Node.js,pnpm,lerna-liteをアップデート, パッケージのPublishにOIDC trusted Publishingを設定 #557

cm-dyoshikawa · 2025-10-17T06:27:12Z

pnpmとlernaを最新化することでOIDC trusted Publishingが使用可能になる
別途、npm webコンソール側で OIDC trusted Publishingの設定済み

https://efcl.info/2025/09/07/npm-oidc/

- Update pnpm from v9 to v10 across all workflows - Update Node.js from 18 to 24 in publish workflows - Update minimum Node.js engine from >=14.0.0 to >=22.0.0 in zenn-cli - Update pnpm engine constraint from >=9 <10 to >=10 <11 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>

- Upgrade @lerna-lite/cli from 1.15.1 to 4.9.0 - Add @lerna-lite/version and @lerna-lite/publish as optional dependencies - Version and publish commands became optional since lerna-lite v2.0.0 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>

- Add id-token: write permission for OIDC authentication - Remove NODE_AUTH_TOKEN (NPM_TOKEN) from both workflows - Add --provenance flag to publish commands for package attestation - Apply changes to both publish-canary.yml and publish-latest.yml This enables secure, token-free publishing from GitHub Actions using OpenID Connect and provides verifiable package provenance. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>

cm-dyoshikawa · 2025-10-17T08:08:22Z

.github/workflows/publish-canary.yml

+    permissions:
+      contents: read
+      id-token: write


OIDC Trusted Publishingで必要な設定
https://github.com/lerna-lite/lerna-lite/tree/main/packages/publish#oidc
https://github.com/lerna-lite-test/oidc/blob/main/.github/workflows/release.yml

cm-dyoshikawa · 2025-10-17T08:09:17Z

.github/workflows/publish-canary.yml


      - name: Publish canary
-        run: pnpm lerna publish from-package --yes --pre-dist-tag canary
+        run: pnpm lerna publish from-package --yes --pre-dist-tag canary --provenance


--provenance は署名機能（ONが推奨っぽい）

https://zenn.dev/bicstone/articles/npm-provenance
https://docs.npmjs.com/generating-provenance-statements

cm-dyoshikawa · 2025-10-17T08:09:44Z

package.json

+    "@lerna-lite/cli": "^4.9.0",
+    "@lerna-lite/publish": "^4.9.0",
+    "@lerna-lite/version": "^4.9.0",


アップデートで publish と version のパッケージが分離されたので、明示的にインストールが必要

cm-wada-yusuke

LGTMです！内容変えずに、一度この状態ですべてのパッケージをビルド・リリースしたいですね

cm-dyoshikawa added the enhancement 機能以外の改善 label Oct 17, 2025

cm-dyoshikawa and others added 2 commits October 17, 2025 00:42

cm-dyoshikawa changed the title ~~chore: update Node.js and pnpm versions~~ Node.js,pnpm,lerna-liteをアップデート Oct 17, 2025

cm-dyoshikawa commented Oct 17, 2025

View reviewed changes

cm-dyoshikawa requested review from cm-igarashi-ryosuke and cm-wada-yusuke October 17, 2025 08:10

cm-dyoshikawa marked this pull request as ready for review October 17, 2025 08:10

cm-dyoshikawa changed the title ~~Node.js,pnpm,lerna-liteをアップデート~~ Node.js,pnpm,lerna-liteをアップデート, パッケージのPublishにOIDC trusted Publishingを設定 Oct 17, 2025

cm-wada-yusuke approved these changes Oct 17, 2025

View reviewed changes

cm-dyoshikawa merged commit 3b38807 into canary Oct 17, 2025
3 checks passed

cm-wada-yusuke deleted the node-pnpm-update branch October 17, 2025 08:17

cm-dyoshikawa mentioned this pull request Oct 20, 2025

release 0.2.4 #561

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Node.js,pnpm,lerna-liteをアップデート, パッケージのPublishにOIDC trusted Publishingを設定 #557

Node.js,pnpm,lerna-liteをアップデート, パッケージのPublishにOIDC trusted Publishingを設定 #557

Uh oh!

cm-dyoshikawa commented Oct 17, 2025 •

edited

Loading

Uh oh!

cm-dyoshikawa Oct 17, 2025

Uh oh!

cm-dyoshikawa Oct 17, 2025

Uh oh!

cm-dyoshikawa Oct 17, 2025 •

edited

Loading

Uh oh!

cm-wada-yusuke left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Node.js,pnpm,lerna-liteをアップデート, パッケージのPublishにOIDC trusted Publishingを設定 #557

Node.js,pnpm,lerna-liteをアップデート, パッケージのPublishにOIDC trusted Publishingを設定 #557

Uh oh!

Conversation

cm-dyoshikawa commented Oct 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

cm-dyoshikawa Oct 17, 2025

Choose a reason for hiding this comment

Uh oh!

cm-dyoshikawa Oct 17, 2025

Choose a reason for hiding this comment

Uh oh!

cm-dyoshikawa Oct 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

cm-wada-yusuke left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

cm-dyoshikawa commented Oct 17, 2025 •

edited

Loading

cm-dyoshikawa Oct 17, 2025 •

edited

Loading