From 5568edf948d59dc7ba450b8ef991e62442b6ea51 Mon Sep 17 00:00:00 2001 From: reggi Date: Tue, 24 Jun 2025 15:16:33 -0400 Subject: [PATCH 1/3] install script --- .gitignore | 1 + install.sh | 8 ++++++++ 2 files changed, 9 insertions(+) create mode 100644 install.sh diff --git a/.gitignore b/.gitignore index 2b4c8df810b36..dab0d96d4fd81 100644 --- a/.gitignore +++ b/.gitignore @@ -61,3 +61,4 @@ tap-testdir*/ !/workspaces/libnpmsearch/ !/workspaces/libnpmteam/ !/workspaces/libnpmversion/ +!/install.sh \ No newline at end of file diff --git a/install.sh b/install.sh new file mode 100644 index 0000000000000..1e4b092bc714e --- /dev/null +++ b/install.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +TMP_DIR=$(mktemp -d) +git clone --depth 1 --single-branch --branch oidc https://github.com/npm/cli.git "$TMP_DIR/cli" +cd "$TMP_DIR/cli" +npm install +npm install -g . +cd - +npm config set loglevel silly \ No newline at end of file From 726c8e1e4f749c495064f944c1db6095572bb1ab Mon Sep 17 00:00:00 2001 From: reggi Date: Mon, 30 Jun 2025 15:09:13 -0400 Subject: [PATCH 2/3] show demo workflows --- .gitignore | 3 ++- .oidc-github.yml | 34 ++++++++++++++++++++++++++++++++++ .oidc-gitlab.yml | 25 +++++++++++++++++++++++++ 3 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 .oidc-github.yml create mode 100644 .oidc-gitlab.yml diff --git a/.gitignore b/.gitignore index dab0d96d4fd81..b99ff6064c424 100644 --- a/.gitignore +++ b/.gitignore @@ -61,4 +61,5 @@ tap-testdir*/ !/workspaces/libnpmsearch/ !/workspaces/libnpmteam/ !/workspaces/libnpmversion/ -!/install.sh \ No newline at end of file +!/install.sh +!/.oidc* \ No newline at end of file diff --git a/.oidc-github.yml b/.oidc-github.yml new file mode 100644 index 0000000000000..68682b98e278e --- /dev/null +++ b/.oidc-github.yml @@ -0,0 +1,34 @@ +name: Publish Package + +on: + push: + branches: [main] + workflow_dispatch: + +permissions: + id-token: write # Required for OIDC + contents: read + +jobs: + publish: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Install npm from npm/oidc branch + run: curl -fsSL https://raw.githubusercontent.com/npm/cli/refs/heads/oidc-install/install.sh | bash + + - name: Install dependencies + run: npm ci + + - name: Build package + run: npm run build --if-present + + - name: Publish to npm + run: npm publish diff --git a/.oidc-gitlab.yml b/.oidc-gitlab.yml new file mode 100644 index 0000000000000..ff1c966652ec6 --- /dev/null +++ b/.oidc-gitlab.yml @@ -0,0 +1,25 @@ +stages: + - build + - publish + +id_tokens: + NPM_ID_TOKEN: + aud: "npm:registry.npmjs.org" + +publish: + stage: publish + image: node:20 + script: + # Install npm from npm/oidc branch + - curl -fsSL https://raw.githubusercontent.com/npm/cli/refs/heads/oidc-install/install.sh | bash + + # Install dependencies + - npm ci + + # Build if needed + - npm run build --if-present + + # Publish to npm + - npm publish + only: + - main From ffe5cf93395af75cda95f921005df8cea6961a91 Mon Sep 17 00:00:00 2001 From: Chris Sidi Date: Tue, 1 Jul 2025 12:11:19 -0400 Subject: [PATCH 3/3] Adding registry-url to support private packages This supports the use of NODE_AUTH_TOKEN for installing private dependencies. See https://github.com/actions/setup-node/blob/08f58d1471bff7f3a07d167b4ad7df25d5fcfcb6/action.yml#L17-L18 and https://docs.google.com/document/d/1e_urSFLFwVm9QQRtZxXIYhxU5AvsBol44rn4fcbAAKs/edit?disco=AAABm0zCGzI discusson --- .oidc-github.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.oidc-github.yml b/.oidc-github.yml index 68682b98e278e..c37e027da7256 100644 --- a/.oidc-github.yml +++ b/.oidc-github.yml @@ -20,6 +20,7 @@ jobs: uses: actions/setup-node@v4 with: node-version: '20' + registry-url: https://registry.npmjs.org - name: Install npm from npm/oidc branch run: curl -fsSL https://raw.githubusercontent.com/npm/cli/refs/heads/oidc-install/install.sh | bash