From 701d9c454688c790c16fd7e1bfdbf777be1cdd78 Mon Sep 17 00:00:00 2001 From: yangxiaolang <1810849666@qq.com> Date: Wed, 6 May 2026 20:23:26 +0800 Subject: [PATCH 1/3] chore: migrate release pipeline to trusted publishing --- .changeset/witty-flies-agree.md | 5 ++ .github/workflows/release-beta.yml | 35 ------------ .github/workflows/release-prod.yml | 43 --------------- .github/workflows/release.yml | 89 ++++++++++++++++++++++++++++-- .github/workflows/stories.yml | 6 +- .github/workflows/test.yml | 6 +- .nvmrc | 2 +- scripts/release.sh | 10 +--- 8 files changed, 100 insertions(+), 96 deletions(-) create mode 100644 .changeset/witty-flies-agree.md delete mode 100644 .github/workflows/release-beta.yml delete mode 100644 .github/workflows/release-prod.yml diff --git a/.changeset/witty-flies-agree.md b/.changeset/witty-flies-agree.md new file mode 100644 index 000000000..bce6c64bf --- /dev/null +++ b/.changeset/witty-flies-agree.md @@ -0,0 +1,5 @@ +--- +"@alauda/ui": patch +--- + +chore: migrate npm publishing to trusted publishing and Node 22 diff --git a/.github/workflows/release-beta.yml b/.github/workflows/release-beta.yml deleted file mode 100644 index d9831cbb6..000000000 --- a/.github/workflows/release-beta.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: Release beta - -on: - pull_request: - branches: [master] - -jobs: - release_beta: - name: Release Beta - permissions: - contents: read - id-token: write - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v3 - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: 20 - cache: yarn - registry-url: 'https://registry.npmjs.org' - - - name: Install dependencies - run: yarn --frozen-lockfile - - - name: Release beta - run: sh scripts/release.sh - env: - PUBLISH_VERSION: beta - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - - - name: Sync Cnpm - run: npx cnpm sync @alauda/ui diff --git a/.github/workflows/release-prod.yml b/.github/workflows/release-prod.yml deleted file mode 100644 index ba6dfad22..000000000 --- a/.github/workflows/release-prod.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: Release prod - -on: - workflow_dispatch: - inputs: - version: - description: Hotfix package version for prod, 5.7.0-prod-3.5-0 for example . - required: true - -jobs: - release_prod: - name: Release Prod - permissions: - contents: write - id-token: write - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v3 - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: 20 - cache: yarn - registry-url: 'https://registry.npmjs.org' - - - name: Install dependencies - run: yarn --frozen-lockfile - - - name: Set git info - run: | - git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" - git config --local user.name "github-actions[bot]" - - - name: Release - run: sh scripts/release.sh - env: - PUBLISH_VERSION: ${{ github.event.inputs.version }} - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - - - name: Sync Cnpm - run: npx cnpm sync @alauda/ui diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0bd1a6bd5..62e90c404 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,28 +4,40 @@ on: push: branches: - master + pull_request: + branches: + - master + workflow_dispatch: + inputs: + version: + description: Hotfix package version for prod, 5.7.0-prod-3.5-0 for example. + required: true jobs: release: name: Release + if: github.event_name == 'push' runs-on: ubuntu-latest permissions: contents: write id-token: write steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: # This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits fetch-depth: 0 - name: Setup Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: - node-version: 20 + node-version: 22.14.0 cache: yarn registry-url: 'https://registry.npmjs.org' + - name: Upgrade npm for trusted publishing + run: npm install -g npm@^11.5.1 + - name: Install Dependencies run: yarn --frozen-lockfile @@ -39,7 +51,76 @@ jobs: publish: yarn release env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + + - name: Sync Cnpm + if: steps.changesets.outputs.published == 'true' + run: npx cnpm sync @alauda/ui + + release_beta: + name: Release Beta + if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 22.14.0 + cache: yarn + registry-url: 'https://registry.npmjs.org' + + - name: Upgrade npm for trusted publishing + run: npm install -g npm@^11.5.1 + + - name: Install dependencies + run: yarn --frozen-lockfile + + - name: Release beta + run: sh scripts/release.sh + env: + PUBLISH_VERSION: beta + + - name: Sync Cnpm + run: npx cnpm sync @alauda/ui + + release_prod: + name: Release Prod + if: github.event_name == 'workflow_dispatch' + runs-on: ubuntu-latest + permissions: + contents: write + id-token: write + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 22.14.0 + cache: yarn + registry-url: 'https://registry.npmjs.org' + + - name: Upgrade npm for trusted publishing + run: npm install -g npm@^11.5.1 + + - name: Install dependencies + run: yarn --frozen-lockfile + + - name: Set git info + run: | + git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" + + - name: Release + run: sh scripts/release.sh + env: + PUBLISH_VERSION: ${{ github.event.inputs.version }} - name: Sync Cnpm run: npx cnpm sync @alauda/ui diff --git a/.github/workflows/stories.yml b/.github/workflows/stories.yml index 66abdfa42..468dee0f8 100644 --- a/.github/workflows/stories.yml +++ b/.github/workflows/stories.yml @@ -10,12 +10,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: - node-version: 20 + node-version: 22.14.0 cache: yarn - name: Install dependencies diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 52ce4be7c..1117f163c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,12 +8,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: - node-version: 20 + node-version: 22.14.0 cache: yarn - name: Install Dependencies diff --git a/.nvmrc b/.nvmrc index 209e3ef4b..7d41c735d 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -20 +22.14.0 diff --git a/scripts/release.sh b/scripts/release.sh index 960b11c4f..ac46ab7d3 100644 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -1,15 +1,11 @@ #!/bin/sh +set -e + PUBLISH_VERSION=$(node scripts/publish-version) PUBLISH_BRANCH=$(node scripts/publish-branch) NPM_TAG=$(node scripts/npm-tag) -if [ "$NODE_AUTH_TOKEN" = "" ] && [ "$NPM_TOKEN" = "" ]; then - echo "NPM_TOKEN is not available on PR from forked repository!" - echo "If you're a member of Alauda, just checkout a new branch instead." - exit 0 -fi - if [ "$NPM_TAG" = "latest" ]; then echo "Publish latest tag via this script is not permitted anymore." exit 1 @@ -26,4 +22,4 @@ if [ "$PUBLISH_BRANCH" != "" ]; then git push --follow-tags origin "$PUBLISH_BRANCH" fi -npm publish ./release --tag "$NPM_TAG" --provenance --access public +npm publish ./release --tag "$NPM_TAG" --access public From 3d69e71671b14272f8a30bf5333cc76ba1ae9df7 Mon Sep 17 00:00:00 2001 From: yangxiaolang <1810849666@qq.com> Date: Thu, 7 May 2026 11:06:49 +0800 Subject: [PATCH 2/3] chore: modify workflow and default node --- .github/workflows/release.yml | 25 +++++++------------------ .nvmrc | 2 +- 2 files changed, 8 insertions(+), 19 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 62e90c404..d4a8f0c42 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,14 +13,15 @@ on: description: Hotfix package version for prod, 5.7.0-prod-3.5-0 for example. required: true +permissions: + contents: write + id-token: write + jobs: release: name: Release if: github.event_name == 'push' runs-on: ubuntu-latest - permissions: - contents: write - id-token: write steps: - name: Checkout Repo uses: actions/checkout@v4 @@ -31,13 +32,10 @@ jobs: - name: Setup Node.js uses: actions/setup-node@v4 with: - node-version: 22.14.0 + node-version: 24 cache: yarn registry-url: 'https://registry.npmjs.org' - - name: Upgrade npm for trusted publishing - run: npm install -g npm@^11.5.1 - - name: Install Dependencies run: yarn --frozen-lockfile @@ -70,13 +68,10 @@ jobs: - name: Setup Node.js uses: actions/setup-node@v4 with: - node-version: 22.14.0 + node-version: 24 cache: yarn registry-url: 'https://registry.npmjs.org' - - name: Upgrade npm for trusted publishing - run: npm install -g npm@^11.5.1 - - name: Install dependencies run: yarn --frozen-lockfile @@ -92,9 +87,6 @@ jobs: name: Release Prod if: github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest - permissions: - contents: write - id-token: write steps: - name: Checkout Repo uses: actions/checkout@v4 @@ -102,13 +94,10 @@ jobs: - name: Setup Node.js uses: actions/setup-node@v4 with: - node-version: 22.14.0 + node-version: 24 cache: yarn registry-url: 'https://registry.npmjs.org' - - name: Upgrade npm for trusted publishing - run: npm install -g npm@^11.5.1 - - name: Install dependencies run: yarn --frozen-lockfile diff --git a/.nvmrc b/.nvmrc index 7d41c735d..cabf43b5d 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -22.14.0 +24 \ No newline at end of file From 2c9b53b844616ddcbae01f011c812e42d969a6c0 Mon Sep 17 00:00:00 2001 From: yangxiaolang <1810849666@qq.com> Date: Thu, 7 May 2026 16:43:02 +0800 Subject: [PATCH 3/3] chore: using one job --- .github/workflows/release.yml | 55 +++++------------------------------ 1 file changed, 7 insertions(+), 48 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d4a8f0c42..3dcb75b3c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,7 +20,7 @@ permissions: jobs: release: name: Release - if: github.event_name == 'push' + if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository runs-on: ubuntu-latest steps: - name: Checkout Repo @@ -40,6 +40,7 @@ jobs: run: yarn --frozen-lockfile - name: Create Release Pull Request or Publish to npm + if: github.event_name == 'push' id: changesets uses: changesets/action@v1 with: @@ -50,66 +51,24 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} - - name: Sync Cnpm - if: steps.changesets.outputs.published == 'true' - run: npx cnpm sync @alauda/ui - - release_beta: - name: Release Beta - if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository - runs-on: ubuntu-latest - permissions: - contents: read - id-token: write - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: 24 - cache: yarn - registry-url: 'https://registry.npmjs.org' - - - name: Install dependencies - run: yarn --frozen-lockfile - - name: Release beta + if: github.event_name == 'pull_request' run: sh scripts/release.sh env: PUBLISH_VERSION: beta - - name: Sync Cnpm - run: npx cnpm sync @alauda/ui - - release_prod: - name: Release Prod - if: github.event_name == 'workflow_dispatch' - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@v4 - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: 24 - cache: yarn - registry-url: 'https://registry.npmjs.org' - - - name: Install dependencies - run: yarn --frozen-lockfile - - name: Set git info + if: github.event_name == 'workflow_dispatch' run: | git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" git config --local user.name "github-actions[bot]" - - name: Release + - name: Release prod + if: github.event_name == 'workflow_dispatch' run: sh scripts/release.sh env: PUBLISH_VERSION: ${{ github.event.inputs.version }} - name: Sync Cnpm + if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && steps.changesets.outputs.published == 'true') run: npx cnpm sync @alauda/ui