This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://redirect.github.com/actions/checkout) |
action | patch | `v6.0.0` -> `v6.0.1` |
---
### Release Notes
<details>
<summary>actions/checkout (actions/checkout)</summary>
###
[`v6.0.1`](https://redirect.github.com/actions/checkout/compare/v6.0.0...v6.0.1)
[Compare
Source](https://redirect.github.com/actions/checkout/compare/v6.0.0...v6.0.1)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "every weekday before 11am" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/ionic-team/ionic-framework).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xOS45IiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://redirect.github.com/actions/checkout) |
action | major | `v5.0.1` -> `v6.0.0` |
---
### Release Notes
<details>
<summary>actions/checkout (actions/checkout)</summary>
###
[`v6.0.0`](https://redirect.github.com/actions/checkout/compare/v5.0.1...v6.0.0)
[Compare
Source](https://redirect.github.com/actions/checkout/compare/v5.0.1...v6.0.0)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "every weekday before 11am" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/ionic-team/ionic-framework).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xNi4xIiwidXBkYXRlZEluVmVyIjoiNDIuMTYuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://redirect.github.com/actions/checkout) |
action | patch | `v5.0.0` -> `v5.0.1` |
---
### Release Notes
<details>
<summary>actions/checkout (actions/checkout)</summary>
###
[`v5.0.1`](https://redirect.github.com/actions/checkout/compare/v5.0.0...v5.0.1)
[Compare
Source](https://redirect.github.com/actions/checkout/compare/v5.0.0...v5.0.1)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "every weekday before 11am" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/ionic-team/ionic-framework).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNzMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE3My4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Issue number: resolves #
---------
<!-- Please do not submit updates to dependencies unless it fixes an
issue. -->
<!-- Please try to limit your pull request to one type (bugfix, feature,
etc). Submit multiple pull requests if needed. -->
## What is the current behavior?
<!-- Please describe the current behavior that you are modifying. -->
- Permissions not set as expected
## What is the new behavior?
<!-- Please describe the behavior or changes that are being added by
this PR. -->
- Permissions are properly set throughout the hierarchy
- Workflow structure prevents unintended standalone executions
## Does this introduce a breaking change?
- [ ] Yes
- [x] No
<!--
If this introduces a breaking change:
1. Describe the impact and migration path for existing applications
below.
2. Update the BREAKING.md file with the breaking change.
3. Add "BREAKING CHANGE: [...]" to the commit description when merging.
See
https://github.com/ionic-team/ionic-framework/blob/main/docs/CONTRIBUTING.md#footer
for more information.
-->
## Other information
<!-- Any other information that is important to this PR such as
screenshots of how the component looks before and after the change. -->
Issue number: resolves #
---------
<!-- Please do not submit updates to dependencies unless it fixes an
issue. -->
<!-- Please try to limit your pull request to one type (bugfix, feature,
etc). Submit multiple pull requests if needed. -->
## What is the current behavior?
<!-- Please describe the current behavior that you are modifying. -->
- Publishing to npm is failing due to the changes to move to Trusted
Publishers, since it seems that they still don't support reusable
workflows, as mentioned
[here](https://github.com/orgs/community/discussions/174507)
- The action to which we grant permissions on npm needs to follow a
strict path location `.github/workflows/` in your repository.
## What is the new behavior?
<!-- Please describe the behavior or changes that are being added by
this PR. -->
- Fixed permissions mismatch by applying the orchestrator method for npm
publish:
release-orchestrator.yml (contents: read, id-token: write)
├─→ nightly.yml (contents: read, id-token: write)
│ └─→ release-ionic.yml (contents: read, id-token: write)
│ └─→ publish-npm.yml (contents: read, id-token: write) ✅
├─→ dev-build.yml (contents: read, id-token: write)
│ └─→ release-ionic.yml (contents: read, id-token: write)
│ └─→ publish-npm.yml (contents: read, id-token: write) ✅
└─→ release.yml (contents: read, id-token: write)
└─→ release-ionic.yml (contents: read, id-token: write)
└─→ publish-npm.yml (contents: read, id-token: write) ✅
- `release-orchestrator.yml` calls three workflows: `nightly.yml`,
`dev-build.yml`, and `release.yml`.
- All three call `release-ionic.yml`, which handles publishing multiple
packages.
- `release-ionic.yml` calls `publish-npm.yml` multiple times (once per
package).
- All workflows have `contents: read` and `id-token: write` permissions.
- `publish-npm.yml` is in `.github/workflows/`, which satisfies npm
Trusted Publishers requirements.
- This shows that `publish-npm.yml` is reachable through all three
release paths, and moving it to `.github/workflows/` ensures npm Trusted
Publishers can authenticate it correctly.
## Does this introduce a breaking change?
- [ ] Yes
- [x] No
<!--
If this introduces a breaking change:
1. Describe the impact and migration path for existing applications
below.
2. Update the BREAKING.md file with the breaking change.
3. Add "BREAKING CHANGE: [...]" to the commit description when merging.
See
https://github.com/ionic-team/ionic-framework/blob/main/docs/CONTRIBUTING.md#footer
for more information.
-->
- Run pipelines after merge
## Other information
<!-- Any other information that is important to this PR such as
screenshots of how the component looks before and after the change. -->
- The workflow `release-orchestrator.yml` needs to be the one set up in
the npm package settings for the Trusted Publishers
Issue number: internal
---------
<!-- Please do not submit updates to dependencies unless it fixes an
issue. -->
<!-- Please try to limit your pull request to one type (bugfix, feature,
etc). Submit multiple pull requests if needed. -->
## What is the current behavior?
<!-- Please describe the current behavior that you are modifying. -->
- Release workflows still inject a long-lived `NPM_TOKEN` via `.npmrc`,
so publishes do not use npm’s trusted OIDC flow.
## What is the new behavior?
<!-- Please describe the behavior or changes that are being added by
this PR. -->
- The shared `actions/publish-npm` composite action now configures
`setup-node` with the npm registry, upgrades npm in place, and publishes
with `--provenance` without writing `.npmrc`.
- `release-dev.yml`, `release-nightly.yml`, and `release-production.yml`
call into that trusted flow by removing the token input and (for
production) inlining the same OIDC setup before `npm run release.ci`.
- Allows npm to authenticate through trusted publishing requirements
[docs.npmjs.com/trusted-publishers](https://docs.npmjs.com/trusted-publishers).
- Step names were refreshed with emojis, but there are no other
behavioral changes.
## Does this introduce a breaking change?
- [ ] Yes
- [x] No
<!--
If this introduces a breaking change:
1. Describe the impact and migration path for existing applications
below.
2. Update the BREAKING.md file with the breaking change.
3. Add "BREAKING CHANGE: [...]" to the commit description when merging.
See
https://github.com/ionic-team/ionic-framework/blob/main/docs/CONTRIBUTING.md#footer
for more information.
-->
## Other information
<!-- Any other information that is important to this PR such as
screenshots of how the component looks before and after the change. -->
- These changes align the Ionic release automation with npm’s
trusted-publisher enforcement while keeping the existing Lerna
build/publish process intact.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://redirect.github.com/actions/checkout) |
action | major | `v4` -> `v5` |
---
### Release Notes
<details>
<summary>actions/checkout (actions/checkout)</summary>
### [`v5`](https://redirect.github.com/actions/checkout/compare/v4...v5)
[Compare
Source](https://redirect.github.com/actions/checkout/compare/v4...v5)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "every weekday before 11am" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/ionic-team/ionic-framework).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS42MC40IiwidXBkYXRlZEluVmVyIjoiNDEuNjAuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR removes the v5 and v4 lts tags from the release scripts. The
main branch should always be used to deploy to the latest/next tags and
never in the past. Instead, the version branches have the option to
deploy to their respective LTS tags.
The cache for the `next` tag is not cleared on release. As a result, the
Ionic 8 playgrounds break since the entry point is cached. The cached
entry point references JS chunks that no longer exist.
After each release, we need to update the local `package-lock.json`
dependencies. We do this via a `npm install --package-lock-only`
command. However, this command can fail for reasons such as a connection
timeout. When this happens, the package-lock files do not get updated.
The problem is this action is also done in the same job as generating
the changelog and creating the GitHub release. This operations cannot be
re-done. As a result, we cannot simply re-run this job and try updating
the package-lock files again.
This PR changes the workflow to split the package-lock update out to its
own job. In the event that this job fails, we can re-run only this job
and leave the other jobs untouched.
