Merge branch 'master' into dependabot/npm_and_yarn/form-data-2.5.5

Author: aviadhahami

.github/workflows/publish.yaml

@@ -1,65 +1,81 @@
-name: Publish to NPM
+name: Publish NPM and Release (on merged PR)
 
 on:
-  workflow_dispatch:
-    inputs:
-      semver:
-        description: "The semantic version to bump"
-        required: true
-        type: choice
-        options:
-          - patch
-          - minor
-          - major
-        default: "patch"
-      nodeVersion:
-        description: "The Node.js version to use"
-        required: true
-        type: choice
-        options:
-          - "18.x"
-          - "20.x"
-          - "22.x"
-        default: "18.x"
+  pull_request:
+    types:
+      - closed
 
 jobs:
   release:
+    if: ${{ github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'master' }}
     permissions:
       contents: write
+      packages: write
+      id-token: write
 
-    # Use the semver as the job name
-    name: "Release ${{ github.event.inputs.semver }}"
+    name: Publish on master (patch)
     runs-on: ubuntu-latest
+    concurrency:
+      group: publish-pr-${{ github.event.pull_request.number }}
+      cancel-in-progress: true
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+          persist-credentials: true
 
       - uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610
         with:
-          node-version: ${{ github.event.inputs.nodeVersion }}
-          registry-url: "https://registry.npmjs.org"
+          node-version: 24
+          registry-url: 'https://registry.npmjs.org'
 
-      - name: Bump and commit version
+      - name: Detect version bump in merged PR
+        id: detect
         run: |
-          git config --global user.email "github-actions[bot]@github.com"
-          git config --global user.name "github-actions[bot]"
-          npm version ${{ github.event.inputs.semver }} --message "chore(release): bump version to %s"
-          git push --follow-tags
+          set -euo pipefail
+          VERSION=$(node -p "require('./package.json').version")
+          PREV_JSON=$(git show HEAD^:package.json 2>/dev/null || true)
+          if [ -z "$PREV_JSON" ]; then
+            echo "No previous package.json found; treating as release"
+            echo "release=true" >> $GITHUB_OUTPUT
+          else
+            PREV_VERSION=$(printf "%s" "$PREV_JSON" | node -e "let s=''; process.stdin.on('data',d=>s+=d); process.stdin.on('end',()=>console.log(JSON.parse(s).version));")
+            echo "current: $VERSION, previous: $PREV_VERSION"
+            if [ "$VERSION" != "$PREV_VERSION" ]; then
+              echo "release=true" >> $GITHUB_OUTPUT
+            else
+              echo "release=false" >> $GITHUB_OUTPUT
+            fi
+          fi
+          echo "VERSION=$VERSION" >> $GITHUB_ENV
 
-      - name: Publish
-        run: npm publish
+      - name: Create annotated tag from package.json and push
+        if: ${{ steps.detect.outputs.release == 'true' }}
         env:
-          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -euo pipefail
+          git config user.email "github-actions[bot]@github.com"
+          git config user.name "github-actions[bot]"
+
+          TAG="v${VERSION}"
+          echo "Creating annotated tag $TAG from current HEAD"
+          git tag -a "$TAG" -m "chore(release): $TAG"
+          git push origin "$TAG"
 
-      - name: Set version as env var
+      - name: Publish to npm (OIDC)
+        if: ${{ steps.detect.outputs.release == 'true' }}
         run: |
-          echo "VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_ENV
+          npm publish
 
-      - uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
-        name: Release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Create GitHub release
+        if: ${{ steps.detect.outputs.release == 'true' }}
+        uses: softprops/action-gh-release@aec2ec56f94eb8180ceec724245f64ef008b89f5
         with:
-          tag_name: ${{ env.VERSION }}
-          release_name: Release ${{ env.VERSION }}
-          draft: false
-          prerelease: false
+          tag_name: v${{ env.VERSION }}
+          name: Release ${{ env.VERSION }}
+
+      - name: No version bump detected — skipping publish
+        if: ${{ steps.detect.outputs.release != 'true' }}
+        run: |
+          echo "No package.json version bump detected in merged PR; skipping tagging and publish."

.github/workflows/update-version.yaml

@@ -0,0 +1,83 @@
+name: Update Version
+
+on:
+  workflow_dispatch:
+    inputs:
+      semver:
+        description: "The semantic version to bump"
+        required: true
+        type: choice
+        options:
+          - patch
+          - minor
+          - major
+        default: "patch"
+      nodeVersion:
+        description: "The Node.js version to use"
+        required: true
+        type: choice
+        options:
+          - "18.x"
+          - "20.x"
+          - "22.x"
+        default: "18.x"
+
+jobs:
+  release:
+    permissions:
+      contents: write
+      pull-requests: read
+
+    name: Update and publish version ${{ github.event.inputs.semver }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
+          persist-credentials: true
+
+      - uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610
+        with:
+          node-version: ${{ github.event.inputs.nodeVersion }}
+          registry-url: "https://registry.npmjs.org"
+
+      - name: Create release branch, bump version and push
+        env:
+          SEMVER: ${{ github.event.inputs.semver }}
+        run: |
+          set -euo pipefail
+          git config --global user.email "github-actions[bot]@github.com"
+          git config --global user.name "github-actions[bot]"
+
+          # Create a unique release branch so the bump commit and tag are isolated
+          BRANCH="release-${SEMVER}-$(date +%s)"
+          git checkout -b "$BRANCH"
+
+
+          # Bump version but do NOT create a git tag on the branch
+          npm version "$SEMVER" --no-git-tag-version --allow-same-version --message "chore(release): bump version to %s"
+
+          # Commit package.json and package-lock.json (if present) and push branch
+          git add package.json package-lock.json || true
+          git commit -m "chore(release): bump version" || true
+          git push --set-upstream origin "$BRANCH"
+
+          # Read the new version for PR title/body and persist values for next step
+          VERSION=$(node -p "require('./package.json').version")
+          echo "BRANCH=$BRANCH" >> $GITHUB_ENV
+          echo "VERSION=$VERSION" >> $GITHUB_ENV
+
+      - name: Provide PR creation link
+        env:
+          GITHUB_REPOSITORY: ${{ github.repository }}
+        run: |
+          set -euo pipefail
+          PR_LINK="https://github.com/${GITHUB_REPOSITORY}/compare/master...${BRANCH}?expand=1"
+          echo "Open this URL to create the PR: ${PR_LINK}"
+          {
+            echo "## Version bump branch created";
+            echo "Branch: ${BRANCH}";
+            echo "Version: ${VERSION}";
+            echo "";
+            echo "[Create the pull request now](${PR_LINK})";
+          } >> "$GITHUB_STEP_SUMMARY"

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "node-vault",
-  "version": "0.10.5",
+  "version": "0.10.8",
   "description": "Javascript client for HashiCorp's Vault",
   "main": "./src/index.js",
   "scripts": {