From 0228ec0f3f4a46d8fb83b35d8ba5e877f9e9cf30 Mon Sep 17 00:00:00 2001 From: Maximilian Franzke <787658+mfranzke@users.noreply.github.com> Date: Sat, 8 Nov 2025 21:58:02 +0100 Subject: [PATCH 1/6] refactor: introduce trusted publishing --- .github/scripts/publish-npm.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/scripts/publish-npm.sh b/.github/scripts/publish-npm.sh index bc8655844..e976f779c 100644 --- a/.github/scripts/publish-npm.sh +++ b/.github/scripts/publish-npm.sh @@ -51,7 +51,6 @@ do echo "🔑 Authenticated with GITHUB" elif [[ $REGISTRY == 'NPM' ]]; then npm config set @db-ui:registry https://registry.npmjs.org/ - npm set //registry.npmjs.org/:_authToken "$NPM_TOKEN" echo "🔑 Authenticated with NPM" else echo "Could not authenticate with $REGISTRY" From 0ab19089361835a655d4e40a80d6263d3b823338 Mon Sep 17 00:00:00 2001 From: Maximilian Franzke <787658+mfranzke@users.noreply.github.com> Date: Sat, 8 Nov 2025 21:58:48 +0100 Subject: [PATCH 2/6] Remove NPM_TOKEN from publish workflow Removed NPM_TOKEN from the workflow for security reasons. --- .github/workflows/03-publish-packages.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/03-publish-packages.yml b/.github/workflows/03-publish-packages.yml index 1fa5a9dd8..25d99a29a 100644 --- a/.github/workflows/03-publish-packages.yml +++ b/.github/workflows/03-publish-packages.yml @@ -80,7 +80,6 @@ jobs: VALID_SEMVER_VERSION: ${{ inputs.version }} DBUI_THEME: ${{ matrix.themes }} PACKAGE_ENDING: ${{ steps.getPkgTheme.outputs.pkgTheme }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} GPR_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: ⬆ Upload Package Artifact elements-${{ matrix.themes }} From 0ab15114a3821ac7f6541b3a7ff550fec0582d69 Mon Sep 17 00:00:00 2001 From: Maximilian Franzke <787658+mfranzke@users.noreply.github.com> Date: Sat, 8 Nov 2025 21:59:12 +0100 Subject: [PATCH 3/6] Update .nvmrc --- .nvmrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.nvmrc b/.nvmrc index 2bd5a0a98..a45fd52cc 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -22 +24 From e67e848296ad078b680fa9afab81251bc6ffac29 Mon Sep 17 00:00:00 2001 From: Maximilian Franzke <787658+mfranzke@users.noreply.github.com> Date: Sat, 8 Nov 2025 22:16:09 +0100 Subject: [PATCH 4/6] Update publish-release.yml --- .github/workflows/publish-release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index d1728767b..99118af94 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -53,6 +53,8 @@ jobs: uses: ./.github/workflows/03-publish-packages.yml needs: [cypress, get-publish-version] secrets: inherit + permissions: + id-token: write # Required for OIDC with: release: ${{ needs.get-publish-version.outputs.release }} preRelease: ${{ needs.get-publish-version.outputs.preRelease }} From 95cf311cdbfb049e703950f1256f26eb52230636 Mon Sep 17 00:00:00 2001 From: Maximilian Franzke <787658+mfranzke@users.noreply.github.com> Date: Sat, 8 Nov 2025 22:19:12 +0100 Subject: [PATCH 5/6] Update package.json --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 3efdde53f..9f02387fc 100644 --- a/package.json +++ b/package.json @@ -74,5 +74,5 @@ "registry": "https://registry.npmjs.org/" }, "homepage": "https://db-ui.github.io/elements/", - "packageManager": "npm@10.9.2" + "packageManager": "npm@11.6.1" } From 977b0b3e1a66e3f2694582bd3fd124b8bb255545 Mon Sep 17 00:00:00 2001 From: Maximilian Franzke <787658+mfranzke@users.noreply.github.com> Date: Sat, 8 Nov 2025 22:24:28 +0100 Subject: [PATCH 6/6] Update publish-npm.sh --- .github/scripts/publish-npm.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/scripts/publish-npm.sh b/.github/scripts/publish-npm.sh index e976f779c..06d7cd894 100644 --- a/.github/scripts/publish-npm.sh +++ b/.github/scripts/publish-npm.sh @@ -57,8 +57,8 @@ do exit 1 fi # https://docs.npmjs.com/generating-provenance-statements#example-github-actions-workflow - npm publish --tag "$TAG" db-ui-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz --provenance - npm publish --tag "$TAG" db-ui-ngx-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz --provenance - npm publish --tag "$TAG" db-ui-react-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz --provenance - npm publish --tag "$TAG" db-ui-v-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz --provenance + npm publish --tag "$TAG" db-ui-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz + npm publish --tag "$TAG" db-ui-ngx-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz + npm publish --tag "$TAG" db-ui-react-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz + npm publish --tag "$TAG" db-ui-v-elements"$PACKAGE_ENDING"-"$VALID_SEMVER_VERSION".tgz done