From fc8fe238284f954b7900b5e0312efa6f88037a37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jind=C5=99ich=20B=C3=A4r?= Date: Wed, 12 Nov 2025 09:28:31 +0100 Subject: [PATCH 1/5] chore(theme): enable OIDC-based publishing to npm --- .../{publish-theme.yaml => publish-to-npm.yaml} | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) rename .github/workflows/{publish-theme.yaml => publish-to-npm.yaml} (94%) diff --git a/.github/workflows/publish-theme.yaml b/.github/workflows/publish-to-npm.yaml similarity index 94% rename from .github/workflows/publish-theme.yaml rename to .github/workflows/publish-to-npm.yaml index 2d4dda5c7..3f82796b5 100644 --- a/.github/workflows/publish-theme.yaml +++ b/.github/workflows/publish-to-npm.yaml @@ -17,7 +17,7 @@ jobs: with: fetch-depth: 0 - - name: Use Node.js 22 + - name: Use Node.js uses: actions/setup-node@v6 with: node-version: 24 @@ -45,11 +45,12 @@ jobs: with: token: ${{ secrets.APIFY_SERVICE_ACCOUNT_GITHUB_TOKEN }} - - name: Use Node.js 22 + - name: Use Node.js uses: actions/setup-node@v6 with: node-version: 24 cache: 'npm' + registry-url: 'https://registry.npmjs.org' cache-dependency-path: 'package-lock.json' always-auth: 'true' @@ -62,9 +63,6 @@ jobs: git config --global user.name "Apify Release Bot" git config --global user.email "noreply@apify.com" - echo "access=public" > ~/.npmrc - echo "//registry.npmjs.org/:_authToken=${{ secrets.APIFY_SERVICE_ACCOUNT_NPM_TOKEN }}" >> ~/.npmrc - - name: Bump the theme version run: | cd $GITHUB_WORKSPACE/apify-docs-theme @@ -73,7 +71,7 @@ jobs: - name: Deploy theme to npm run: | cd $GITHUB_WORKSPACE/apify-docs-theme - npx -y publish-if-not-exists + npm publish --provenance env: GIT_USER: "barjin:${{ secrets.APIFY_SERVICE_ACCOUNT_GITHUB_TOKEN }}" GH_TOKEN: ${{ secrets.APIFY_SERVICE_ACCOUNT_GITHUB_TOKEN }} From f8baabd55b6d180182017068cb1c3c36343c6c66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jind=C5=99ich=20B=C3=A4r?= Date: Wed, 12 Nov 2025 09:47:38 +0100 Subject: [PATCH 2/5] chore: set correct permissions --- .github/workflows/publish-to-npm.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/publish-to-npm.yaml b/.github/workflows/publish-to-npm.yaml index 3f82796b5..ac2b608de 100644 --- a/.github/workflows/publish-to-npm.yaml +++ b/.github/workflows/publish-to-npm.yaml @@ -6,6 +6,10 @@ on: - master workflow_dispatch: +permissions: + id-token: write + contents: write + jobs: look_for_change: if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }} From e80e920cb9ede559d7833d7e27ae15eab132e485 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jind=C5=99ich=20B=C3=A4r?= Date: Thu, 13 Nov 2025 11:15:35 +0100 Subject: [PATCH 3/5] chore: apply suggestions --- .github/workflows/publish-to-npm.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/publish-to-npm.yaml b/.github/workflows/publish-to-npm.yaml index ac2b608de..81d88a1d9 100644 --- a/.github/workflows/publish-to-npm.yaml +++ b/.github/workflows/publish-to-npm.yaml @@ -75,10 +75,7 @@ jobs: - name: Deploy theme to npm run: | cd $GITHUB_WORKSPACE/apify-docs-theme - npm publish --provenance - env: - GIT_USER: "barjin:${{ secrets.APIFY_SERVICE_ACCOUNT_GITHUB_TOKEN }}" - GH_TOKEN: ${{ secrets.APIFY_SERVICE_ACCOUNT_GITHUB_TOKEN }} + npm publish - name: Wait until the new theme version is available on npm run: | From e4ecd7c3650f78e53a6f7d486e1587c052206ffb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jind=C5=99ich=20B=C3=A4r?= Date: Thu, 13 Nov 2025 11:26:26 +0100 Subject: [PATCH 4/5] chore(ci): add `repository` entry to theme `package.json` --- apify-docs-theme/package.json | 4 ++++ package-lock.json | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/apify-docs-theme/package.json b/apify-docs-theme/package.json index 7665795f1..9f2e7c74e 100644 --- a/apify-docs-theme/package.json +++ b/apify-docs-theme/package.json @@ -8,6 +8,10 @@ "types", "static" ], + "repository": { + "type": "git", + "url": "git@github.com:apify/apify-docs.git" + }, "scripts": { "test": "echo \"Error: no test specified\" && exit 1", "build": "echo 'Building @apify/docs-theme!'" diff --git a/package-lock.json b/package-lock.json index 1a1010d16..f88d74e38 100644 --- a/package-lock.json +++ b/package-lock.json @@ -63,7 +63,7 @@ }, "apify-docs-theme": { "name": "@apify/docs-theme", - "version": "1.0.222", + "version": "1.0.223", "license": "ISC", "dependencies": { "@apify/docs-search-modal": "^1.3.3", From 5279ca8ed5cdcce16704ff27ccd8afce4fdf7be7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jind=C5=99ich=20B=C3=A4r?= Date: Thu, 13 Nov 2025 11:43:02 +0100 Subject: [PATCH 5/5] chore: use `https` format for `repository` url --- apify-docs-theme/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apify-docs-theme/package.json b/apify-docs-theme/package.json index 9f2e7c74e..183d53f13 100644 --- a/apify-docs-theme/package.json +++ b/apify-docs-theme/package.json @@ -10,7 +10,7 @@ ], "repository": { "type": "git", - "url": "git@github.com:apify/apify-docs.git" + "url": "git+https://github.com/apify/apify-docs.git" }, "scripts": { "test": "echo \"Error: no test specified\" && exit 1",