Skip to content

Commit 8826866

Browse files
wcandillonwcandillon
authored
chore(πŸ™): enhance npm debug workflow with OIDC checks (#3625)
Added OIDC token check and final validation steps to the workflow.
1 parent 83d239a commit 8826866

File tree

1 file changed

+66
-3
lines changed

1 file changed

+66
-3
lines changed

β€Ž.github/workflows/npm-debug-workflow.ymlβ€Ž

Lines changed: 66 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -50,29 +50,41 @@ jobs:
5050
fi
5151
5252
- name: Debug - Check OIDC token availability
53+
id: oidc-check
54+
continue-on-error: true
5355
run: |
5456
echo "=== OIDC Token Check ==="
57+
OIDC_OK=true
5558
if [ -n "$ACTIONS_ID_TOKEN_REQUEST_URL" ]; then
5659
echo "βœ… OIDC token request URL is set"
5760
echo "URL prefix: ${ACTIONS_ID_TOKEN_REQUEST_URL:0:50}..."
5861
else
5962
echo "❌ OIDC token request URL is NOT set"
6063
echo "Make sure 'id-token: write' permission is configured"
64+
OIDC_OK=false
6165
fi
62-
66+
6367
if [ -n "$ACTIONS_ID_TOKEN_REQUEST_TOKEN" ]; then
6468
echo "βœ… OIDC token request token is available"
6569
else
6670
echo "❌ OIDC token request token is NOT available"
71+
OIDC_OK=false
72+
fi
73+
74+
if [ "$OIDC_OK" = "false" ]; then
75+
exit 1
6776
fi
6877
6978
- name: Debug - Test npm authentication
79+
id: npm-auth
80+
continue-on-error: true
7081
run: |
7182
echo "=== Testing npm whoami ==="
7283
if npm whoami 2>&1; then
7384
echo "βœ… Successfully authenticated with npm"
7485
else
7586
echo "❌ npm whoami failed - not authenticated"
87+
exit 1
7688
fi
7789
7890
- name: Debug - Check package info
@@ -109,17 +121,26 @@ jobs:
109121
github_token: ${{ secrets.GITHUB_TOKEN }}
110122

111123
- name: Debug - Dry run publish test
124+
id: dry-run
125+
continue-on-error: true
112126
run: |
113127
echo "=== Attempting dry-run publish ==="
114128
echo "This will NOT actually publish, just test if it would work"
115129
116130
# Build the project using yarn (this is a yarn monorepo)
117131
echo "Running build first..."
118-
yarn build || echo "Build step failed or not applicable"
132+
if ! yarn build; then
133+
echo "❌ Build step failed"
134+
exit 1
135+
fi
119136
120137
# Try dry-run publish from the skia package
121138
cd packages/skia
122-
npm publish --dry-run --provenance --access public 2>&1 || true
139+
if ! npm publish --dry-run --provenance --access public 2>&1; then
140+
echo "❌ Dry-run publish failed"
141+
exit 1
142+
fi
143+
echo "βœ… Dry-run publish succeeded"
123144
124145
- name: Debug - Check provenance requirements
125146
run: |
@@ -159,3 +180,45 @@ jobs:
159180
echo "4. Check npm's provenance documentation:"
160181
echo " β†’ https://docs.npmjs.com/generating-provenance-statements"
161182
echo ""
183+
184+
- name: Final validation
185+
run: |
186+
echo ""
187+
echo "========================================"
188+
echo " VALIDATION RESULTS"
189+
echo "========================================"
190+
echo ""
191+
FAILED=false
192+
193+
if [ "${{ steps.oidc-check.outcome }}" = "failure" ]; then
194+
echo "❌ OIDC token check: FAILED"
195+
FAILED=true
196+
else
197+
echo "βœ… OIDC token check: PASSED"
198+
fi
199+
200+
if [ "${{ steps.npm-auth.outcome }}" = "failure" ]; then
201+
echo "❌ npm authentication: FAILED"
202+
FAILED=true
203+
else
204+
echo "βœ… npm authentication: PASSED"
205+
fi
206+
207+
if [ "${{ steps.dry-run.outcome }}" = "failure" ]; then
208+
echo "❌ Dry-run publish: FAILED"
209+
FAILED=true
210+
else
211+
echo "βœ… Dry-run publish: PASSED"
212+
fi
213+
214+
echo ""
215+
if [ "$FAILED" = "true" ]; then
216+
echo "========================================"
217+
echo " ❌ OVERALL: SOME CHECKS FAILED"
218+
echo "========================================"
219+
exit 1
220+
else
221+
echo "========================================"
222+
echo " βœ… OVERALL: ALL CHECKS PASSED"
223+
echo "========================================"
224+
fi

0 commit comments

Comments
Β (0)