chore(cd): fix cd + setup npm provenance (#74)

louis-bompart · web-flow · commit a5f28322536d · 2025-02-05T11:23:57.000-05:00
* chore: add npm provenance

* +fix: checkout before running cd

* clean eol

* fix: update GitHub Actions to use checkout and setup-node v4

* fix(dep-review): add missing permission

The workflow is not valid. .github/workflows/dependency-review.yml (Line: 10, Col: 3): Error calling workflow 'coveo/public-actions/.github/workflows/dependency-review.yml@main'. The nested job 'dependency-review' is requesting 'pull-requests: write', but is only allowed 'pull-requests: none'.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -8,16 +8,19 @@ jobs:
     name: CD
     runs-on: ubuntu-latest
     environment: CD
+    permissions:
+      contents: read
+      id-token: write
     steps:
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           registry-url: "https://registry.npmjs.org"
           node-version-file: '.nvmrc'
           cache: 'npm'
       - run: npm ci
       - run: npm run build
       - run: npm test
-      - run: npm publish
+      - run: npm publish --provenance --access public
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-  
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,8 +10,8 @@ jobs:
     runs-on: ubuntu-latest
     name: CI
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: 'npm'
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -5,10 +5,12 @@ on:
 
 permissions:
   contents: read
+  pull-requests: write
 
 jobs:
   dependency-review:
     uses: coveo/public-actions/.github/workflows/dependency-review.yml@main
     with:
       public: true
       distributed: true
+      runs-on: '["ubuntu-latest"]'
