chore(ci): update workflows to initialize and stop Nx Cloud sessions

Author: matteobruni

.github/workflows/nodejs.yml

@@ -16,7 +16,6 @@ jobs:
     steps:
       - uses: actions/checkout@v6
         with:
-          # Gestisce sia push che pull request correttamente
           ref: ${{ github.event.pull_request.head.ref || github.ref }}
           repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }}
           fetch-depth: 0
@@ -32,11 +31,13 @@ jobs:
         with:
           run_install: false
 
+      - name: Initialize Nx Cloud
+        run: npx nx-cloud start-ci-run --distribute-on="5 linux-medium-js"
+
       - name: Setup pnpm cache
         uses: actions/cache@v5
         with:
-          path: |
-            ~/.pnpm-store
+          path: ~/.pnpm-store
           key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
 
       - name: Install dependencies
@@ -48,7 +49,6 @@ jobs:
       - name: Build packages
         run: npx nx affected -t build:ci
 
-      # Deploy Produzione (Solo su push su main)
       - if: env.firebaseToken != '' && github.ref == 'refs/heads/main' && github.event_name == 'push'
         uses: FirebaseExtended/action-hosting-deploy@v0
         with:
@@ -57,13 +57,13 @@ jobs:
           projectId: tsparticles
           channelId: live
 
-      # Deploy Preview (Solo per PR di matteobruni)
       - if: env.firebaseToken != '' && github.event_name == 'pull_request' && github.actor == 'matteobruni'
         uses: FirebaseExtended/action-hosting-deploy@v0
         with:
           repoToken: '${{ secrets.GITHUB_TOKEN }}'
           firebaseServiceAccount: '${{ secrets.FIREBASE_SERVICE_ACCOUNT_TSPARTICLES }}'
           projectId: tsparticles
 
-      - run: npx nx fix-ci
-        if: always() # IMPORTANT: Always run
+      - name: Stop Nx Cloud Session
+        run: npx nx fix-ci
+        if: always()

.github/workflows/npm-publish.yml

@@ -19,18 +19,24 @@ jobs:
 
     steps:
       - uses: actions/checkout@v6
+        name: Checkout Source
         with:
           fetch-depth: 0
 
       - uses: actions/setup-node@v6
+        name: Setup Node.js
         with:
           node-version: 24
           registry-url: https://registry.npmjs.org
 
-      - uses: pnpm/action-setup@v4
+      - uses: pnpm/action-setup@v4.2.0
+        name: Install pnpm
         with:
           run_install: false
 
+      - name: Initialize Nx Cloud
+        run: npx nx-cloud start-ci-run --distribute-on="5 linux-medium-js"
+
       - name: Get pnpm store directory
         id: pnpm-cache
         run: |
@@ -44,29 +50,28 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-pnpm-store-
 
-      - name: Initialize Nx Cloud
-        run: npx nx-cloud start-ci-run --distribute-on="5 linux-medium-js"
-
       - name: Install Dependencies
         run: pnpm ci
 
       - name: Build All Packages
-        run: npx lerna run build:ci
+        run: npx nx run-many -t build:ci
         env:
           CI: true
 
-      - name: Publish
+      - name: Publish to NPM (OIDC Auth)
         run: |
-          npm config set //registry.npmjs.org/:_authToken ""
-          
           TAG="${GITHUB_REF#refs/tags/}"
           
-          BASE_CMD="lerna publish from-package --ignore-scripts"
+          # --provenance: Fondamentale per OIDC e sicurezza nel 2026
+          # --yes: Evita blocchi interattivi in CI
+          BASE_CMD="npx lerna publish from-package --ignore-scripts --provenance --yes"
+
+          echo "Publishing tag: $TAG via OIDC"
 
           if [[ "$TAG" == *"-alpha."* ]]; then
-            $BASE_CMD --pre-dist-tag alpha --preid alpha
+            $BASE_CMD --dist-tag alpha
           elif [[ "$TAG" == *"-beta."* ]]; then
-            $BASE_CMD --pre-dist-tag beta --preid beta
+            $BASE_CMD --dist-tag beta
           elif [[ "$TAG" == v1* ]]; then
             $BASE_CMD --dist-tag v1
           elif [[ "$TAG" == v2* ]]; then
@@ -77,5 +82,6 @@ jobs:
             $BASE_CMD
           fi
 
-      - run: npx nx fix-ci
-        if: always() # IMPORTANT: Always run
+      - name: Stop Nx Cloud Session
+        run: npx nx fix-ci
+        if: always()