From 1bbd38c629f0e587efd0ed035e7c92ce45e87797 Mon Sep 17 00:00:00 2001 From: Jason Dent Date: Sun, 16 Nov 2025 08:43:57 +0100 Subject: [PATCH] chore: Use new NPM trusted publishing --- .github/dependabot.yml | 42 ++------------- .github/workflows/publish-docker-image.yml | 12 +++++ .github/workflows/release-please.yml | 13 +++-- .github/workflows/update-dependabot.yml | 59 ---------------------- .prettierrc.yaml | 2 + 5 files changed, 27 insertions(+), 101 deletions(-) delete mode 100644 .github/workflows/update-dependabot.yml create mode 100644 .prettierrc.yaml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 2312eb2..797854a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -13,44 +13,8 @@ updates: - package-ecosystem: "github-actions" # Workflow files stored in the # default location of `.github/workflows` - directory: "/" + directories: + - "/" + - "/.github/actions/*" schedule: interval: "daily" - - - package-ecosystem: "npm" # See documentation for possible values - directory: "/" # Location of package manifests - target-branch: "cspell4" - schedule: - interval: "weekly" - - - package-ecosystem: "github-actions" - # Workflow files stored in the - # default location of `.github/workflows` - directory: "/" - target-branch: "cspell4" - schedule: - interval: "daily" - - # Automatically added by streetsidesoftware/public/update-dependabot-github-actions - - package-ecosystem: github-actions - directory: /.github/actions/setup - schedule: - interval: daily - commit-message: - prefix: ci - - # Automatically added by streetsidesoftware/public/update-dependabot-github-actions - - package-ecosystem: github-actions - directory: /.github/actions/pr - schedule: - interval: daily - commit-message: - prefix: ci - - # Automatically added by streetsidesoftware/public/update-dependabot-github-actions - - package-ecosystem: github-actions - directory: /.github/actions/github-app-token - schedule: - interval: daily - commit-message: - prefix: ci diff --git a/.github/workflows/publish-docker-image.yml b/.github/workflows/publish-docker-image.yml index e4b1cf4..93a0c88 100644 --- a/.github/workflows/publish-docker-image.yml +++ b/.github/workflows/publish-docker-image.yml @@ -15,7 +15,17 @@ on: - "no" default: "no" required: false + ref: + description: "Reference / tag to publish" + required: false + type: string + workflow_call: + inputs: + ref: + description: "Reference / tag to publish" + required: true + type: string env: REGISTRY: ghcr.io @@ -35,6 +45,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v5 + with: + ref: ${{ github.event.inputs.ref || github.ref }} - name: CSpell Version run: | diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index afee9c2..486e5a4 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -9,13 +9,13 @@ on: permissions: contents: write pull-requests: write - id-token: write jobs: release-please: runs-on: ubuntu-latest outputs: release_created: ${{ steps.release.outputs.release_created }} + tag_name: ${{ steps.release.outputs.tag_name }} steps: - uses: googleapis/release-please-action@v4 id: release @@ -30,19 +30,24 @@ jobs: needs: - release-please if: ${{ needs.release-please.outputs.release_created }} + permissions: + contents: read + id-token: write steps: # The logic below handles the npm publication: - uses: actions/checkout@v5 + with: + ref: ${{ needs.release-please.outputs.tag_name }} - name: Setup uses: ./.github/actions/setup with: - node-version: ${{ matrix.node-version }} + node-version: 22.x - run: npm ci - run: npm publish env: - NODE_AUTH_TOKEN: ${{secrets.PUBLISH_NPM}} + NPM_CONFIG_PROVENANCE: true publish-docker: permissions: @@ -51,4 +56,6 @@ jobs: needs: - release-please uses: ./.github/workflows/publish-docker-image.yml + with: + ref: ${{ needs.release-please.outputs.tag_name }} if: ${{ needs.release-please.outputs.release_created }} diff --git a/.github/workflows/update-dependabot.yml b/.github/workflows/update-dependabot.yml deleted file mode 100644 index 7039e65..0000000 --- a/.github/workflows/update-dependabot.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: " 🤖 Update Dependabot" - -on: - workflow_dispatch: - inputs: - base: - description: The Base Ref to apply the diff - required: false - default: "main" - - schedule: - - cron: "0 12 * * *" - -permissions: - contents: read - -jobs: - update-dependabot: - runs-on: ubuntu-latest - env: - NEW_BRANCH: update-dependabot-${{ inputs.base || 'main' }} - REF_BRANCH: ${{ inputs.base || 'main' }} - PR_TYPE: ci - steps: - - name: Checkout code - uses: actions/checkout@v5 - with: - ref: ${{ env.REF_BRANCH }} - - - name: Setup - uses: ./.github/actions/setup - - - name: Run Action - id: dependabot - uses: streetsidesoftware/actions/public/update-dependabot-github-actions@v1 - with: - prefix: ci - - - name: Echo Result - env: - SUMMARY: ${{ steps.dependabot.outputs.summary }} - run: | - echo "$SUMMARY" - - - name: Prettier - run: | - npm i - npx prettier .github/dependabot.yml --write - - - name: PR - uses: streetsidesoftware/actions/.github/actions/pr@v1 - with: - commit-message: "${{ env.PR_TYPE }}: Workflow Bot -- Update dependabot.yml" - branch: ${{ env.NEW_BRANCH }} - base: ${{ env.REF_BRANCH }} - title: "${{ env.PR_TYPE }}: Workflow Bot -- Update dependabot.yml (${{ env.REF_BRANCH }})" - body: ${{ steps.dependabot.outputs.summary }} - app_id: ${{ secrets.AUTOMATION_APP_ID }} - app_private_key: ${{ secrets.AUTOMATION_PRIVATE_KEY }} diff --git a/.prettierrc.yaml b/.prettierrc.yaml new file mode 100644 index 0000000..4a5d91a --- /dev/null +++ b/.prettierrc.yaml @@ -0,0 +1,2 @@ +singleQuote: false +semi: true