bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-21 10:43:35 +00:00
Code Issues Releases Wiki Activity

[bre-1104] update cli npm publish to use oidc (#16214)

Browse Source 
* prep workflow for npm OIDC publishing

* add node setup step

* update environment name

* clarify job title

* npm versioning testing, will revert

* syntax

* syntax

* temporarily remove dynamic node version

* Revert build-cli.yml to main branch version

* remove husky install step

* pin npm version in setup node step

* add comment

* more clear comment to show future action needed

* formatting
This commit is contained in:
aj-bw
2025-09-15 13:57:23 -04:00
committed by GitHub
parent 0998508738
commit 806111c94f
1 changed files with 14 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
.github/workflows/publish-cli.yml vendored
View File

@@ -183,6 +183,7 @@ jobs:
npm: npm:
name: Publish NPM name: Publish NPM
environment: CLI - NPM
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: setup needs: setup
permissions: permissions:
@@ -196,22 +197,19 @@ jobs:
- name: Checkout repo - name: Checkout repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Log in to Azure - name: Get Node version
uses: bitwarden/gh-actions/azure-login@main id: retrieve-node-version
with: run: |
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} NODE_NVMRC=$(cat .nvmrc)
tenant_id: ${{ secrets.AZURE_TENANT_ID }} NODE_VERSION=${NODE_NVMRC/v/''}
client_id: ${{ secrets.AZURE_CLIENT_ID }} echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
- name: Retrieve secrets - name: Set up Node
id: retrieve-secrets uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
uses: bitwarden/gh-actions/get-keyvault-secrets@main
with: with:
keyvault: "bitwarden-ci" node-version: ${{ steps.retrieve-node-version.outputs.node_version }}
secrets: "npm-api-key" npm-version: "11.5.1" # FIXME: npm 11.5.1 or later is required to publish w/ OIDC; move version management to somewhere maintainable by automation
registry-url: "https://registry.npmjs.org/"
- name: Log out from Azure
uses: bitwarden/gh-actions/azure-logout@main
- name: Download and set up artifact - name: Download and set up artifact
run: | run: |
@@ -219,19 +217,9 @@ jobs:
wget https://github.com/bitwarden/clients/releases/download/cli-v${{ env._PKG_VERSION }}/bitwarden-cli-${{ env._PKG_VERSION }}-npm-build.zip wget https://github.com/bitwarden/clients/releases/download/cli-v${{ env._PKG_VERSION }}/bitwarden-cli-${{ env._PKG_VERSION }}-npm-build.zip
unzip bitwarden-cli-${{ env._PKG_VERSION }}-npm-build.zip -d build unzip bitwarden-cli-${{ env._PKG_VERSION }}-npm-build.zip -d build
- name: Setup NPM
run: |
echo 'registry="https://registry.npmjs.org/"' > ./.npmrc
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc
env:
NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }}
- name: Install Husky
run: npm install -g husky
- name: Publish NPM - name: Publish NPM
if: ${{ inputs.publish_type != 'Dry Run' }} if: ${{ inputs.publish_type != 'Dry Run' }}
run: npm publish --access public --regsitry=https://registry.npmjs.org/ --userconfig=./.npmrc run: npm publish --access public
update-deployment: update-deployment:
name: Update Deployment Status name: Update Deployment Status