diff --git a/.changeset/blue-needles-press.md b/.changeset/blue-needles-press.md new file mode 100644 index 0000000..98faefa --- /dev/null +++ b/.changeset/blue-needles-press.md @@ -0,0 +1,5 @@ +--- +"starlight-theme-next": patch +--- + +Setups trusted publishing using OpenID Connect (OIDC) authentication — no code changes. diff --git a/.github/workflows/format.yaml b/.github/workflows/format.yaml index ecc2f94..9640b6a 100644 --- a/.github/workflows/format.yaml +++ b/.github/workflows/format.yaml @@ -6,19 +6,24 @@ on: permissions: contents: read +env: + NODE_VERSION: 24.10.0 + jobs: autofix: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Setup PNPM - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 - name: Setup Node - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: - node-version: 20.19.5 + node-version: ${{ env.NODE_VERSION }} cache: "pnpm" - name: Install Dependencies diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml index 83e3c99..d2f39ee 100644 --- a/.github/workflows/labeler.yaml +++ b/.github/workflows/labeler.yaml @@ -16,7 +16,9 @@ jobs: app_id: ${{ secrets.BOT_APP_ID }} private_key: ${{ secrets.BOT_PRIVATE_KEY }} - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Ensure labels exist env: GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} @@ -49,7 +51,7 @@ jobs: gh label create "🏯 styles" --description "Stylesheets or design updates" --color "550F5A" --force gh label create "🔒 wontfix" --description "This will not be worked on" --color "FFFFFF" --force - - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5 + - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1 with: configuration-path: .github/labeler.yaml sync-labels: true diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index d57debc..94ab5be 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -11,10 +11,8 @@ concurrency: cancel-in-progress: true env: - REGISTRY: docker.io - IMAGE_OWNER: trueberryless IMAGE_NAME: starlight-theme-next - NODE_VERSION: 20 + NODE_VERSION: 24.10.0 jobs: changes: @@ -24,7 +22,9 @@ jobs: starlight-theme-next: ${{ steps.filter.outputs.starlight-theme-next }} steps: - name: Check out the repo - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter @@ -50,13 +50,15 @@ jobs: private_key: ${{ secrets.BOT_PRIVATE_KEY }} - name: Checkout Repo - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Setup PNPM - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 - name: Setup Node - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ env.NODE_VERSION }} cache: "pnpm" @@ -72,7 +74,6 @@ jobs: title: "ci: release [skip netlify]" env: GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - name: Get published version if: steps.changesets.outputs.hasChangesets == 'true' @@ -90,7 +91,9 @@ jobs: IMAGE_TAG: ${{ env.IMAGE_TAG }} steps: - name: Check out the repo - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Read version from package.json id: get_version @@ -102,25 +105,27 @@ jobs: needs: [changes, changesets, image-tag] if: > ( - needs.changesets.outputs.hasChangesets == 'false' && + needs.changesets.outputs.hasChangesets == 'false' && ( - contains(github.event.head_commit.message, 'deploy') || + contains(github.event.head_commit.message, 'deploy') || contains(github.event.head_commit.message, 'release') ) - ) || + ) || github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest permissions: contents: write id-token: write steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Setup PNPM - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 - name: Setup Node - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ env.NODE_VERSION }} cache: "pnpm" @@ -131,9 +136,7 @@ jobs: - run: | cd packages/starlight-theme-next - npm publish --provenance --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + npm publish --access public release: name: Release @@ -143,7 +146,9 @@ jobs: contents: write steps: - name: Check out the repo - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - id: extract-changelog uses: sean0x42/markdown-extract@7b185cbe85263116bbf741e739e7198ba86465dc # v2.1.0 diff --git a/.github/workflows/welcome-bot.yaml b/.github/workflows/welcome-bot.yaml index 63b6b82..9d858d7 100644 --- a/.github/workflows/welcome-bot.yaml +++ b/.github/workflows/welcome-bot.yaml @@ -20,7 +20,9 @@ jobs: app_id: ${{ secrets.BOT_APP_ID }} private_key: ${{ secrets.BOT_PRIVATE_KEY }} - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Convert Repository Name to Title Case id: convert_repo_name run: | diff --git a/package.json b/package.json index 299aee7..4fad800 100644 --- a/package.json +++ b/package.json @@ -18,10 +18,10 @@ "version": "pnpm changeset version && pnpm i --no-frozen-lockfile" }, "devDependencies": { - "@changesets/changelog-github": "^0.5.0", - "@changesets/cli": "^2.27.11", + "@changesets/changelog-github": "^0.5.1", + "@changesets/cli": "^2.29.7", "@trivago/prettier-plugin-sort-imports": "5.2.2", - "prettier": "3.5.3", + "prettier": "3.6.2", "prettier-plugin-astro": "0.14.1" }, "packageManager": "pnpm@10.10.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 6b4d17f..338f31f 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -9,17 +9,17 @@ importers: .: devDependencies: '@changesets/changelog-github': - specifier: ^0.5.0 + specifier: ^0.5.1 version: 0.5.1 '@changesets/cli': - specifier: ^2.27.11 - version: 2.29.6(@types/node@24.3.0) + specifier: ^2.29.7 + version: 2.29.7(@types/node@24.3.0) '@trivago/prettier-plugin-sort-imports': specifier: 5.2.2 - version: 5.2.2(prettier@3.5.3) + version: 5.2.2(prettier@3.6.2) prettier: - specifier: 3.5.3 - version: 3.5.3 + specifier: 3.6.2 + version: 3.6.2 prettier-plugin-astro: specifier: 0.14.1 version: 0.14.1 @@ -171,8 +171,8 @@ packages: '@capsizecss/unpack@2.4.0': resolution: {integrity: sha512-GrSU71meACqcmIUxPYOJvGKF0yryjN/L1aCuE9DViCTJI7bfkjgYDPD1zbNDcINJwSSP6UaBZY9GAbYDO7re0Q==} - '@changesets/apply-release-plan@7.0.12': - resolution: {integrity: sha512-EaET7As5CeuhTzvXTQCRZeBUcisoYPDDcXvgTE/2jmmypKp0RC7LxKj/yzqeh/1qFTZI7oDGFcL1PHRuQuketQ==} + '@changesets/apply-release-plan@7.0.13': + resolution: {integrity: sha512-BIW7bofD2yAWoE8H4V40FikC+1nNFEKBisMECccS16W1rt6qqhNTBDmIw5HaqmMgtLNz9e7oiALiEUuKrQ4oHg==} '@changesets/assemble-release-plan@6.0.9': resolution: {integrity: sha512-tPgeeqCHIwNo8sypKlS3gOPmsS3wP0zHt67JDuL20P4QcXiw/O4Hl7oXiuLnP9yg+rXLQ2sScdV1Kkzde61iSQ==} @@ -183,8 +183,8 @@ packages: '@changesets/changelog-github@0.5.1': resolution: {integrity: sha512-BVuHtF+hrhUScSoHnJwTELB4/INQxVFc+P/Qdt20BLiBFIHFJDDUaGsZw+8fQeJTRP5hJZrzpt3oZWh0G19rAQ==} - '@changesets/cli@2.29.6': - resolution: {integrity: sha512-6qCcVsIG1KQLhpQ5zE8N0PckIx4+9QlHK3z6/lwKnw7Tir71Bjw8BeOZaxA/4Jt00pcgCnCSWZnyuZf5Il05QQ==} + '@changesets/cli@2.29.7': + resolution: {integrity: sha512-R7RqWoaksyyKXbKXBTbT4REdy22yH81mcFK6sWtqSanxUCbUi9Uf+6aqxZtDQouIqPdem2W56CdxXgsxdq7FLQ==} hasBin: true '@changesets/config@3.1.1': @@ -1992,8 +1992,8 @@ packages: engines: {node: '>=10.13.0'} hasBin: true - prettier@3.5.3: - resolution: {integrity: sha512-QQtaxnoDJeAkDvDKWCLiwIXkTgRhwYDEQCghU9Z6q03iyek/rxRh/2lC3HB7P8sWT2xC/y5JDctPLBIGzHKbhw==} + prettier@3.6.2: + resolution: {integrity: sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ==} engines: {node: '>=14'} hasBin: true @@ -2138,11 +2138,6 @@ packages: sax@1.4.1: resolution: {integrity: sha512-+aWOz7yVScEGoKNd4PA10LZ8sk0A/z5+nXQG5giUO5rprX9jgYsTdov9qCchZiPIZezbZH+jRut8nPodFAX4Jg==} - semver@7.7.1: - resolution: {integrity: sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==} - engines: {node: '>=10'} - hasBin: true - semver@7.7.2: resolution: {integrity: sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==} engines: {node: '>=10'} @@ -2791,7 +2786,7 @@ snapshots: transitivePeerDependencies: - encoding - '@changesets/apply-release-plan@7.0.12': + '@changesets/apply-release-plan@7.0.13': dependencies: '@changesets/config': 3.1.1 '@changesets/get-version-range-type': 0.4.0 @@ -2805,7 +2800,7 @@ snapshots: outdent: 0.5.0 prettier: 2.8.8 resolve-from: 5.0.0 - semver: 7.7.1 + semver: 7.7.2 '@changesets/assemble-release-plan@6.0.9': dependencies: @@ -2814,7 +2809,7 @@ snapshots: '@changesets/should-skip-package': 0.1.2 '@changesets/types': 6.1.0 '@manypkg/get-packages': 1.1.3 - semver: 7.7.1 + semver: 7.7.2 '@changesets/changelog-git@0.2.1': dependencies: @@ -2828,9 +2823,9 @@ snapshots: transitivePeerDependencies: - encoding - '@changesets/cli@2.29.6(@types/node@24.3.0)': + '@changesets/cli@2.29.7(@types/node@24.3.0)': dependencies: - '@changesets/apply-release-plan': 7.0.12 + '@changesets/apply-release-plan': 7.0.13 '@changesets/assemble-release-plan': 6.0.9 '@changesets/changelog-git': 0.2.1 '@changesets/config': 3.1.1 @@ -2855,7 +2850,7 @@ snapshots: package-manager-detector: 0.2.11 picocolors: 1.1.1 resolve-from: 5.0.0 - semver: 7.7.1 + semver: 7.7.2 spawndamnit: 3.0.1 term-size: 2.2.1 transitivePeerDependencies: @@ -2880,7 +2875,7 @@ snapshots: '@changesets/types': 6.1.0 '@manypkg/get-packages': 1.1.3 picocolors: 1.1.1 - semver: 7.7.1 + semver: 7.7.2 '@changesets/get-github-info@0.6.0': dependencies: @@ -3468,7 +3463,7 @@ snapshots: dependencies: tslib: 2.8.1 - '@trivago/prettier-plugin-sort-imports@5.2.2(prettier@3.5.3)': + '@trivago/prettier-plugin-sort-imports@5.2.2(prettier@3.6.2)': dependencies: '@babel/generator': 7.27.0 '@babel/parser': 7.27.0 @@ -3476,7 +3471,7 @@ snapshots: '@babel/types': 7.27.0 javascript-natural-sort: 0.7.1 lodash: 4.17.21 - prettier: 3.5.3 + prettier: 3.6.2 transitivePeerDependencies: - supports-color @@ -3533,7 +3528,7 @@ snapshots: '@types/sax@1.2.7': dependencies: - '@types/node': 17.0.45 + '@types/node': 24.3.0 '@types/unist@2.0.11': {} @@ -5047,12 +5042,12 @@ snapshots: prettier-plugin-astro@0.14.1: dependencies: '@astrojs/compiler': 2.11.0 - prettier: 3.5.3 + prettier: 3.6.2 sass-formatter: 0.7.9 prettier@2.8.8: {} - prettier@3.5.3: {} + prettier@3.6.2: {} prismjs@1.30.0: {} @@ -5292,8 +5287,6 @@ snapshots: sax@1.4.1: {} - semver@7.7.1: {} - semver@7.7.2: {} sharp@0.33.5: