ./.github/actions/cdn_deployment_aws
+        with:
+          artifact: developmentUid2SecureSignalScript
+          invalidate_paths: '/uid2SecureSignal.js'
+          aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
+          aws_bucket_name: ${{ secrets.S3_BUCKET }}
+          aws_distribution_id: ${{ secrets.AWS_DISTRIBUTION_ID }}
+
+  approval-to-deploy:
+    name: Approval To Deploy to All Environments
+    needs: [deployment-test]
+    runs-on: ubuntu-latest
+    environment: production
+    steps:
+      - name: Approval to deploy
+        shell: bash
+        run: echo "Approved for deployment to all environments"
+
+  # Matrix Deployment for All Environments
+  deployment-matrix:
+    needs: [build, approval-to-deploy]
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    strategy:
+      matrix:
+        include:
+          # UID2 Environments
+          - product: uid2
+            github_env: uid2-integ
+            build_type: development
+            file_name: uid2SecureSignal.js
+          - product: uid2
+            github_env: uid2-prod
+            build_type: production
+            file_name: uid2SecureSignal.js
+          # EUID Environments
+          - product: euid
+            github_env: euid-integ
+            build_type: development
+            file_name: euidSecureSignal.js
+          - product: euid
+            github_env: euid-prod
+            build_type: production
+            file_name: euidSecureSignal.js
+    environment: ${{ matrix.github_env }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Deploy ${{ matrix.product == 'uid2' && 'UID2' || 'EUID' }} Secure Signals to ${{ matrix.build_type == 'development' && 'Integration' || 'Production' }} CDN
+        uses: ./.github/actions/cdn_deployment_aws
+        with:
+          artifact: ${{ matrix.build_type }}${{ matrix.product == 'uid2' && 'Uid2' || 'Euid' }}SecureSignalScript
+          invalidate_paths: '/${{ matrix.file_name }}'
+          aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
+          aws_bucket_name: ${{ secrets.S3_BUCKET }}
+          aws_distribution_id: ${{ secrets.AWS_DISTRIBUTION_ID }}