From 36d0154696486859ca333bc119d679bc76a33816 Mon Sep 17 00:00:00 2001 From: philknows Date: Tue, 21 Oct 2025 15:50:23 -0400 Subject: [PATCH 1/8] bump node and enable trusted publishing --- .github/workflows/CI.yml | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 64a2fc14..b363efbd 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -51,7 +51,7 @@ jobs: # - host: windows-latest # target: aarch64-pc-windows-msvc # build: yarn build --target aarch64-pc-windows-msvc - name: Build - ${{ matrix.settings.target }} - node@22 + name: Build - ${{ matrix.settings.target }} - node@24 runs-on: ${{ matrix.settings.host }} steps: - uses: actions/checkout@v4 @@ -59,7 +59,7 @@ jobs: uses: actions/setup-node@v4 if: ${{ !matrix.settings.docker }} with: - node-version: "22.4.x" + node-version: "24.x" cache: yarn - name: Install uses: dtolnay/rust-toolchain@stable @@ -95,7 +95,7 @@ jobs: uses: actions/setup-node@v4 if: matrix.settings.target == 'i686-pc-windows-msvc' with: - node-version: "22.4.x" + node-version: "24.x" cache: yarn architecture: x86 - name: Build in docker @@ -129,8 +129,8 @@ jobs: - host: windows-latest target: x86_64-pc-windows-msvc node: - - "18" - - "22.4.x" + - "22.x" + - "24.x" runs-on: ${{ matrix.settings.host }} steps: - uses: actions/checkout@v4 @@ -165,8 +165,8 @@ jobs: fail-fast: false matrix: node: - - "18" - - "22.4.x" + - "22.x" + - "24.x" runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -251,8 +251,8 @@ jobs: fail-fast: false matrix: node: - - "18" - - 22.4 + - "22.x" + - "24.x" runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -293,8 +293,8 @@ jobs: fail-fast: false matrix: node: - - "18" - - 22.4 + - "22.x" + - "24.x" runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -336,8 +336,8 @@ jobs: fail-fast: false matrix: node: - - "18" - - 22.4 + - "22.x" + - "24.x" runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -387,7 +387,7 @@ jobs: - name: Setup node uses: actions/setup-node@v4 with: - node-version: "22.4.x" + node-version: "24.x" cache: yarn - name: Create tag id: tag @@ -418,15 +418,13 @@ jobs: npm config set provenance true if node -e "console.log(require('./package.json').version)" | grep "^[0-9]\+\.[0-9]\+\.[0-9]\+$"; then - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc npm publish --access public elif node -e "console.log(require('./package.json').version)" | grep "^[0-9]\+\.[0-9]\+\.[0-9]\+"; then - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc npm publish --tag next --access public else echo "Not a release, skipping publish" fi env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} From c96c2dcb30983fe40b4a78a33fdf10b254c74d5a Mon Sep 17 00:00:00 2001 From: philknows Date: Tue, 21 Oct 2025 15:59:30 -0400 Subject: [PATCH 2/8] modify to 22 --- .github/workflows/CI.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index b363efbd..8ed6f704 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -129,7 +129,7 @@ jobs: - host: windows-latest target: x86_64-pc-windows-msvc node: - - "22.x" + - "22" - "24.x" runs-on: ${{ matrix.settings.host }} steps: @@ -165,7 +165,7 @@ jobs: fail-fast: false matrix: node: - - "22.x" + - "22" - "24.x" runs-on: ubuntu-latest steps: @@ -251,7 +251,7 @@ jobs: fail-fast: false matrix: node: - - "22.x" + - "22" - "24.x" runs-on: ubuntu-latest steps: @@ -293,7 +293,7 @@ jobs: fail-fast: false matrix: node: - - "22.x" + - "22" - "24.x" runs-on: ubuntu-latest steps: @@ -336,7 +336,7 @@ jobs: fail-fast: false matrix: node: - - "22.x" + - "22" - "24.x" runs-on: ubuntu-latest steps: From fd73ec625411c9e0c5bda5e46fd7ff1947d92545 Mon Sep 17 00:00:00 2001 From: philknows Date: Tue, 21 Oct 2025 16:19:54 -0400 Subject: [PATCH 3/8] use 24 --- .github/workflows/CI.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 8ed6f704..86b76e03 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -59,7 +59,7 @@ jobs: uses: actions/setup-node@v4 if: ${{ !matrix.settings.docker }} with: - node-version: "24.x" + node-version: "24" cache: yarn - name: Install uses: dtolnay/rust-toolchain@stable @@ -95,7 +95,7 @@ jobs: uses: actions/setup-node@v4 if: matrix.settings.target == 'i686-pc-windows-msvc' with: - node-version: "24.x" + node-version: "24" cache: yarn architecture: x86 - name: Build in docker @@ -130,7 +130,7 @@ jobs: target: x86_64-pc-windows-msvc node: - "22" - - "24.x" + - "24" runs-on: ${{ matrix.settings.host }} steps: - uses: actions/checkout@v4 @@ -166,7 +166,7 @@ jobs: matrix: node: - "22" - - "24.x" + - "24" runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -252,7 +252,7 @@ jobs: matrix: node: - "22" - - "24.x" + - "24" runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -294,7 +294,7 @@ jobs: matrix: node: - "22" - - "24.x" + - "24" runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -337,7 +337,7 @@ jobs: matrix: node: - "22" - - "24.x" + - "24" runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 From dab7f9faa446823457380623337057354a0b556a Mon Sep 17 00:00:00 2001 From: philknows Date: Tue, 21 Oct 2025 18:40:16 -0400 Subject: [PATCH 4/8] include minimum npm version for oidc --- .github/workflows/CI.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 86b76e03..f916efbf 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -389,6 +389,9 @@ jobs: with: node-version: "24.x" cache: yarn + - name: Upgrade npm for OIDC + if: ${{ steps.release.outputs.releases_created }} + run: npm i -g npm@^11.5.1 - name: Create tag id: tag uses: butlerlogic/action-autotag@1.1.2 From 41568cad9258a07dfe2fc6a2f2d0ff3708f07709 Mon Sep 17 00:00:00 2001 From: philknows Date: Tue, 21 Oct 2025 18:40:47 -0400 Subject: [PATCH 5/8] remove node auth token secret --- .github/workflows/CI.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index f916efbf..5a5f2dad 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -430,4 +430,3 @@ jobs: fi env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} From ea1ed1e33535cea90dd10a31a34cdd2a46464efb Mon Sep 17 00:00:00 2001 From: philknows Date: Thu, 4 Dec 2025 10:48:04 -0500 Subject: [PATCH 6/8] add pull request write --- .github/workflows/CI.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 5a5f2dad..953e203e 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -4,8 +4,9 @@ env: APP_NAME: blst MACOSX_DEPLOYMENT_TARGET: "10.13" permissions: - contents: write - id-token: write + contents: write # Required for OIDC + id-token: write # Required to create a Github release + pull-requests: write # Required to add tags to pull requests on: pull_request: From eacafd0b79ef053fc97c16553b881f9d84fecfc5 Mon Sep 17 00:00:00 2001 From: Nazar Hussain Date: Fri, 5 Dec 2025 15:14:29 +0100 Subject: [PATCH 7/8] keep the changes only for the trusted publishing --- .github/workflows/CI.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 953e203e..5166ef8f 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -52,7 +52,7 @@ jobs: # - host: windows-latest # target: aarch64-pc-windows-msvc # build: yarn build --target aarch64-pc-windows-msvc - name: Build - ${{ matrix.settings.target }} - node@24 + name: Build - ${{ matrix.settings.target }} - node@22 runs-on: ${{ matrix.settings.host }} steps: - uses: actions/checkout@v4 @@ -60,7 +60,7 @@ jobs: uses: actions/setup-node@v4 if: ${{ !matrix.settings.docker }} with: - node-version: "24" + node-version: "22.4.x" cache: yarn - name: Install uses: dtolnay/rust-toolchain@stable @@ -96,7 +96,7 @@ jobs: uses: actions/setup-node@v4 if: matrix.settings.target == 'i686-pc-windows-msvc' with: - node-version: "24" + node-version: "22.4.x" cache: yarn architecture: x86 - name: Build in docker @@ -130,8 +130,8 @@ jobs: - host: windows-latest target: x86_64-pc-windows-msvc node: - - "22" - - "24" + - "18" + - "22.4.x" runs-on: ${{ matrix.settings.host }} steps: - uses: actions/checkout@v4 @@ -166,8 +166,8 @@ jobs: fail-fast: false matrix: node: - - "22" - - "24" + - "18" + - "22.4.x" runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -221,7 +221,7 @@ jobs: - uses: oven-sh/setup-bun@v2 with: bun-version: ${{ matrix.bun }} - - name: Install deps + - name: Install deps run: bun install --frozen-lockfile - name: Download artifacts uses: actions/download-artifact@v4 @@ -252,8 +252,8 @@ jobs: fail-fast: false matrix: node: - - "22" - - "24" + - "18" + - "22.4" runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -337,8 +337,8 @@ jobs: fail-fast: false matrix: node: - - "22" - - "24" + - "18" + - "22.4" runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -388,7 +388,7 @@ jobs: - name: Setup node uses: actions/setup-node@v4 with: - node-version: "24.x" + node-version: "22.4.x" cache: yarn - name: Upgrade npm for OIDC if: ${{ steps.release.outputs.releases_created }} From 5b687b8ebed8d1ac5fb622b026a641a2b908ad3e Mon Sep 17 00:00:00 2001 From: Nazar Hussain Date: Fri, 5 Dec 2025 15:15:45 +0100 Subject: [PATCH 8/8] keep the changes only for the trusted publishing --- .github/workflows/CI.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 5166ef8f..94c2452f 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -253,7 +253,7 @@ jobs: matrix: node: - "18" - - "22.4" + - 22.4 runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -294,8 +294,8 @@ jobs: fail-fast: false matrix: node: - - "22" - - "24" + - "18" + - 22.4 runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -338,7 +338,7 @@ jobs: matrix: node: - "18" - - "22.4" + - 22.4 runs-on: ubuntu-latest steps: - uses: actions/checkout@v4