diff --git a/.github/workflows/manual_public_release.yaml b/.github/workflows/manual_public_release.yaml index 87f4adbca..6818c14ca 100644 --- a/.github/workflows/manual_public_release.yaml +++ b/.github/workflows/manual_public_release.yaml @@ -22,7 +22,6 @@ jobs: BRANCH: main ENVIRONMENT: public_release secrets: - NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} SLACK_WEB_HOOK: ${{ secrets.SLACK_WEB_HOOK }} G_TOKEN: ${{ secrets.GITHUB_TOKEN }} APP_ID: ${{ secrets.APP_ID }} diff --git a/.github/workflows/pr_e2e.yaml b/.github/workflows/pr_e2e.yaml index e4ee21ae1..d5c048480 100644 --- a/.github/workflows/pr_e2e.yaml +++ b/.github/workflows/pr_e2e.yaml @@ -7,13 +7,13 @@ on: jobs: get-version: if: ${{ (github.event.label.name == vars.E2E_LABEL) || (github.event.label.name == vars.PUBLISH_AND_E2E_LABEL) }} - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest-large outputs: branch: ${{ steps.extractBranch.outputs.branch }} version: ${{ steps.alphaVersion.outputs.version }} steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v3 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3 with: node-version: '22' - name: Extract branch name @@ -69,9 +69,9 @@ jobs: remove-label-on-failure: needs: e2e-test if: always() - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest-large steps: - - uses: actions-ecosystem/action-remove-labels@v1 + - uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1 if: needs.e2e-test.result != 'success' with: labels: ${{ github.event.label.name }} \ No newline at end of file diff --git a/.github/workflows/pr_workflow.yaml b/.github/workflows/pr_workflow.yaml index 4ad6546d1..12430c840 100644 --- a/.github/workflows/pr_workflow.yaml +++ b/.github/workflows/pr_workflow.yaml @@ -18,10 +18,10 @@ on: jobs: build-and-test: - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest-large steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v3 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3 with: node-version: '22' - name: Install project dependencies @@ -41,9 +41,9 @@ jobs: CI: "" - name: Build packages run: npm run build - - name: Codecov report - uses: codecov/codecov-action@v3 - with: - token: ${{ secrets.CODECOV_TOKEN }} + # - name: Codecov report + # uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # v3 + # with: + # token: ${{ secrets.CODECOV_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/skip_pr_workflow.yaml b/.github/workflows/skip_pr_workflow.yaml index 154c96b69..a9efb9a4c 100644 --- a/.github/workflows/skip_pr_workflow.yaml +++ b/.github/workflows/skip_pr_workflow.yaml @@ -14,7 +14,7 @@ on: jobs: build-and-test: - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest-large steps: - run: echo "Test execution not required. Passing status check" release-alpha-version: diff --git a/.github/workflows/skip_publish.yaml b/.github/workflows/skip_publish.yaml index 7ba5ec764..1b3a9dba9 100644 --- a/.github/workflows/skip_publish.yaml +++ b/.github/workflows/skip_publish.yaml @@ -3,6 +3,6 @@ on: jobs: publish: - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest-large steps: - run: echo "Skip Publish, Passing status check" \ No newline at end of file diff --git a/.github/workflows/tag.yaml b/.github/workflows/tag.yaml index 6ff2d002b..9ae02e7cf 100644 --- a/.github/workflows/tag.yaml +++ b/.github/workflows/tag.yaml @@ -3,12 +3,12 @@ on: jobs: tag: - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest-large steps: - name: wait-job run: sleep 10s shell: bash - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: main - name: Retrieve Version diff --git a/.github/workflows/~reusable_e2e_all_OS.yaml b/.github/workflows/~reusable_e2e_all_OS.yaml index 967cf01a5..69794a3a4 100644 --- a/.github/workflows/~reusable_e2e_all_OS.yaml +++ b/.github/workflows/~reusable_e2e_all_OS.yaml @@ -90,7 +90,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-22.04, windows-latest, macos-latest ] + os: [ ubuntu-latest-large, windows-latest-large, macos-latest-large ] uses: ./.github/workflows/~reusable_e2e_by_OS.yaml with: OS: ${{ matrix.os }} diff --git a/.github/workflows/~reusable_e2e_by_OS.yaml b/.github/workflows/~reusable_e2e_by_OS.yaml index e60f7966e..f054a6ec5 100644 --- a/.github/workflows/~reusable_e2e_by_OS.yaml +++ b/.github/workflows/~reusable_e2e_by_OS.yaml @@ -98,8 +98,8 @@ jobs: node: runs-on: ${{ inputs.OS }} steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v3 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3 with: node-version: ${{ inputs.NODE_VERSION }} - name: Override localhost to IPv4 in Linux for Node 18 @@ -177,19 +177,19 @@ jobs: cd packages/flex-plugin-e2e-tests npm run start - name: Upload Screenshots - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: always() with: name: ${{ inputs.OS }}-screenshots path: packages/flex-plugin-e2e-tests/screenshots notify-failure: - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest-large needs: node if: ${{ always() && inputs.SEND_NOTIFICATION }} steps: - name: Slack Notification - uses: rtCamp/action-slack-notify@v2 + uses: rtCamp/action-slack-notify@33fa0808da52e41c8dcec3cc101c0027442ed173 # v2 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEB_HOOK }} SLACK_COLOR: ${{ needs.node.result }} diff --git a/.github/workflows/~reusable_public_publish.yaml b/.github/workflows/~reusable_public_publish.yaml index 46d15aa30..3c2fc89ad 100644 --- a/.github/workflows/~reusable_public_publish.yaml +++ b/.github/workflows/~reusable_public_publish.yaml @@ -19,8 +19,6 @@ on: type: string default: alpha_release secrets: - NODE_AUTH_TOKEN: - required: true SLACK_WEB_HOOK: required: true G_TOKEN: @@ -34,14 +32,17 @@ jobs: publish: runs-on: ubuntu-22.04 environment: ${{ inputs.ENVIRONMENT }} + permissions: + id-token: write # Required for OIDC authentication to npm + contents: write # Required for git operations steps: - - uses: actions/create-github-app-token@v3 + - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3 id: get_app_token with: client-id: ${{ secrets.APP_ID }} private_key: ${{ secrets.APP_KEY }} - - uses: actions/checkout@v4 - - uses: actions/setup-node@v3 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3 with: node-version: '22' registry-url: 'https://registry.npmjs.org' @@ -52,7 +53,7 @@ jobs: timeout 10m npm ci --verbose && break || echo "npm ci failed, retrying ($i/3)..." done - name: Slack Started Notification - uses: rtCamp/action-slack-notify@v2 + uses: rtCamp/action-slack-notify@33fa0808da52e41c8dcec3cc101c0027442ed173 # v2 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEB_HOOK }} SLACK_COLOR: ${{ job.status }} @@ -71,14 +72,14 @@ jobs: BRANCH: ${{ inputs.BRANCH }} NODE_OPTIONS: --no-experimental-fetch CI: '' - NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }} + # OIDC authentication - no NODE_AUTH_TOKEN needed for public npm registry - name: Retrieve Version id: publicVersion run: | echo "version=$(awk '/version/{gsub(/("|",)/,"",$2);print $2}' lerna.json)" echo "version=$(awk '/version/{gsub(/("|",)/,"",$2);print $2}' lerna.json)" >> "$GITHUB_OUTPUT" - name: Slack Completed Notification - uses: rtCamp/action-slack-notify@v2 + uses: rtCamp/action-slack-notify@33fa0808da52e41c8dcec3cc101c0027442ed173 # v2 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEB_HOOK }} SLACK_COLOR: ${{ job.status }} diff --git a/.github/workflows/~reusable_publish.yaml b/.github/workflows/~reusable_publish.yaml index 8ce1f3736..8b8d2334b 100644 --- a/.github/workflows/~reusable_publish.yaml +++ b/.github/workflows/~reusable_publish.yaml @@ -19,18 +19,19 @@ on: type: string default: alpha_release secrets: - NODE_AUTH_TOKEN: - required: true SLACK_WEB_HOOK: required: true jobs: publish: - runs-on: ubuntu-22.04 + runs-on: ubuntu-latest-large environment: ${{ inputs.ENVIRONMENT }} + permissions: + id-token: write # Required for OIDC authentication to npm + contents: read # Required for checkout steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v3 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3 with: node-version: "22" registry-url: "https://registry.npmjs.org" @@ -47,9 +48,9 @@ jobs: BRANCH: ${{ inputs.BRANCH }} NODE_OPTIONS: --no-experimental-fetch CI: "" - NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }} + # OIDC authentication - no NODE_AUTH_TOKEN needed for public npm registry - name: Slack Notification - uses: rtCamp/action-slack-notify@v2 + uses: rtCamp/action-slack-notify@33fa0808da52e41c8dcec3cc101c0027442ed173 # v2 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEB_HOOK }} SLACK_COLOR: ${{ job.status }} diff --git a/.npmrc b/.npmrc index 55163311b..95d13ed81 100644 --- a/.npmrc +++ b/.npmrc @@ -1 +1,2 @@ message=":bookmark: Release v%s" +registry=https://npmjs.artifacts.twilio.com/artifactory/api/npm/virtual-npm-thirdparty/ \ No newline at end of file