From 604b601073590797c999f047a95a708f8ab29cdb Mon Sep 17 00:00:00 2001 From: Lusa Zhan Date: Thu, 2 Apr 2026 17:50:59 +0000 Subject: [PATCH 01/16] chore: set up npm trusted publishing --- .github/workflows/publish.yml | 7 ++++--- package.json | 5 ++++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 368de92e8f52..0437a1c19aea 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -36,6 +36,9 @@ jobs: github.event_name != 'schedule' || (github.repository == 'GoogleChrome/lighthouse' && ${{ needs.check_date.outputs.should_run != 'false' }}) runs-on: ubuntu-latest + permissions: + id-token: write + contents: read steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 @@ -49,9 +52,7 @@ jobs: - name: Publish to npm run: | - npm whoami bash $GITHUB_WORKSPACE/.github/scripts/bump-nightly-version.sh - npm publish --tag next + npm publish --provenance --tag next env: - NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} CI: true diff --git a/package.json b/package.json index 15307be4933c..5a32e7000185 100644 --- a/package.json +++ b/package.json @@ -213,7 +213,10 @@ "puppeteer/**/devtools-protocol": "0.0.1527314", "puppeteer-core/**/devtools-protocol": "0.0.1527314" }, - "repository": "GoogleChrome/lighthouse", + "repository": { + "type": "git", + "url": "https://github.com/GoogleChrome/lighthouse" + }, "keywords": [ "google", "chrome", From ad8a73590765bb4ec88aad8af71063a035ca5d89 Mon Sep 17 00:00:00 2001 From: Lusa Zhan Date: Thu, 2 Apr 2026 17:58:35 +0000 Subject: [PATCH 02/16] chore: upgrade npm in publish workflow --- .github/workflows/publish.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0437a1c19aea..f7866f9c4ba5 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -52,6 +52,7 @@ jobs: - name: Publish to npm run: | + npm install -g npm@latest bash $GITHUB_WORKSPACE/.github/scripts/bump-nightly-version.sh npm publish --provenance --tag next env: From 735b4882a3dcfc1d263c0cabdd2d4bd659d23851 Mon Sep 17 00:00:00 2001 From: Lusa Zhan Date: Thu, 2 Apr 2026 17:59:56 +0000 Subject: [PATCH 03/16] chore: add explicit flags to npm publish --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f7866f9c4ba5..44b6eb886c0e 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -54,6 +54,6 @@ jobs: run: | npm install -g npm@latest bash $GITHUB_WORKSPACE/.github/scripts/bump-nightly-version.sh - npm publish --provenance --tag next + npm publish --provenance --access public --registry https://registry.npmjs.org/ --tag next env: CI: true From 62ec0b416a14efe27ee3f6146e7fd0a87fe4e522 Mon Sep 17 00:00:00 2001 From: Lusa Zhan <101276749+lusayaa@users.noreply.github.com> Date: Thu, 2 Apr 2026 14:28:02 -0400 Subject: [PATCH 04/16] test dryrun --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 44b6eb886c0e..dc815571c5e2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -54,6 +54,6 @@ jobs: run: | npm install -g npm@latest bash $GITHUB_WORKSPACE/.github/scripts/bump-nightly-version.sh - npm publish --provenance --access public --registry https://registry.npmjs.org/ --tag next + npm publish --provenance --access public --registry https://registry.npmjs.org/ --tag next --dry-run env: CI: true From b246f7ece93d7e9341f642049c1159fa9b7b9ac1 Mon Sep 17 00:00:00 2001 From: Lusa Zhan Date: Fri, 3 Apr 2026 01:29:55 +0000 Subject: [PATCH 05/16] chore: revert publish.yml and add release.yml with dry-run --- .github/workflows/publish.yml | 8 +++----- .github/workflows/release.yml | 36 +++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 44b6eb886c0e..368de92e8f52 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -36,9 +36,6 @@ jobs: github.event_name != 'schedule' || (github.repository == 'GoogleChrome/lighthouse' && ${{ needs.check_date.outputs.should_run != 'false' }}) runs-on: ubuntu-latest - permissions: - id-token: write - contents: read steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 @@ -52,8 +49,9 @@ jobs: - name: Publish to npm run: | - npm install -g npm@latest + npm whoami bash $GITHUB_WORKSPACE/.github/scripts/bump-nightly-version.sh - npm publish --provenance --access public --registry https://registry.npmjs.org/ --tag next + npm publish --tag next env: + NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} CI: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000000..675e2480efaa --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,36 @@ +name: Release to npm +on: + workflow_dispatch: {} + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: '22.19' + - run: yarn --frozen-lockfile + - run: yarn test + + publish: + needs: test + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: '22.19' + registry-url: https://registry.npmjs.org/ + - run: yarn --frozen-lockfile + # Build report bundles needed for publishing. + - run: yarn build-report + - name: Publish to npm + run: | + npm install -g npm@latest + npm publish --provenance --access public --registry https://registry.npmjs.org/ + env: + CI: true From 8f349a45ed4cdcfa5a46a3346d3dd41572499f2d Mon Sep 17 00:00:00 2001 From: Lusa Zhan Date: Fri, 3 Apr 2026 01:38:03 +0000 Subject: [PATCH 06/16] add dry run flag --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 675e2480efaa..9356f384b1e1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -31,6 +31,6 @@ jobs: - name: Publish to npm run: | npm install -g npm@latest - npm publish --provenance --access public --registry https://registry.npmjs.org/ + npm publish --provenance --access public --registry https://registry.npmjs.org/ --dry-run env: CI: true From 35fe30a1583a7d0fcfe8de9027e3bda28768ec9f Mon Sep 17 00:00:00 2001 From: Lusa Zhan Date: Fri, 3 Apr 2026 01:55:06 +0000 Subject: [PATCH 07/16] chore: add permissions to test job in release.yml --- .github/workflows/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9356f384b1e1..8523e19478c5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,8 @@ on: jobs: test: runs-on: ubuntu-latest + permissions: + contents: read steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 From 4db85ae50e79ddfa73e562eb55844f91b2b875c4 Mon Sep 17 00:00:00 2001 From: Lusa Zhan Date: Fri, 3 Apr 2026 02:46:00 +0000 Subject: [PATCH 08/16] misc: rename workflow files to address review comments --- .github/workflows/publish-nightly.yml | 57 +++++++++++++++++++++++++++ .github/workflows/publish.yml | 51 +++++++----------------- .github/workflows/release.yml | 38 ------------------ 3 files changed, 72 insertions(+), 74 deletions(-) create mode 100644 .github/workflows/publish-nightly.yml delete mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/publish-nightly.yml b/.github/workflows/publish-nightly.yml new file mode 100644 index 000000000000..368de92e8f52 --- /dev/null +++ b/.github/workflows/publish-nightly.yml @@ -0,0 +1,57 @@ +name: Publish nightly +on: +# Recurring publish disabled as tokens were revoked https://github.com/orgs/community/discussions/179562 and this is not a big priority. +# schedule: +# - cron: '0 5 * * *' + workflow_dispatch: {} + +jobs: + check_date: + runs-on: ubuntu-latest + outputs: + should_run: ${{ steps.should_run.outputs.should_run }} + steps: + - uses: actions/checkout@v4 + - name: print latest_commit + run: echo ${{ github.sha }} + + - id: should_run + continue-on-error: true + if: ${{ github.event_name == 'schedule' }} + run: | + commit_count=$(git rev-list --count --after="1 day" ${{ github.sha }}) + + if [[ "$commit_count" -gt 0 ]]; then + echo "should_run=true" >> $GITHUB_OUTPUT + else + echo "should_run=false" >> $GITHUB_OUTPUT + fi + + publish: + # Prevent scheduled job from running if... + # 1) this is a fork + # 2) there has not been a change in the last day + needs: check_date + if: | + github.event_name != 'schedule' || + (github.repository == 'GoogleChrome/lighthouse' && ${{ needs.check_date.outputs.should_run != 'false' }}) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: '22.19' + registry-url: https://registry.npmjs.org/ + - run: yarn --frozen-lockfile + + # Build report bundles needed for publishing. + - run: yarn build-report + + - name: Publish to npm + run: | + npm whoami + bash $GITHUB_WORKSPACE/.github/scripts/bump-nightly-version.sh + npm publish --tag next + env: + NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} + CI: true diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 368de92e8f52..8a44d6ffcbbb 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,41 +1,26 @@ -name: Publish nightly +name: Publish on: -# Recurring publish disabled as tokens were revoked https://github.com/orgs/community/discussions/179562 and this is not a big priority. -# schedule: -# - cron: '0 5 * * *' workflow_dispatch: {} jobs: - check_date: + test: runs-on: ubuntu-latest - outputs: - should_run: ${{ steps.should_run.outputs.should_run }} + permissions: + contents: read steps: - uses: actions/checkout@v4 - - name: print latest_commit - run: echo ${{ github.sha }} - - - id: should_run - continue-on-error: true - if: ${{ github.event_name == 'schedule' }} - run: | - commit_count=$(git rev-list --count --after="1 day" ${{ github.sha }}) - - if [[ "$commit_count" -gt 0 ]]; then - echo "should_run=true" >> $GITHUB_OUTPUT - else - echo "should_run=false" >> $GITHUB_OUTPUT - fi + - uses: actions/setup-node@v4 + with: + node-version: '22.19' + - run: yarn --frozen-lockfile + - run: yarn test publish: - # Prevent scheduled job from running if... - # 1) this is a fork - # 2) there has not been a change in the last day - needs: check_date - if: | - github.event_name != 'schedule' || - (github.repository == 'GoogleChrome/lighthouse' && ${{ needs.check_date.outputs.should_run != 'false' }}) + needs: test runs-on: ubuntu-latest + permissions: + id-token: write + contents: read steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 @@ -43,15 +28,9 @@ jobs: node-version: '22.19' registry-url: https://registry.npmjs.org/ - run: yarn --frozen-lockfile - - # Build report bundles needed for publishing. - - run: yarn build-report - - name: Publish to npm run: | - npm whoami - bash $GITHUB_WORKSPACE/.github/scripts/bump-nightly-version.sh - npm publish --tag next + npm install -g npm@latest + npm publish --provenance --access public --registry https://registry.npmjs.org/ --dry-run env: - NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} CI: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 8523e19478c5..000000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Release to npm -on: - workflow_dispatch: {} - -jobs: - test: - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: '22.19' - - run: yarn --frozen-lockfile - - run: yarn test - - publish: - needs: test - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: '22.19' - registry-url: https://registry.npmjs.org/ - - run: yarn --frozen-lockfile - # Build report bundles needed for publishing. - - run: yarn build-report - - name: Publish to npm - run: | - npm install -g npm@latest - npm publish --provenance --access public --registry https://registry.npmjs.org/ --dry-run - env: - CI: true From 85a26bf9b0004c18a9aa7e82f755b92837a16bde Mon Sep 17 00:00:00 2001 From: Lusa Zhan Date: Fri, 3 Apr 2026 03:03:21 +0000 Subject: [PATCH 09/16] feat: trigger publish on tag push and add build-all step --- .github/workflows/publish.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 8a44d6ffcbbb..068d82da3724 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,6 +1,8 @@ name: Publish on: - workflow_dispatch: {} + push: + tags: + - 'v*' # Runs on pushing version tags jobs: test: @@ -28,6 +30,7 @@ jobs: node-version: '22.19' registry-url: https://registry.npmjs.org/ - run: yarn --frozen-lockfile + - run: yarn build-all - name: Publish to npm run: | npm install -g npm@latest From 304a26829882e9b84ad5b15aa4c32f017dded6ef Mon Sep 17 00:00:00 2001 From: Lusa Zhan Date: Fri, 3 Apr 2026 03:19:32 +0000 Subject: [PATCH 10/16] rename release.yml to publish.yml, move publish.yml to publish-nightly.yml --- .github/workflows/publish.yml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 068d82da3724..6aacea7f2e9f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -5,20 +5,7 @@ on: - 'v*' # Runs on pushing version tags jobs: - test: - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: '22.19' - - run: yarn --frozen-lockfile - - run: yarn test - publish: - needs: test runs-on: ubuntu-latest permissions: id-token: write From 5e0a57d06dd2ef0981d215007743e31ac5cf8791 Mon Sep 17 00:00:00 2001 From: Lusa Zhan Date: Fri, 3 Apr 2026 03:25:39 +0000 Subject: [PATCH 11/16] feat: add workflow_dispatch trigger to publish.yml --- .github/workflows/publish.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 6aacea7f2e9f..3300637d1dba 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -2,7 +2,8 @@ name: Publish on: push: tags: - - 'v*' # Runs on pushing version tags + - 'v*' + workflow_dispatch: {} # Runs on pushing version tags jobs: publish: From 7ff30c33970199e6c5fdc7c8ddea7cca0fc0b579 Mon Sep 17 00:00:00 2001 From: Lusa Zhan Date: Fri, 3 Apr 2026 03:26:36 +0000 Subject: [PATCH 12/16] chore: move permissions to top level in publish-nightly.yml --- .github/workflows/publish-nightly.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/publish-nightly.yml b/.github/workflows/publish-nightly.yml index 368de92e8f52..23370b4606cf 100644 --- a/.github/workflows/publish-nightly.yml +++ b/.github/workflows/publish-nightly.yml @@ -5,6 +5,9 @@ on: # - cron: '0 5 * * *' workflow_dispatch: {} +permissions: + contents: read + jobs: check_date: runs-on: ubuntu-latest From c774ac0865d92ee0df13546c3f89f33df8a64c1d Mon Sep 17 00:00:00 2001 From: Lusa Zhan Date: Fri, 3 Apr 2026 13:38:32 +0000 Subject: [PATCH 13/16] fix comment --- .github/workflows/publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3300637d1dba..a3ca58c42fdf 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -2,8 +2,8 @@ name: Publish on: push: tags: - - 'v*' - workflow_dispatch: {} # Runs on pushing version tags + - 'v*' # Runs on pushing version tags + workflow_dispatch: {} # Manual run jobs: publish: From b2899314e12a6226f852a1be68fb0efa0d37b474 Mon Sep 17 00:00:00 2001 From: Lusa Zhan Date: Fri, 3 Apr 2026 13:42:44 +0000 Subject: [PATCH 14/16] test: add temporary pull_request trigger to publish.yml --- .github/workflows/publish.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a3ca58c42fdf..69e36508eb4d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -3,6 +3,7 @@ on: push: tags: - 'v*' # Runs on pushing version tags + pull_request: {} # Temporary for testing workflow_dispatch: {} # Manual run jobs: From 25cb73198ba36da2dc000ce0f48e2850984ff09f Mon Sep 17 00:00:00 2001 From: Lusa Zhan Date: Fri, 3 Apr 2026 13:55:03 +0000 Subject: [PATCH 15/16] npm pkg fix --- package.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index 63bb45a0c271..b733211aaa0a 100644 --- a/package.json +++ b/package.json @@ -5,9 +5,9 @@ "description": "Automated auditing, performance metrics, and best practices for the web.", "main": "./core/index.js", "bin": { - "lighthouse": "./cli/index.js", - "chrome-debug": "./core/scripts/manual-chrome-launcher.js", - "smokehouse": "./cli/test/smokehouse/frontends/smokehouse-bin.js" + "lighthouse": "cli/index.js", + "chrome-debug": "core/scripts/manual-chrome-launcher.js", + "smokehouse": "cli/test/smokehouse/frontends/smokehouse-bin.js" }, "engines": { "node": ">=22.19" @@ -215,7 +215,7 @@ }, "repository": { "type": "git", - "url": "https://github.com/GoogleChrome/lighthouse" + "url": "git+https://github.com/GoogleChrome/lighthouse.git" }, "keywords": [ "google", From 82cf298fe48972b5227cf28166b936e61064d2cc Mon Sep 17 00:00:00 2001 From: Lusa Zhan Date: Fri, 3 Apr 2026 13:59:29 +0000 Subject: [PATCH 16/16] remove pr trigger and dry run flag --- .github/workflows/publish.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 69e36508eb4d..531e9c30c90b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -3,7 +3,6 @@ on: push: tags: - 'v*' # Runs on pushing version tags - pull_request: {} # Temporary for testing workflow_dispatch: {} # Manual run jobs: @@ -23,6 +22,6 @@ jobs: - name: Publish to npm run: | npm install -g npm@latest - npm publish --provenance --access public --registry https://registry.npmjs.org/ --dry-run + npm publish --provenance --access public --registry https://registry.npmjs.org/ env: CI: true