Skip to content

Support trusted publishing with OIDC #308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
anguyen-yext2 merged 3 commits into from
Oct 7, 2025
Merged

Support trusted publishing with OIDC #308

anguyen-yext2 merged 3 commits into from
Oct 7, 2025

Conversation

@anguyen-yext2
Copy link
Contributor

@anguyen-yext2 anguyen-yext2 commented Oct 6, 2025

J=WAT-5077
TEST=manual

forked the repo to my personal git account. Verified that:

  • the ci-verify-publish script output the correct release tag
  • the release and release:dry scripts work as expected on a new patch, minor, major, alpha, beta, and custom version

copied over the relevant changes from the forked repo. Verified that:

  • the ci-verify-publish script output the correct release tag
  • the release:dry script make the expected changes locally

@anguyen-yext2
Support trusted publishing with OIDC
d1e86a4 
J=WAT-5077
TEST=manual

forked the repo to my personal git account. Verified that:
- the `ci-verify-publish` script output the correct release tag
- the `release` and `release:dry` scripts work as expected on a new patch, minor, major, alpha, beta, and custom version

copied over the relevant changes from the forked repo. Verified that:
- the `ci-verify-publish` script output the correct release tag
- the `release:dry` script make the expected changes locally
@anguyen-yext2 anguyen-yext2 requested a review from a team as a code owner October 6, 2025 23:12
@coveralls
Copy link

coveralls commented Oct 6, 2025
edited
Loading

Pull Request Test Coverage Report for Build 18297306928

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 89.397%
Totals Coverage Status
Change from base Build 16660569086: 0.0%
Covered Lines: 244
Relevant Lines: 266
💛 - Coveralls

Fondryext
Fondryext reviewed Oct 7, 2025
View reviewed changes
Copy link
Contributor

@Fondryext Fondryext left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this all makes sense to me, although I'm not too familiar with the publish process.
So silly question - what's the new release flow work like? Do we just make a new release/tag in Github, and these scripts get triggered and everything works from there without our input?

I plan to approve this shortly but wanted to give any other engineers a chance to check as well

@anguyen-yext2
Copy link
Contributor Author

anguyen-yext2 commented Oct 7, 2025
edited
Loading

I think this all makes sense to me, although I'm not too familiar with the publish process. So silly question - what's the new release flow work like? Do we just make a new release/tag in Github, and these scripts get triggered and everything works from there without our input?

I plan to approve this shortly but wanted to give any other engineers a chance to check as well

I'll confirm with Sumo later to see if they're doing the same thing, but here is how I was testing it:
Before: manually bump the version in a PR, run npm publish after merging, then manually make a release note on github.
After: make a PR without bumping the version. Once that is merged, run npm run release locally, which will prompt you to choose if you want to release a patch/minor/major/etc version, and then that script will publish the new version to npm. Similar to before, we would still need to make a release note on github page manually.

@anguyen-yext2
Copy link
Contributor Author

anguyen-yext2 commented Oct 7, 2025

I think this all makes sense to me, although I'm not too familiar with the publish process. So silly question - what's the new release flow work like? Do we just make a new release/tag in Github, and these scripts get triggered and everything works from there without our input?
I plan to approve this shortly but wanted to give any other engineers a chance to check as well

I'll confirm with Sumo later to see if they're doing the same thing, but here is how I was testing it: Before: manually bump the version in a PR, run npm publish after merging, then manually make a release note on github. After: make a PR without bumping the version. Once that is merged, run npm run release locally, which will prompt you to choose if you want to release a patch/minor/major/etc version, and then that script will publish the new version to npm. Similar to before, we would still need to make a release note on github page manually.

Just confirmed with Ben that Sumo's flow is similar

Fondryext
Fondryext approved these changes Oct 7, 2025
View reviewed changes
Copy link
Contributor

@Fondryext Fondryext left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for clarifying!

@vijay267
Copy link

vijay267 commented Oct 7, 2025
edited
Loading

Let's update the Search SDK documentation to take into account the new release flow (after this / the other changes are shipped).

vijay267
vijay267 approved these changes Oct 7, 2025
View reviewed changes
@anguyen-yext2 anguyen-yext2 merged commit fe0651b into master Oct 7, 2025
11 checks passed
anguyen-yext2 added a commit that referenced this pull request Oct 7, 2025
@github-actions @k-gerner @anguyen-yext2
Merge master (v2.6.3) into develop (#309)
5091daa 
* update Visitor to show visitorId max length

* Support trusted publishing with OIDC (#308)

J=WAT-5077
TEST=manual

forked the repo to my personal git account. Verified that:
- the `ci-verify-publish` script output the correct release tag
- the `release` and `release:dry` scripts work as expected on a new patch, minor, major, alpha, beta, and custom version

copied over the relevant changes from the forked repo. Verified that:
- the `ci-verify-publish` script output the correct release tag
- the `release:dry` script make the expected changes locally

---------

Co-authored-by: Kyle Gerner <kgerner@yext.com>
Co-authored-by: Kyle Gerner <49618240+k-gerner@users.noreply.github.com>
Co-authored-by: anguyen-yext2 <143001514+anguyen-yext2@users.noreply.github.com>
@anguyen-yext2 anguyen-yext2 deleted the dev/publish-with-oidc branch October 7, 2025 18:05
anguyen-yext2 added a commit that referenced this pull request Nov 7, 2025
@github-actions @k-gerner
@anguyen-yext2 @mkouzel-yext
Merge master (v2.7.0) into develop (#323)
88c4944 
* update Visitor to show visitorId max length

* Support trusted publishing with OIDC (#308)

J=WAT-5077
TEST=manual

forked the repo to my personal git account. Verified that:
- the `ci-verify-publish` script output the correct release tag
- the `release` and `release:dry` scripts work as expected on a new patch, minor, major, alpha, beta, and custom version

copied over the relevant changes from the forked repo. Verified that:
- the `ci-verify-publish` script output the correct release tag
- the `release:dry` script make the expected changes locally

* Support facetAllowlist query parameter for vertical searches (#310)

Allows the "facetAllowlist" parameter to be set on vertical searches. This parameter specifies the subset of field IDs that are configured as facet fields that facet options should be returned for in the search response. If unspecified, all fields configured as facetable can be returned if they have data for the given query.

J=WAT-4928
TEST=manual

Added a query to the test-site vertical requests that returns facets. Confirmed that the facetAllowlist parameter is settable and works as expected.

* Undo version bump to 2.6.4 (#312)

We have changed the release flow to be compatible with OIDC.

* release: @yext/search-core@2.6.4

* Revert "release: @yext/search-core@2.6.4"

This reverts commit d32e762.

* release: @yext/search-core@2.6.4

* hotfix: fix release tag in trusted publishing workflow (#316)

* release: v2.7.0-beta.0

* release: v2.7.0-beta.1

* chore: use reusable publish workflow (#320)

* release: v2.7.0-beta.2

* release: v2.7.0

* rerun `npm i && npm run build`
up to date, audited 921 packages in 1s

169 packages are looking for funding
  run `npm fund` for details

4 low severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

---------

Co-authored-by: Kyle Gerner <kgerner@yext.com>
Co-authored-by: Kyle Gerner <49618240+k-gerner@users.noreply.github.com>
Co-authored-by: anguyen-yext2 <143001514+anguyen-yext2@users.noreply.github.com>
Co-authored-by: mkouzel-yext <mkouzel@yext.com>
Co-authored-by: anguyen-yext2 <anguyen@yext.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vijay267 vijay267 vijay267 approved these changes

@Fondryext Fondryext Fondryext approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@anguyen-yext2 @coveralls @vijay267 @Fondryext