Skip to content

ci: enable provenance #602

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
GauBen merged 1 commit into from
Dec 16, 2025
Merged

ci: enable provenance #602

GauBen merged 1 commit into from
Dec 16, 2025

Conversation

@GauBen
Copy link
Member

@GauBen GauBen commented Dec 16, 2025

Description

  • yarn 4.10.3 -> yarn 4.12.0
  • Added --provenance to npm publish
  • Fixed repository urls

Tests

The following are included in this PR

  • Unit Tests (Most changes should have unit tests)
  • Integration Tests

Checklist

I have considered the following implications of my change:

  • Security (in particular for changes to authentication, authorization, data fetching, ...)
  • Performance
  • Migration
  • Code maintainability

Documentation

  • Inline documentation
  • Internal Documentation (wiki)
  • User-facing Documentation

@GauBen GauBen requested a review from a team as a code owner December 16, 2025 09:49
Copilot AI review requested due to automatic review settings December 16, 2025 09:49
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enables npm package provenance by adding the --provenance flag to npm publish commands and updates the project's Yarn version from 4.10.3 to 4.12.0. It also fixes malformed GitHub repository URLs.

Key changes:

  • Updated Yarn from version 4.10.3 to 4.12.0 across the project
  • Added --provenance flag to all npm publish commands in Maven POM files
  • Corrected GitHub repository URLs from github.com: to github.com/

Reviewed changes

Copilot reviewed 12 out of 14 changed files in this pull request and generated no comments.

Show a summary per file
File Description
vite-plugin/pom.xml Added --provenance flag to alpha and release npm publish commands
vite-plugin/package.json Fixed GitHub repository URL format
tests/package.json Updated packageManager to yarn@4.12.0
tests/.yarnrc.yml Updated yarnPath to yarn-4.12.0.cjs
package.json Updated packageManager to yarn@4.12.0
javascript-modules-library/pom.xml Added --provenance flag to alpha and release npm publish commands
javascript-modules-library/package.json Fixed GitHub repository URL format
javascript-create-module/pom.xml Added --provenance flag to alpha and release npm publish commands
javascript-create-module/package.json Fixed GitHub repository URL format
.yarnrc.yml Updated yarnPath to yarn-4.12.0.cjs
.github/workflows/on-release.yml Added id-token write permission for provenance support
.github/workflows/on-merge.yml Added id-token write permission for provenance support

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@GauBen GauBen merged commit 08fa3dc into main Dec 16, 2025
15 checks passed
@GauBen GauBen deleted the ci/enable-provenance branch December 16, 2025 13:46
@x0h01
Copy link
Contributor

x0h01 commented Dec 17, 2025

With:

  • Jahia 8.2.3.0 [Kimchi] - Build: 0e47150
  • dx:org.jahia.modules/javascript-modules-engine/1.1.0.SNAPSHOT (Git-last-commit-id: 0b268ab)
  • @jahia/create-module@1.1.0-alpha-20251217115503239

  • ✅️ no compilation errors during module build and publishing
  • ✅️ integration tests passed
  • ✅️ A minimal Hello World template set is created without errors
  • ✅️ hydrogen module is successfully imported to jahia
  • ✅️ no errors in browser console and jahia.log

  • ✅️ package is built and published with provenance
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jkevan jkevan jkevan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

javascript-modules-1.1.0

Development

Successfully merging this pull request may close these issues.

5 participants

@GauBen @x0h01 @jkevan @baptistegrimaud