From 516bd6285e8bef5e6384616cade41d82f769077b Mon Sep 17 00:00:00 2001 From: Fadi George Date: Tue, 4 Nov 2025 15:31:25 -0800 Subject: [PATCH 1/4] add npm publish workflow --- .../workflows/create-release-on-github.yml | 21 +++++++++++++++++++ .github/workflows/create-release-pr.yml | 1 - 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/create-release-on-github.yml diff --git a/.github/workflows/create-release-on-github.yml b/.github/workflows/create-release-on-github.yml new file mode 100644 index 00000000..189ef143 --- /dev/null +++ b/.github/workflows/create-release-on-github.yml @@ -0,0 +1,21 @@ +name: Publish to NPM +on: + pull_request: + types: + - closed + branches: + - main + - rel/** + +permissions: + id-token: write # Required for OIDC + contents: write + +jobs: + publish: + if: | + github.event.pull_request.merged == true && + contains(github.event.pull_request.title, 'chore: Release') + uses: OneSignal/sdk-actions/.github/workflows/npm-publish.yml@main + with: + branch: ${{ github.event.pull_request.base.ref }} diff --git a/.github/workflows/create-release-pr.yml b/.github/workflows/create-release-pr.yml index 2817c8eb..1a180023 100644 --- a/.github/workflows/create-release-pr.yml +++ b/.github/workflows/create-release-pr.yml @@ -131,7 +131,6 @@ jobs: # Update package.json version & lockfile bun pm pkg set version="$NEW_VERSION" - bun install git add . git commit -m "Release $NEW_VERSION" From ecc7f550a4e6c4f69b7ed56a5003a81f54580a58 Mon Sep 17 00:00:00 2001 From: Fadi George Date: Tue, 4 Nov 2025 15:35:02 -0800 Subject: [PATCH 2/4] remove permissions from caller side --- .github/workflows/create-release-on-github.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/create-release-on-github.yml b/.github/workflows/create-release-on-github.yml index 189ef143..361dc2e1 100644 --- a/.github/workflows/create-release-on-github.yml +++ b/.github/workflows/create-release-on-github.yml @@ -7,10 +7,6 @@ on: - main - rel/** -permissions: - id-token: write # Required for OIDC - contents: write - jobs: publish: if: | From a3611ffc3237797586e4baaf7681b249e81170c2 Mon Sep 17 00:00:00 2001 From: Fadi George Date: Tue, 4 Nov 2025 16:11:08 -0800 Subject: [PATCH 3/4] rename deployment workflow to cd.yml --- .github/workflows/{create-release-on-github.yml => cd.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{create-release-on-github.yml => cd.yml} (100%) diff --git a/.github/workflows/create-release-on-github.yml b/.github/workflows/cd.yml similarity index 100% rename from .github/workflows/create-release-on-github.yml rename to .github/workflows/cd.yml From f6c7bd98cf97fff4f500d9d0b1c0f3a928940b59 Mon Sep 17 00:00:00 2001 From: Fadi George Date: Tue, 4 Nov 2025 16:27:16 -0800 Subject: [PATCH 4/4] add back permissions --- .github/workflows/cd.yml | 8 ++++++-- .github/workflows/create-release-pr.yml | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 361dc2e1..f3233e29 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -1,4 +1,4 @@ -name: Publish to NPM +name: Publish to NPM & Github on: pull_request: types: @@ -7,11 +7,15 @@ on: - main - rel/** +permissions: + id-token: write # Required for OIDC + contents: write + jobs: publish: if: | github.event.pull_request.merged == true && contains(github.event.pull_request.title, 'chore: Release') - uses: OneSignal/sdk-actions/.github/workflows/npm-publish.yml@main + uses: OneSignal/sdk-actions/.github/workflows/publish-npm-github.yml@main with: branch: ${{ github.event.pull_request.base.ref }} diff --git a/.github/workflows/create-release-pr.yml b/.github/workflows/create-release-pr.yml index 1a180023..3e5645f1 100644 --- a/.github/workflows/create-release-pr.yml +++ b/.github/workflows/create-release-pr.yml @@ -129,7 +129,7 @@ jobs: git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" - # Update package.json version & lockfile + # Update package.json version bun pm pkg set version="$NEW_VERSION" git add .