iExecBlockchainComputing
diff --git a/‎.github/workflows/deserializer-publish-npm.yml‎
Lines changed: 39 additions & 43 deletions b/‎.github/workflows/deserializer-publish-npm.yml‎
Lines changed: 39 additions & 43 deletions
diff --git a/‎.github/workflows/sdk-publish-npm-latest.yml‎
Lines changed: 0 additions & 23 deletions b/‎.github/workflows/sdk-publish-npm-latest.yml‎
Lines changed: 0 additions & 23 deletions
diff --git a/‎.github/workflows/sdk-publish-npm-staging.yml‎
Lines changed: 0 additions & 44 deletions b/‎.github/workflows/sdk-publish-npm-staging.yml‎
Lines changed: 0 additions & 44 deletions
diff --git a/‎.github/workflows/sdk-publish-npm.yml‎
Lines changed: 64 additions & 0 deletions b/‎.github/workflows/sdk-publish-npm.yml‎
Lines changed: 64 additions & 0 deletions
@@ -1,63 +1,59 @@
+# ⚠️ THIS WORKFLOW IS THE TRUSTED PUBLISHER CONFIGURED ON NPMJS.COM, DO NOT RENAME OR DELETE THIS FILE ⚠️
 name: Deserializer - Publish NPM Package
 
 on:
+  # For staging releases
   workflow_dispatch:
-    inputs:
-      tag:
-        description: 'NPM tag to publish (latest or nightly)'
-        required: true
-        type: choice
-        options:
-          - latest
-          - nightly
-          - beta
-        default: nightly
+  # For latest releases
+  release:
+    types: [published]
+
+permissions:
+  id-token: write # Required for OIDC
+  packages: write
+  contents: read
 
 jobs:
-  set-publish-version:
-    # Run only on main branch
-    if: github.ref == 'refs/heads/main'
+  set-staging-version:
+    # Only run for manual dispatch on main branch
+    if: ${{ github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main' }}
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Set up Node.js
         uses: actions/setup-node@v4
       - name: Set publish version
-        id: set-publish-version
-        if: github.event.inputs.tag == 'nightly'
+        id: set-staging-version
         working-directory: packages/dataprotector-deserializer
         run: |
-          if [ "${{ github.event.inputs.tag }}" == "nightly" ]; then
-            CURRENT_VERSION=$(npm pkg get version | tr -d '"')
-            NIGHTLY_VERSION="${CURRENT_VERSION}-nightly-${GITHUB_SHA::7}"
-            echo "VERSION=${NIGHTLY_VERSION}" >> $GITHUB_OUTPUT
-          else
-            echo "VERSION=$(npm pkg get version | tr -d '"')" >> $GITHUB_OUTPUT
-          fi
+          CURRENT_VERSION=$(npm pkg get version | tr -d '"')
+          NIGHTLY_VERSION="${CURRENT_VERSION}-nightly-${GITHUB_SHA::7}"
+          echo "VERSION=${NIGHTLY_VERSION}" >> $GITHUB_OUTPUT
     outputs:
-      VERSION: ${{ steps.set-publish-version.outputs.VERSION }}
+      VERSION: ${{ steps.set-staging-version.outputs.VERSION }}
+
+  publish-npm-staging:
+    # Only run for manual dispatch on main branch
+    if: ${{ github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main' }}
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/[email protected]
+    needs: set-staging-version
+    with:
+      scope: '@iexec/dataprotector-deserializer'
+      registry: 'https://registry.npmjs.org'
+      node-version: '20'
+      environment: 'staging'
+      working-directory: packages/dataprotector-deserializer
+      tag: 'nightly'
+      version: ${{ needs.set-staging-version.outputs.VERSION }}
 
-  publish-npm:
-    # Run only on main branch
-    if: github.ref == 'refs/heads/main'
-    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/[email protected]
-    needs: set-publish-version
+  publish-npm-latest:
+    # # Only run for release published with tag "dataprotector-deserializer-v*"
+    if: ${{ github.event_name == 'release' && startsWith(github.ref_name,'dataprotector-deserializer-v') }}
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/[email protected]
     with:
-      scope: '@iexec/deserializer'
+      scope: '@iexec/dataprotector-deserializer'
       registry: 'https://registry.npmjs.org'
-      node-version: '18'
-      tag: ${{ github.event.inputs.tag }}
-      environment: production
+      node-version: '20'
       working-directory: packages/dataprotector-deserializer
-      version: ${{ needs.set-publish-version.outputs.VERSION }}
-      install-command: |
-        npm ci
-        cd ../sdk
-        npm ci
-        npm run codegen
-        npm run build
-        cd ../dataprotector-deserializer
-        npm run test:prepare
-    secrets:
-      npm-token: ${{ secrets.NPM_TOKEN }}
+      tag: 'latest'
@@ -0,0 +1,64 @@
+# ⚠️ THIS WORKFLOW IS THE TRUSTED PUBLISHER CONFIGURED ON NPMJS.COM, DO NOT RENAME OR DELETE THIS FILE ⚠️name: SDK - Publish NPM
+
+on:
+  # For staging releases
+  workflow_dispatch:
+  # For latest releases
+  release:
+    types: [published]
+
+permissions:
+  id-token: write # Required for OIDC
+  packages: write
+  contents: read
+
+jobs:
+  set-staging-version:
+    # Only run for manual dispatch on main branch
+    if: ${{ github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+      - name: Set publish version
+        id: set-staging-version
+        working-directory: packages/sdk
+        run: |
+          CURRENT_VERSION=$(npm pkg get version | tr -d '"')
+          NIGHTLY_VERSION="${CURRENT_VERSION}-nightly-${GITHUB_SHA::7}"
+          echo "VERSION=${NIGHTLY_VERSION}" >> $GITHUB_OUTPUT
+    outputs:
+      VERSION: ${{ steps.set-staging-version.outputs.VERSION }}
+
+  publish-npm-staging:
+    # Only run for manual dispatch on main branch
+    if: ${{ github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/main' }}
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/[email protected]
+    needs: set-staging-version
+    with:
+      scope: '@iexec/dataprotector'
+      registry: 'https://registry.npmjs.org'
+      node-version: '18'
+      environment: 'staging'
+      working-directory: packages/sdk
+      tag: 'nightly'
+      version: ${{ needs.set-staging-version.outputs.VERSION }}
+      install-command: |
+        npm ci
+        npm run codegen
+
+  publish-npm-latest:
+    # # Only run for release published with tag "dataprotector-v*"
+    if: ${{ github.event_name == 'release' && startsWith(github.ref_name,'dataprotector-v') }}
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/[email protected]
+    with:
+      scope: '@iexec/dataprotector'
+      registry: 'https://registry.npmjs.org'
+      node-version: '18'
+      working-directory: packages/sdk
+      tag: 'latest'
+      install-command: |
+        npm ci
+        npm run codegen