From 2a7f49b7e049b34265dac963ec0f852b9622e9ec Mon Sep 17 00:00:00 2001 From: 2heal1 Date: Wed, 3 Sep 2025 15:18:55 +0800 Subject: [PATCH 1/3] chore: enable trusted publishing for npm packages --- .github/workflows/preview.yml | 49 +++++++++++++++++++++++++++++++++++ .github/workflows/release.yml | 44 ++++++++++++++++++------------- 2 files changed, 75 insertions(+), 18 deletions(-) create mode 100644 .github/workflows/preview.yml diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml new file mode 100644 index 00000000000..5038f6764cc --- /dev/null +++ b/.github/workflows/preview.yml @@ -0,0 +1,49 @@ +# https://github.com/stackblitz-labs/pkg.pr.new +name: Preview Release + +on: + push: + branches: [main] + workflow_dispatch: + +permissions: + contents: read + +jobs: + preview: + if: github.repository == 'module-federation/core' + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 25 + + - name: Setup Node.js 18 + uses: actions/setup-node@v4 + with: + node-version: '18' + cache: 'pnpm' + + # Update npm to the latest version to enable OIDC + # Use corepack to install pnpm + - name: Setup Package Managers + run: | + npm install -g npm@latest + npm --version + npm install -g corepack@latest --force + corepack prepare pnpm@8.11.0 --activate + corepack enable + + - name: Install deps + run: pnpm install + + - name: Build and test Packages + run: | + git fetch origin main + npx nx run-many --targets=build --projects=tag:type:pkg --skip-nx-cache + ls -l packages/*/dist packages/*/package.json + + - name: Publish Preview + run: pnpx pkg-pr-new publish --compact --pnpm ./packages/* diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b6caed555d9..d155aabfae3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,23 +25,29 @@ jobs: name: Release if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'push' }} runs-on: ubuntu-latest + environment: npm steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 25 - - name: Install Pnpm - run: | - corepack prepare pnpm@8.11.0 --activate - corepack enable - - name: Setup Node.js 18 - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: '18' cache: 'pnpm' + # Update npm to the latest version to enable OIDC + # Use corepack to install pnpm + - name: Setup Package Managers + run: | + npm install -g npm@latest + npm --version + npm install -g corepack@latest --force + corepack prepare pnpm@8.11.0 --activate + corepack enable + - name: Install deps run: pnpm install @@ -51,15 +57,17 @@ jobs: npx nx run-many --targets=build --projects=tag:type:pkg --skip-nx-cache ls -l packages/*/dist packages/*/package.json - - name: Release - uses: module-federation/actions@v2 + - uses: actions/github-script@v7 + id: version_to_release with: - version: ${{ github.event.inputs.version || 'next' }} - branch: ${{ github.event.inputs.branch }} - type: 'release' - tools: 'changeset' - env: - GITHUB_TOKEN: ${{ secrets.REPO_SCOPED_TOKEN }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - REPOSITORY: ${{ github.repository }} - REF: ${{ github.ref }} + result-encoding: string + script: | + const fs = require('fs'); + const packageJson = JSON.parse(fs.readFileSync('./packages/runtime/package.json', 'utf8')); + return 'v' + packageJson.version; + + - name: Publish to npm + run: | + git tag ${{ steps.version_to_release.outputs.result }} + git push origin ${{ steps.version_to_release.outputs.result }} + pnpm -r publish --tag ${{ github.event.inputs.npm_tag }} --publish-branch ${{ github.event.inputs.branch }} From dfd9e44fa1ba19ef6ee2de820b8271b81d9ce2c9 Mon Sep 17 00:00:00 2001 From: 2heal1 Date: Wed, 3 Sep 2025 15:20:12 +0800 Subject: [PATCH 2/3] chore: remove provenance field --- packages/cli/package.json | 1 - packages/rsbuild-plugin/package.json | 1 - 2 files changed, 2 deletions(-) diff --git a/packages/cli/package.json b/packages/cli/package.json index 46bddffed1c..f22918a7660 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -37,7 +37,6 @@ }, "publishConfig": { "access": "public", - "provenance": true, "registry": "https://registry.npmjs.org/" } } diff --git a/packages/rsbuild-plugin/package.json b/packages/rsbuild-plugin/package.json index c1d254db97d..a2b2a55dce0 100644 --- a/packages/rsbuild-plugin/package.json +++ b/packages/rsbuild-plugin/package.json @@ -70,7 +70,6 @@ }, "publishConfig": { "access": "public", - "provenance": true, "registry": "https://registry.npmjs.org/" } } From 96b102c94083c2587a40fc1a734a64457e4c94ec Mon Sep 17 00:00:00 2001 From: 2heal1 Date: Wed, 3 Sep 2025 16:24:36 +0800 Subject: [PATCH 3/3] chore: install specific version pkg-pr-new --- .github/workflows/preview.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml index 5038f6764cc..7c5f7b942d1 100644 --- a/.github/workflows/preview.yml +++ b/.github/workflows/preview.yml @@ -46,4 +46,6 @@ jobs: ls -l packages/*/dist packages/*/package.json - name: Publish Preview - run: pnpx pkg-pr-new publish --compact --pnpm ./packages/* + run: | + npm i -g pkg-pr-new@0.0.58 + pkg-pr-new publish --compact --pnpm ./packages/*