From 08162101ba747b91c33ab2fb6902f5c76afda439 Mon Sep 17 00:00:00 2001
From: Hanric <TwoHeal@163.com>
Date: Wed, 3 Sep 2025 19:10:42 +0800
Subject: [PATCH] Revert "chore: enable trusted publishing for npm packages
 (#4039)"

This reverts commit f045a458fcadc4b5859cafd6c198d07749b0cb04.
---
 .github/workflows/preview.yml        | 51 ----------------------------
 .github/workflows/release.yml        | 44 ++++++++++--------------
 packages/cli/package.json            |  1 +
 packages/rsbuild-plugin/package.json |  1 +
 4 files changed, 20 insertions(+), 77 deletions(-)
 delete mode 100644 .github/workflows/preview.yml

diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml
deleted file mode 100644
index 7c5f7b942d1..00000000000
--- a/.github/workflows/preview.yml
+++ /dev/null
@@ -1,51 +0,0 @@
-# https://github.com/stackblitz-labs/pkg.pr.new
-name: Preview Release
-
-on:
-  push:
-    branches: [main]
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  preview:
-    if: github.repository == 'module-federation/core'
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 25
-
-      - name: Setup Node.js 18
-        uses: actions/setup-node@v4
-        with:
-          node-version: '18'
-          cache: 'pnpm'
-
-      # Update npm to the latest version to enable OIDC
-      # Use corepack to install pnpm
-      - name: Setup Package Managers
-        run: |
-          npm install -g npm@latest
-          npm --version
-          npm install -g corepack@latest --force
-          corepack prepare pnpm@8.11.0 --activate
-          corepack enable
-
-      - name: Install deps
-        run: pnpm install
-
-      - name: Build and test Packages
-        run: |
-          git fetch origin main
-          npx nx run-many --targets=build --projects=tag:type:pkg --skip-nx-cache
-          ls -l packages/*/dist packages/*/package.json
-
-      - name: Publish Preview
-        run: |
-          npm i -g pkg-pr-new@0.0.58
-          pkg-pr-new publish --compact --pnpm ./packages/*
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d155aabfae3..b6caed555d9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -25,29 +25,23 @@ jobs:
     name: Release
     if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'push' }}
     runs-on: ubuntu-latest
-    environment: npm
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
         with:
           fetch-depth: 25
 
+      - name: Install Pnpm
+        run: |
+          corepack prepare pnpm@8.11.0 --activate
+          corepack enable
+
       - name: Setup Node.js 18
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v3
         with:
           node-version: '18'
           cache: 'pnpm'
 
-      # Update npm to the latest version to enable OIDC
-      # Use corepack to install pnpm
-      - name: Setup Package Managers
-        run: |
-          npm install -g npm@latest
-          npm --version
-          npm install -g corepack@latest --force
-          corepack prepare pnpm@8.11.0 --activate
-          corepack enable
-
       - name: Install deps
         run: pnpm install
 
@@ -57,17 +51,15 @@ jobs:
           npx nx run-many --targets=build --projects=tag:type:pkg --skip-nx-cache
           ls -l packages/*/dist packages/*/package.json
 
-      - uses: actions/github-script@v7
-        id: version_to_release
+      - name: Release
+        uses: module-federation/actions@v2
         with:
-          result-encoding: string
-          script: |
-            const fs = require('fs');
-            const packageJson = JSON.parse(fs.readFileSync('./packages/runtime/package.json', 'utf8'));
-            return 'v' + packageJson.version;
-
-      - name: Publish to npm
-        run: |
-          git tag ${{ steps.version_to_release.outputs.result }}
-          git push origin ${{ steps.version_to_release.outputs.result }}
-          pnpm -r publish --tag ${{ github.event.inputs.npm_tag }} --publish-branch ${{ github.event.inputs.branch }}
+          version: ${{ github.event.inputs.version  || 'next' }}
+          branch: ${{ github.event.inputs.branch }}
+          type: 'release'
+          tools: 'changeset'
+        env:
+          GITHUB_TOKEN: ${{ secrets.REPO_SCOPED_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          REPOSITORY: ${{ github.repository }}
+          REF: ${{ github.ref }}
diff --git a/packages/cli/package.json b/packages/cli/package.json
index f22918a7660..46bddffed1c 100644
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -37,6 +37,7 @@
   },
   "publishConfig": {
     "access": "public",
+    "provenance": true,
     "registry": "https://registry.npmjs.org/"
   }
 }
diff --git a/packages/rsbuild-plugin/package.json b/packages/rsbuild-plugin/package.json
index a2b2a55dce0..c1d254db97d 100644
--- a/packages/rsbuild-plugin/package.json
+++ b/packages/rsbuild-plugin/package.json
@@ -70,6 +70,7 @@
   },
   "publishConfig": {
     "access": "public",
+    "provenance": true,
     "registry": "https://registry.npmjs.org/"
   }
 }