From 7e1a2136e51b8c1c3f546ca3d5f51170bf2b3edc Mon Sep 17 00:00:00 2001 From: Yos Riady Date: Sun, 3 May 2026 20:50:12 +0700 Subject: [PATCH 1/2] Add release workflow --- .github/workflows/ci.yml | 26 ++++++++++---------------- .github/workflows/release.yml | 21 +++++++++++---------- 2 files changed, 21 insertions(+), 26 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a458dc2..fc91011 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,4 @@ -name: CLI CI +name: Formo CLI CI Check on: pull_request: @@ -17,15 +17,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup pnpm uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v4.4.0 - with: - version: 10 - name: Setup Node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v4.3.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: "22.14.0" cache: 'pnpm' @@ -33,7 +31,7 @@ jobs: - name: Install dependencies run: pnpm install --frozen-lockfile - - name: Build + - name: Build CLI run: pnpm build lint: @@ -41,15 +39,13 @@ jobs: needs: build steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup pnpm uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v4.4.0 - with: - version: 10 - name: Setup Node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v4.3.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: "22.14.0" cache: 'pnpm' @@ -57,7 +53,7 @@ jobs: - name: Install dependencies run: pnpm install --frozen-lockfile - - name: Lint + - name: Run lint run: pnpm lint test: @@ -65,15 +61,13 @@ jobs: needs: [build, lint] steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup pnpm uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v4.4.0 - with: - version: 10 - name: Setup Node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v4.3.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: "22.14.0" cache: 'pnpm' @@ -81,7 +75,7 @@ jobs: - name: Install dependencies run: pnpm install --frozen-lockfile - - name: Test + - name: Run tests run: pnpm test env: TEST_TOKEN: ${{ secrets.TEST_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 10b93a9..2b4d0fd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,7 +6,7 @@ on: - 'v*' permissions: - id-token: write # Required for npm provenance attestation + id-token: write # Required for OIDC trusted publishing contents: write # Required for creating GitHub releases jobs: @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -29,15 +29,16 @@ jobs: - name: Setup pnpm uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v4.4.0 - with: - version: 10 - name: Setup Node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v4.3.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: "22.14.0" cache: 'pnpm' - registry-url: 'https://registry.npmjs.org' + # No registry-url - using OIDC trusted publishing instead + + - name: Update npm for trusted publishing + run: npm install -g npm@latest - name: Install dependencies run: pnpm install --frozen-lockfile @@ -68,9 +69,9 @@ jobs: TEST_TOKEN: ${{ secrets.TEST_TOKEN }} - name: Publish to npm - run: npm publish --access public --provenance - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + run: npm publish --provenance + # Explicitly use --provenance flag for clarity + # OIDC trusted publishing (id-token: write) enables automatic provenance generation - name: Generate release notes id: release_notes @@ -158,7 +159,7 @@ jobs: EOF - name: Create GitHub Release - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: body_path: release_notes.md draft: false From ddba2be0f50c66676166b72581cca4c08d384808 Mon Sep 17 00:00:00 2001 From: Yos Riady Date: Sun, 3 May 2026 20:55:27 +0700 Subject: [PATCH 2/2] Pin pnpm version via packageManager field Fixes CI failure where pnpm/action-setup couldn't determine which pnpm version to install. Co-Authored-By: Claude Opus 4.7 (1M context) --- package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/package.json b/package.json index f71ae5a..aac83fd 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,7 @@ { "name": "@formo/cli", "version": "0.2.0", + "packageManager": "pnpm@10.28.2", "description": "Formo API CLI — query profiles and analytics data", "bin": { "formo": "dist/index.js"