diff --git a/.github/workflows/agents-publish.yml b/.github/workflows/agents-publish.yml index 7696bc1498..e3f1b84c2c 100644 --- a/.github/workflows/agents-publish.yml +++ b/.github/workflows/agents-publish.yml @@ -19,11 +19,16 @@ defaults: run: working-directory: packages/agents +permissions: + contents: write + id-token: write + packages: write + jobs: version_and_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: # Needed to push the tag and the commit on the main branch, otherwise we get: # > Run git push --follow-tags @@ -31,15 +36,13 @@ jobs: # remote: error: Changes must be made through a pull request. Required status check "lint" is expected. token: ${{ secrets.BOT_ACCESS_TOKEN }} - run: npm install -g corepack@latest && corepack enable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" cache: "pnpm" cache-dependency-path: | packages/agents/pnpm-lock.yaml packages/doc-internal/pnpm-lock.yaml - # setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED - registry-url: "https://registry.npmjs.org" - run: pnpm install - run: git config --global user.name machineuser - run: git config --global user.email infra+machineuser@huggingface.co @@ -52,19 +55,19 @@ jobs: git add ../.. git commit -m "🔖 @huggingface/agents $BUMPED_VERSION" git tag "agents-v$BUMPED_VERSION" - - run: pnpm --filter agents... build && pnpm publish --no-git-checks . - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + - run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags) - # hack - reuse actions/setup-node@v3 just to set a new registry - - uses: actions/setup-node@v3 + + - run: pnpm --filter agents... build && pnpm publish --no-git-checks . + # hack - reuse actions/setup-node@v4 just to set a new registry + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - # - run: pnpm publish --no-git-checks . - # env: - # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - run: pnpm publish --no-git-checks . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: "Update Doc" uses: peter-evans/repository-dispatch@v2 with: diff --git a/.github/workflows/blake3-wasm-publish.yml b/.github/workflows/blake3-wasm-publish.yml index 30018ffda8..0b994c9147 100644 --- a/.github/workflows/blake3-wasm-publish.yml +++ b/.github/workflows/blake3-wasm-publish.yml @@ -19,11 +19,16 @@ defaults: run: working-directory: packages/blake3-wasm +permissions: + contents: write + id-token: write + packages: write + jobs: version_and_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: # Needed to push the tag and the commit on the main branch, otherwise we get: # > Run git push --follow-tags @@ -31,14 +36,12 @@ jobs: # remote: error: Changes must be made through a pull request. Required status check "lint" is expected. token: ${{ secrets.BOT_ACCESS_TOKEN }} - run: npm install -g corepack@latest && corepack enable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" cache: "pnpm" cache-dependency-path: | packages/blake3-wasm/pnpm-lock.yaml - # setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED - registry-url: "https://registry.npmjs.org" - run: pnpm install - run: git config --global user.name machineuser - run: git config --global user.email infra+machineuser@huggingface.co @@ -49,16 +52,16 @@ jobs: node -e "const fs = require('fs'); const package = JSON.parse(fs.readFileSync('./package.json')); package.version = '$BUMPED_VERSION'; fs.writeFileSync('./package.json', JSON.stringify(package, null, '\t') + '\n');" git commit . -m "🔖 @huggingface/blake3-wasm $BUMPED_VERSION" git tag "blake3-wasm-v$BUMPED_VERSION" - - run: pnpm publish --no-git-checks . - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + - run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags) - # hack - reuse actions/setup-node@v3 just to set a new registry - - uses: actions/setup-node@v3 + + - run: pnpm publish --no-git-checks . + # hack - reuse actions/setup-node@v4 just to set a new registry + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - # - run: pnpm publish --no-git-checks . - # env: - # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - run: pnpm publish --no-git-checks . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/blob-publish.yml b/.github/workflows/blob-publish.yml index 2409e581a7..866b240aaf 100644 --- a/.github/workflows/blob-publish.yml +++ b/.github/workflows/blob-publish.yml @@ -19,11 +19,16 @@ defaults: run: working-directory: packages/blob +permissions: + contents: write + id-token: write + packages: write + jobs: version_and_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: # Needed to push the tag and the commit on the main branch, otherwise we get: # > Run git push --follow-tags @@ -31,14 +36,12 @@ jobs: # remote: error: Changes must be made through a pull request. Required status check "lint" is expected. token: ${{ secrets.BOT_ACCESS_TOKEN }} - run: npm install -g corepack@latest && corepack enable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" cache: "pnpm" cache-dependency-path: | packages/blob/pnpm-lock.yaml - # setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED - registry-url: "https://registry.npmjs.org" - run: pnpm install - run: git config --global user.name machineuser - run: git config --global user.email infra+machineuser@huggingface.co @@ -50,19 +53,18 @@ jobs: git commit . -m "🔖 @huggingface/blob $BUMPED_VERSION" git tag "blob-v$BUMPED_VERSION" - - run: pnpm publish --no-git-checks . - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags) - # hack - reuse actions/setup-node@v3 just to set a new registry - - uses: actions/setup-node@v3 + + - run: pnpm publish --no-git-checks . + # hack - reuse actions/setup-node@v4 just to set a new registry + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - # - run: pnpm publish --no-git-checks . - # env: - # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - run: pnpm publish --no-git-checks . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: "Update Doc" uses: peter-evans/repository-dispatch@v2 with: diff --git a/.github/workflows/dduf-publish.yml b/.github/workflows/dduf-publish.yml index e07f99240f..1ac61a34e5 100644 --- a/.github/workflows/dduf-publish.yml +++ b/.github/workflows/dduf-publish.yml @@ -19,11 +19,16 @@ defaults: run: working-directory: packages/dduf +permissions: + contents: write + id-token: write + packages: write + jobs: version_and_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: # Needed to push the tag and the commit on the main branch, otherwise we get: # > Run git push --follow-tags @@ -31,14 +36,12 @@ jobs: # remote: error: Changes must be made through a pull request. Required status check "lint" is expected. token: ${{ secrets.BOT_ACCESS_TOKEN }} - run: npm install -g corepack@latest && corepack enable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" cache: "pnpm" cache-dependency-path: | packages/dduf/pnpm-lock.yaml - # setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED - registry-url: "https://registry.npmjs.org" - run: pnpm install - run: git config --global user.name machineuser - run: git config --global user.email infra+machineuser@huggingface.co @@ -53,19 +56,18 @@ jobs: - name: "Check Deps are published before publishing this package" run: pnpm -w check-deps blob - - run: pnpm publish --no-git-checks . - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags) - # hack - reuse actions/setup-node@v3 just to set a new registry - - uses: actions/setup-node@v3 + + - run: pnpm publish --no-git-checks . + # hack - reuse actions/setup-node@v4 just to set a new registry + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - # - run: pnpm publish --no-git-checks . - # env: - # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - run: pnpm publish --no-git-checks . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: "Update Doc" uses: peter-evans/repository-dispatch@v2 with: diff --git a/.github/workflows/gearhash-wasm-publish.yml b/.github/workflows/gearhash-wasm-publish.yml index 4070718785..7629d788ee 100644 --- a/.github/workflows/gearhash-wasm-publish.yml +++ b/.github/workflows/gearhash-wasm-publish.yml @@ -19,11 +19,16 @@ defaults: run: working-directory: packages/gearhash-wasm +permissions: + contents: write + id-token: write + packages: write + jobs: version_and_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: # Needed to push the tag and the commit on the main branch, otherwise we get: # > Run git push --follow-tags @@ -31,14 +36,12 @@ jobs: # remote: error: Changes must be made through a pull request. Required status check "lint" is expected. token: ${{ secrets.BOT_ACCESS_TOKEN }} - run: npm install -g corepack@latest && corepack enable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" cache: "pnpm" cache-dependency-path: | packages/gearhash-wasm/pnpm-lock.yaml - # setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED - registry-url: "https://registry.npmjs.org" - run: pnpm install - run: git config --global user.name machineuser - run: git config --global user.email infra+machineuser@huggingface.co @@ -49,16 +52,16 @@ jobs: node -e "const fs = require('fs'); const package = JSON.parse(fs.readFileSync('./package.json')); package.version = '$BUMPED_VERSION'; fs.writeFileSync('./package.json', JSON.stringify(package, null, '\t') + '\n');" git commit . -m "🔖 @huggingface/gearhash-wasm $BUMPED_VERSION" git tag "gearhash-wasm-v$BUMPED_VERSION" - - run: pnpm publish --no-git-checks . - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + - run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags) - # hack - reuse actions/setup-node@v3 just to set a new registry - - uses: actions/setup-node@v3 + + - run: pnpm publish --no-git-checks . + # hack - reuse actions/setup-node@v4 just to set a new registry + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - # - run: pnpm publish --no-git-checks . - # env: - # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - run: pnpm publish --no-git-checks . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/gguf-publish.yml b/.github/workflows/gguf-publish.yml index b69ee291ea..067ed163a7 100644 --- a/.github/workflows/gguf-publish.yml +++ b/.github/workflows/gguf-publish.yml @@ -23,11 +23,16 @@ defaults: run: working-directory: packages/gguf +permissions: + contents: write + id-token: write + packages: write + jobs: version_and_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: # Needed to push the tag and the commit on the main branch, otherwise we get: # > Run git push --follow-tags @@ -35,14 +40,12 @@ jobs: # remote: error: Changes must be made through a pull request. Required status check "lint" is expected. token: ${{ secrets.BOT_ACCESS_TOKEN }} - run: npm install -g corepack@latest && corepack enable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" cache: "pnpm" cache-dependency-path: | packages/gguf/pnpm-lock.yaml - # setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED - registry-url: "https://registry.npmjs.org" - run: pnpm install - run: git config --global user.name machineuser - run: git config --global user.email infra+machineuser@huggingface.co @@ -58,16 +61,15 @@ jobs: name: "Check Deps are published before publishing this package" run: pnpm -w check-deps tasks - - run: pnpm publish --no-git-checks . - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags) - # hack - reuse actions/setup-node@v3 just to set a new registry - - uses: actions/setup-node@v3 + + - run: pnpm publish --no-git-checks . + # hack - reuse actions/setup-node@v4 just to set a new registry + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - # - run: pnpm publish --no-git-checks . - # env: - # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - run: pnpm publish --no-git-checks . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/hub-publish.yml b/.github/workflows/hub-publish.yml index 8e53d90432..5026bb01c8 100644 --- a/.github/workflows/hub-publish.yml +++ b/.github/workflows/hub-publish.yml @@ -74,7 +74,6 @@ jobs: node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - run: pnpm publish --no-git-checks . env: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/inference-publish.yml b/.github/workflows/inference-publish.yml index f255077599..73ef927de6 100644 --- a/.github/workflows/inference-publish.yml +++ b/.github/workflows/inference-publish.yml @@ -23,11 +23,16 @@ defaults: run: working-directory: packages/inference +permissions: + contents: write + id-token: write + packages: write + jobs: version_and_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: # Needed to push the tag and the commit on the main branch, otherwise we get: # > Run git push --follow-tags @@ -35,15 +40,13 @@ jobs: # remote: error: Changes must be made through a pull request. Required status check "lint" is expected. token: ${{ secrets.BOT_ACCESS_TOKEN }} - run: npm install -g corepack@latest && corepack enable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" cache: "pnpm" cache-dependency-path: | packages/inference/pnpm-lock.yaml packages/doc-internal/pnpm-lock.yaml - # setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED - registry-url: "https://registry.npmjs.org" - run: pnpm install - run: git config --global user.name machineuser - run: git config --global user.email infra+machineuser@huggingface.co @@ -62,16 +65,15 @@ jobs: name: "Check Deps are published before publishing this package" run: pnpm -w check-deps tasks - - run: pnpm publish --no-git-checks . - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags) - # hack - reuse actions/setup-node@v3 just to set a new registry - - uses: actions/setup-node@v3 + + - run: pnpm publish --no-git-checks . + # hack - reuse actions/setup-node@v4 just to set a new registry + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - # - run: pnpm publish --no-git-checks . - # env: - # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - run: pnpm publish --no-git-checks . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/jinja-publish.yml b/.github/workflows/jinja-publish.yml index 4116d462a6..28569e780a 100644 --- a/.github/workflows/jinja-publish.yml +++ b/.github/workflows/jinja-publish.yml @@ -19,11 +19,16 @@ defaults: run: working-directory: packages/jinja +permissions: + contents: write + id-token: write + packages: write + jobs: version_and_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: # Needed to push the tag and the commit on the main branch, otherwise we get: # > Run git push --follow-tags @@ -31,14 +36,12 @@ jobs: # remote: error: Changes must be made through a pull request. Required status check "lint" is expected. token: ${{ secrets.BOT_ACCESS_TOKEN }} - run: npm install -g corepack@latest && corepack enable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" cache: "pnpm" cache-dependency-path: | packages/jinja/pnpm-lock.yaml - # setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED - registry-url: "https://registry.npmjs.org" - run: pnpm install - run: git config --global user.name machineuser - run: git config --global user.email infra+machineuser@huggingface.co @@ -49,16 +52,16 @@ jobs: node -e "const fs = require('fs'); const package = JSON.parse(fs.readFileSync('./package.json')); package.version = '$BUMPED_VERSION'; fs.writeFileSync('./package.json', JSON.stringify(package, null, '\t') + '\n');" git commit . -m "🔖 @huggingface/jinja $BUMPED_VERSION" git tag "jinja-v$BUMPED_VERSION" - - run: pnpm publish --no-git-checks . - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + - run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags) - # hack - reuse actions/setup-node@v3 just to set a new registry - - uses: actions/setup-node@v3 + + - run: pnpm publish --no-git-checks . + # hack - reuse actions/setup-node@v4 just to set a new registry + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - # - run: pnpm publish --no-git-checks . - # env: - # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - run: pnpm publish --no-git-checks . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/languages-publish.yml b/.github/workflows/languages-publish.yml index 3988c51c94..1b8b650941 100644 --- a/.github/workflows/languages-publish.yml +++ b/.github/workflows/languages-publish.yml @@ -19,11 +19,16 @@ defaults: run: working-directory: packages/languages +permissions: + contents: write + id-token: write + packages: write + jobs: version_and_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: # Needed to push the tag and the commit on the main branch, otherwise we get: # > Run git push --follow-tags @@ -31,14 +36,12 @@ jobs: # remote: error: Changes must be made through a pull request. Required status check "lint" is expected. token: ${{ secrets.BOT_ACCESS_TOKEN }} - run: npm install -g corepack@latest && corepack enable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" cache: "pnpm" cache-dependency-path: | packages/languages/pnpm-lock.yaml - # setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED - registry-url: "https://registry.npmjs.org" - run: pnpm install - run: git config --global user.name machineuser - run: git config --global user.email infra+machineuser@huggingface.co @@ -49,16 +52,16 @@ jobs: node -e "const fs = require('fs'); const package = JSON.parse(fs.readFileSync('./package.json')); package.version = '$BUMPED_VERSION'; fs.writeFileSync('./package.json', JSON.stringify(package, null, '\t') + '\n');" git commit . -m "🔖 @huggingface/languages $BUMPED_VERSION" git tag "languages-v$BUMPED_VERSION" - - run: pnpm publish --no-git-checks . - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + - run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags) - # hack - reuse actions/setup-node@v3 just to set a new registry - - uses: actions/setup-node@v3 + + - run: pnpm publish --no-git-checks . + # hack - reuse actions/setup-node@v4 just to set a new registry + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - # - run: pnpm publish --no-git-checks . - # env: - # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - run: pnpm publish --no-git-checks . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/mcp-client-publish.yml b/.github/workflows/mcp-client-publish.yml index 5066b6185f..8e809d3e7c 100644 --- a/.github/workflows/mcp-client-publish.yml +++ b/.github/workflows/mcp-client-publish.yml @@ -23,22 +23,26 @@ defaults: run: working-directory: packages/mcp-client +permissions: + contents: write + id-token: write + packages: write + jobs: version_and_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: token: ${{ secrets.BOT_ACCESS_TOKEN }} - run: npm install -g corepack@latest && corepack enable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" cache: "pnpm" cache-dependency-path: | packages/mcp-client/pnpm-lock.yaml packages/doc-internal/pnpm-lock.yaml - registry-url: "https://registry.npmjs.org" - run: pnpm install - run: git config --global user.name machineuser - run: git config --global user.email infra+machineuser@huggingface.co @@ -57,19 +61,18 @@ jobs: name: "Check Deps are published before publishing this package" run: pnpm -w check-deps inference && pnpm -w check-deps tasks - - run: pnpm publish --no-git-checks . - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags) - # hack - reuse actions/setup-node@v3 just to set a new registry - - uses: actions/setup-node@v3 + + - run: pnpm publish --no-git-checks . + # hack - reuse actions/setup-node@v4 just to set a new registry + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - # - run: pnpm publish --no-git-checks . - # env: - # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - run: pnpm publish --no-git-checks . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: "Update Doc" uses: peter-evans/repository-dispatch@v2 with: diff --git a/.github/workflows/ollama-utils-publish.yml b/.github/workflows/ollama-utils-publish.yml index 705b433419..f65d386dce 100644 --- a/.github/workflows/ollama-utils-publish.yml +++ b/.github/workflows/ollama-utils-publish.yml @@ -19,11 +19,16 @@ defaults: run: working-directory: packages/ollama-utils +permissions: + contents: write + id-token: write + packages: write + jobs: version_and_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: # Needed to push the tag and the commit on the main branch, otherwise we get: # > Run git push --follow-tags @@ -31,14 +36,12 @@ jobs: # remote: error: Changes must be made through a pull request. Required status check "lint" is expected. token: ${{ secrets.BOT_ACCESS_TOKEN }} - run: npm install -g corepack@latest && corepack enable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" cache: "pnpm" cache-dependency-path: | packages/ollama-utils/pnpm-lock.yaml - # setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED - registry-url: "https://registry.npmjs.org" - run: pnpm install - run: git config --global user.name machineuser - run: git config --global user.email infra+machineuser@huggingface.co @@ -53,16 +56,15 @@ jobs: - name: "Check Deps are published before publishing this package" run: pnpm -w check-deps tasks - - run: pnpm publish --no-git-checks . - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags) - # hack - reuse actions/setup-node@v3 just to set a new registry - - uses: actions/setup-node@v3 + + - run: pnpm publish --no-git-checks . + # hack - reuse actions/setup-node@v4 just to set a new registry + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - # - run: pnpm publish --no-git-checks . - # env: - # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - run: pnpm publish --no-git-checks . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/space-header-publish.yml b/.github/workflows/space-header-publish.yml index 02a5cfa852..3e368f325f 100644 --- a/.github/workflows/space-header-publish.yml +++ b/.github/workflows/space-header-publish.yml @@ -19,11 +19,16 @@ defaults: run: working-directory: packages/space-header +permissions: + contents: write + id-token: write + packages: write + jobs: version_and_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: # Needed to push the tag and the commit on the main branch, otherwise we get: # > Run git push --follow-tags @@ -31,14 +36,12 @@ jobs: # remote: error: Changes must be made through a pull request. Required status check "lint" is expected. token: ${{ secrets.BOT_ACCESS_TOKEN }} - run: npm install -g corepack@latest && corepack enable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" cache: "pnpm" cache-dependency-path: | packages/space-header/pnpm-lock.yaml - # setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED - registry-url: "https://registry.npmjs.org" - run: pnpm install - run: git config --global user.name machineuser - run: git config --global user.email infra+machineuser@huggingface.co @@ -49,19 +52,19 @@ jobs: node -e "const fs = require('fs'); const package = JSON.parse(fs.readFileSync('./package.json')); package.version = '$BUMPED_VERSION'; fs.writeFileSync('./package.json', JSON.stringify(package, null, '\t') + '\n');" git commit . -m "🔖 @huggingface/space-header $BUMPED_VERSION" git tag "space-header-v$BUMPED_VERSION" - - run: pnpm publish --no-git-checks . - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + - run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags) - # hack - reuse actions/setup-node@v3 just to set a new registry - - uses: actions/setup-node@v3 + + - run: pnpm publish --no-git-checks . + # hack - reuse actions/setup-node@v4 just to set a new registry + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - # - run: pnpm publish --no-git-checks . - # env: - # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - run: pnpm publish --no-git-checks . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: "Update Doc" uses: peter-evans/repository-dispatch@v2 with: diff --git a/.github/workflows/splitmix64-wasm-publish.yml b/.github/workflows/splitmix64-wasm-publish.yml index f35f7c0a5b..1d9f742c70 100644 --- a/.github/workflows/splitmix64-wasm-publish.yml +++ b/.github/workflows/splitmix64-wasm-publish.yml @@ -19,11 +19,16 @@ defaults: run: working-directory: packages/splitmix64-wasm +permissions: + contents: write + id-token: write + packages: write + jobs: version_and_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: # Needed to push the tag and the commit on the main branch, otherwise we get: # > Run git push --follow-tags @@ -31,14 +36,12 @@ jobs: # remote: error: Changes must be made through a pull request. Required status check "lint" is expected. token: ${{ secrets.BOT_ACCESS_TOKEN }} - run: npm install -g corepack@latest && corepack enable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" cache: "pnpm" cache-dependency-path: | packages/splitmix64-wasm/pnpm-lock.yaml - # setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED - registry-url: "https://registry.npmjs.org" - run: pnpm install - run: git config --global user.name machineuser - run: git config --global user.email infra+machineuser@huggingface.co @@ -49,16 +52,16 @@ jobs: node -e "const fs = require('fs'); const package = JSON.parse(fs.readFileSync('./package.json')); package.version = '$BUMPED_VERSION'; fs.writeFileSync('./package.json', JSON.stringify(package, null, '\t') + '\n');" git commit . -m "🔖 @huggingface/splitmix64-wasm $BUMPED_VERSION" git tag "splitmix64-wasm-v$BUMPED_VERSION" - - run: pnpm publish --no-git-checks . - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + - run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags) - # hack - reuse actions/setup-node@v3 just to set a new registry - - uses: actions/setup-node@v3 + + - run: pnpm publish --no-git-checks . + # hack - reuse actions/setup-node@v4 just to set a new registry + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - # - run: pnpm publish --no-git-checks . - # env: - # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - run: pnpm publish --no-git-checks . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/tasks-publish.yml b/.github/workflows/tasks-publish.yml index ef8dc7e99f..d90bb4d9e9 100644 --- a/.github/workflows/tasks-publish.yml +++ b/.github/workflows/tasks-publish.yml @@ -19,11 +19,16 @@ defaults: run: working-directory: packages/tasks +permissions: + contents: write + id-token: write + packages: write + jobs: version_and_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: # Needed to push the tag and the commit on the main branch, otherwise we get: # > Run git push --follow-tags @@ -31,14 +36,12 @@ jobs: # remote: error: Changes must be made through a pull request. Required status check "lint" is expected. token: ${{ secrets.BOT_ACCESS_TOKEN }} - run: npm install -g corepack@latest && corepack enable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" cache: "pnpm" cache-dependency-path: | packages/tasks/pnpm-lock.yaml - # setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED - registry-url: "https://registry.npmjs.org" - run: pnpm install - run: git config --global user.name machineuser - run: git config --global user.email infra+machineuser@huggingface.co @@ -50,19 +53,18 @@ jobs: git commit . -m "🔖 @huggingface/tasks $BUMPED_VERSION" git tag "tasks-v$BUMPED_VERSION" - - run: pnpm publish --no-git-checks . - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags) - # hack - reuse actions/setup-node@v3 just to set a new registry - - uses: actions/setup-node@v3 + + - run: pnpm publish --no-git-checks . + # hack - reuse actions/setup-node@v4 just to set a new registry + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - # - run: pnpm publish --no-git-checks . - # env: - # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - run: pnpm publish --no-git-checks . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: "Update Doc" uses: peter-evans/repository-dispatch@v2 with: diff --git a/.github/workflows/tiny-agents-publish.yml b/.github/workflows/tiny-agents-publish.yml index 2a55acde7e..70382189d7 100644 --- a/.github/workflows/tiny-agents-publish.yml +++ b/.github/workflows/tiny-agents-publish.yml @@ -23,22 +23,26 @@ defaults: run: working-directory: packages/tiny-agents +permissions: + contents: write + id-token: write + packages: write + jobs: version_and_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: token: ${{ secrets.BOT_ACCESS_TOKEN }} - run: npm install -g corepack@latest && corepack enable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" cache: "pnpm" cache-dependency-path: | packages/tiny-agents/pnpm-lock.yaml packages/doc-internal/pnpm-lock.yaml - registry-url: "https://registry.npmjs.org" - run: pnpm install - run: git config --global user.name machineuser - run: git config --global user.email infra+machineuser@huggingface.co @@ -57,19 +61,18 @@ jobs: name: "Check Deps are published before publishing this package" run: pnpm -w check-deps inference && pnpm -w check-deps tasks # Review if these specific deps apply to tiny-agents - - run: pnpm publish --no-git-checks . - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags) - # hack - reuse actions/setup-node@v3 just to set a new registry - - uses: actions/setup-node@v3 + + - run: pnpm publish --no-git-checks . + # hack - reuse actions/setup-node@v4 just to set a new registry + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - # - run: pnpm publish --no-git-checks . - # env: - # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - run: pnpm publish --no-git-checks . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: "Update Doc" uses: peter-evans/repository-dispatch@v2 with: diff --git a/.github/workflows/xetchunk-wasm-publish.yml b/.github/workflows/xetchunk-wasm-publish.yml index d56da18b9c..e5061b9223 100644 --- a/.github/workflows/xetchunk-wasm-publish.yml +++ b/.github/workflows/xetchunk-wasm-publish.yml @@ -19,11 +19,16 @@ defaults: run: working-directory: packages/xetchunk-wasm +permissions: + contents: write + id-token: write + packages: write + jobs: version_and_release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: # Needed to push the tag and the commit on the main branch, otherwise we get: # > Run git push --follow-tags @@ -31,14 +36,12 @@ jobs: # remote: error: Changes must be made through a pull request. Required status check "lint" is expected. token: ${{ secrets.BOT_ACCESS_TOKEN }} - run: npm install -g corepack@latest && corepack enable - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" cache: "pnpm" cache-dependency-path: | packages/xetchunk-wasm/pnpm-lock.yaml - # setting a registry enables the NODE_AUTH_TOKEN env variable where we can set an npm token. REQUIRED - registry-url: "https://registry.npmjs.org" - run: pnpm install - run: git config --global user.name machineuser - run: git config --global user.email infra+machineuser@huggingface.co @@ -49,16 +52,16 @@ jobs: node -e "const fs = require('fs'); const package = JSON.parse(fs.readFileSync('./package.json')); package.version = '$BUMPED_VERSION'; fs.writeFileSync('./package.json', JSON.stringify(package, null, '\t') + '\n');" git commit . -m "🔖 @huggingface/xetchunk-wasm $BUMPED_VERSION" git tag "xetchunk-wasm-v$BUMPED_VERSION" - - run: pnpm publish --no-git-checks . - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + - run: (git pull --rebase && git push --follow-tags) || (git pull --rebase && git push --follow-tags) - # hack - reuse actions/setup-node@v3 just to set a new registry - - uses: actions/setup-node@v3 + + - run: pnpm publish --no-git-checks . + # hack - reuse actions/setup-node@v4 just to set a new registry + - uses: actions/setup-node@v4 with: - node-version: "20" + node-version: "24" registry-url: "https://npm.pkg.github.com" - # Disable for now, until github supports PATs for writing github packages (https://github.com/github/roadmap/issues/558) - # - run: pnpm publish --no-git-checks . - # env: - # NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - run: pnpm publish --no-git-checks . + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}