diff --git a/.changeset/dirty-rockets-warn.md b/.changeset/dirty-rockets-warn.md new file mode 100644 index 0000000..35903e4 --- /dev/null +++ b/.changeset/dirty-rockets-warn.md @@ -0,0 +1,5 @@ +--- +"starlight-toc-overview-customizer": patch +--- + +Setups trusted publishing using OpenID Connect (OIDC) authentication — no code changes. diff --git a/.github/workflows/format.yaml b/.github/workflows/format.yaml index ecc2f94..9640b6a 100644 --- a/.github/workflows/format.yaml +++ b/.github/workflows/format.yaml @@ -6,19 +6,24 @@ on: permissions: contents: read +env: + NODE_VERSION: 24.10.0 + jobs: autofix: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Setup PNPM - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 - name: Setup Node - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: - node-version: 20.19.5 + node-version: ${{ env.NODE_VERSION }} cache: "pnpm" - name: Install Dependencies diff --git a/.github/workflows/labeler.yaml b/.github/workflows/labeler.yaml index 83e3c99..d2f39ee 100644 --- a/.github/workflows/labeler.yaml +++ b/.github/workflows/labeler.yaml @@ -16,7 +16,9 @@ jobs: app_id: ${{ secrets.BOT_APP_ID }} private_key: ${{ secrets.BOT_PRIVATE_KEY }} - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Ensure labels exist env: GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} @@ -49,7 +51,7 @@ jobs: gh label create "🏯 styles" --description "Stylesheets or design updates" --color "550F5A" --force gh label create "🔒 wontfix" --description "This will not be worked on" --color "FFFFFF" --force - - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5 + - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1 with: configuration-path: .github/labeler.yaml sync-labels: true diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index b0b09eb..026a282 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -11,10 +11,8 @@ concurrency: cancel-in-progress: true env: - REGISTRY: docker.io - IMAGE_OWNER: trueberryless IMAGE_NAME: starlight-toc-overview-customizer - NODE_VERSION: 20 + NODE_VERSION: 24.10.0 jobs: changes: @@ -24,7 +22,9 @@ jobs: starlight-toc-overview-customizer: ${{ steps.filter.outputs.starlight-toc-overview-customizer }} steps: - name: Check out the repo - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter @@ -50,13 +50,15 @@ jobs: private_key: ${{ secrets.BOT_PRIVATE_KEY }} - name: Checkout Repo - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Setup PNPM - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 - name: Setup Node - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ env.NODE_VERSION }} cache: "pnpm" @@ -72,7 +74,6 @@ jobs: title: "ci: release [skip netlify]" env: GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - name: Get published version if: steps.changesets.outputs.hasChangesets == 'true' @@ -90,7 +91,9 @@ jobs: IMAGE_TAG: ${{ env.IMAGE_TAG }} steps: - name: Check out the repo - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Read version from package.json id: get_version @@ -102,25 +105,27 @@ jobs: needs: [changes, changesets, image-tag] if: > ( - needs.changesets.outputs.hasChangesets == 'false' && + needs.changesets.outputs.hasChangesets == 'false' && ( - contains(github.event.head_commit.message, 'deploy') || + contains(github.event.head_commit.message, 'deploy') || contains(github.event.head_commit.message, 'release') ) - ) || + ) || github.event_name == 'workflow_dispatch' runs-on: ubuntu-latest permissions: contents: write id-token: write steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Setup PNPM - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0 - name: Setup Node - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ env.NODE_VERSION }} cache: "pnpm" @@ -131,9 +136,7 @@ jobs: - run: | cd packages/starlight-toc-overview-customizer - npm publish --provenance --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + npm publish --access public release: name: Release @@ -143,7 +146,9 @@ jobs: contents: write steps: - name: Check out the repo - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - id: extract-changelog uses: sean0x42/markdown-extract@7b185cbe85263116bbf741e739e7198ba86465dc # v2.1.0 diff --git a/.github/workflows/welcome-bot.yaml b/.github/workflows/welcome-bot.yaml index 63b6b82..9d858d7 100644 --- a/.github/workflows/welcome-bot.yaml +++ b/.github/workflows/welcome-bot.yaml @@ -20,7 +20,9 @@ jobs: app_id: ${{ secrets.BOT_APP_ID }} private_key: ${{ secrets.BOT_PRIVATE_KEY }} - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Convert Repository Name to Title Case id: convert_repo_name run: | diff --git a/package.json b/package.json index 7e4e629..c6be74b 100644 --- a/package.json +++ b/package.json @@ -18,10 +18,10 @@ "version": "pnpm changeset version && pnpm i --no-frozen-lockfile" }, "devDependencies": { - "@changesets/changelog-github": "^0.5.0", - "@changesets/cli": "^2.27.11", + "@changesets/changelog-github": "^0.5.1", + "@changesets/cli": "^2.29.7", "@trivago/prettier-plugin-sort-imports": "5.2.2", - "prettier": "3.5.3", + "prettier": "3.6.2", "prettier-plugin-astro": "0.14.1" }, "packageManager": "pnpm@10.10.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 540e129..6031b0a 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -9,17 +9,17 @@ importers: .: devDependencies: '@changesets/changelog-github': - specifier: ^0.5.0 + specifier: ^0.5.1 version: 0.5.1 '@changesets/cli': - specifier: ^2.27.11 - version: 2.29.6(@types/node@24.3.1) + specifier: ^2.29.7 + version: 2.29.7(@types/node@24.3.1) '@trivago/prettier-plugin-sort-imports': specifier: 5.2.2 - version: 5.2.2(prettier@3.5.3) + version: 5.2.2(prettier@3.6.2) prettier: - specifier: 3.5.3 - version: 3.5.3 + specifier: 3.6.2 + version: 3.6.2 prettier-plugin-astro: specifier: 0.14.1 version: 0.14.1 @@ -167,8 +167,8 @@ packages: '@capsizecss/unpack@2.4.0': resolution: {integrity: sha512-GrSU71meACqcmIUxPYOJvGKF0yryjN/L1aCuE9DViCTJI7bfkjgYDPD1zbNDcINJwSSP6UaBZY9GAbYDO7re0Q==} - '@changesets/apply-release-plan@7.0.12': - resolution: {integrity: sha512-EaET7As5CeuhTzvXTQCRZeBUcisoYPDDcXvgTE/2jmmypKp0RC7LxKj/yzqeh/1qFTZI7oDGFcL1PHRuQuketQ==} + '@changesets/apply-release-plan@7.0.13': + resolution: {integrity: sha512-BIW7bofD2yAWoE8H4V40FikC+1nNFEKBisMECccS16W1rt6qqhNTBDmIw5HaqmMgtLNz9e7oiALiEUuKrQ4oHg==} '@changesets/assemble-release-plan@6.0.9': resolution: {integrity: sha512-tPgeeqCHIwNo8sypKlS3gOPmsS3wP0zHt67JDuL20P4QcXiw/O4Hl7oXiuLnP9yg+rXLQ2sScdV1Kkzde61iSQ==} @@ -179,8 +179,8 @@ packages: '@changesets/changelog-github@0.5.1': resolution: {integrity: sha512-BVuHtF+hrhUScSoHnJwTELB4/INQxVFc+P/Qdt20BLiBFIHFJDDUaGsZw+8fQeJTRP5hJZrzpt3oZWh0G19rAQ==} - '@changesets/cli@2.29.6': - resolution: {integrity: sha512-6qCcVsIG1KQLhpQ5zE8N0PckIx4+9QlHK3z6/lwKnw7Tir71Bjw8BeOZaxA/4Jt00pcgCnCSWZnyuZf5Il05QQ==} + '@changesets/cli@2.29.7': + resolution: {integrity: sha512-R7RqWoaksyyKXbKXBTbT4REdy22yH81mcFK6sWtqSanxUCbUi9Uf+6aqxZtDQouIqPdem2W56CdxXgsxdq7FLQ==} hasBin: true '@changesets/config@3.1.1': @@ -1912,8 +1912,8 @@ packages: engines: {node: '>=10.13.0'} hasBin: true - prettier@3.5.3: - resolution: {integrity: sha512-QQtaxnoDJeAkDvDKWCLiwIXkTgRhwYDEQCghU9Z6q03iyek/rxRh/2lC3HB7P8sWT2xC/y5JDctPLBIGzHKbhw==} + prettier@3.6.2: + resolution: {integrity: sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ==} engines: {node: '>=14'} hasBin: true @@ -2701,7 +2701,7 @@ snapshots: transitivePeerDependencies: - encoding - '@changesets/apply-release-plan@7.0.12': + '@changesets/apply-release-plan@7.0.13': dependencies: '@changesets/config': 3.1.1 '@changesets/get-version-range-type': 0.4.0 @@ -2715,7 +2715,7 @@ snapshots: outdent: 0.5.0 prettier: 2.8.8 resolve-from: 5.0.0 - semver: 7.7.1 + semver: 7.7.2 '@changesets/assemble-release-plan@6.0.9': dependencies: @@ -2724,7 +2724,7 @@ snapshots: '@changesets/should-skip-package': 0.1.2 '@changesets/types': 6.1.0 '@manypkg/get-packages': 1.1.3 - semver: 7.7.1 + semver: 7.7.2 '@changesets/changelog-git@0.2.1': dependencies: @@ -2738,9 +2738,9 @@ snapshots: transitivePeerDependencies: - encoding - '@changesets/cli@2.29.6(@types/node@24.3.1)': + '@changesets/cli@2.29.7(@types/node@24.3.1)': dependencies: - '@changesets/apply-release-plan': 7.0.12 + '@changesets/apply-release-plan': 7.0.13 '@changesets/assemble-release-plan': 6.0.9 '@changesets/changelog-git': 0.2.1 '@changesets/config': 3.1.1 @@ -2765,7 +2765,7 @@ snapshots: package-manager-detector: 0.2.11 picocolors: 1.1.1 resolve-from: 5.0.0 - semver: 7.7.1 + semver: 7.7.2 spawndamnit: 3.0.1 term-size: 2.2.1 transitivePeerDependencies: @@ -2790,7 +2790,7 @@ snapshots: '@changesets/types': 6.1.0 '@manypkg/get-packages': 1.1.3 picocolors: 1.1.1 - semver: 7.7.1 + semver: 7.7.2 '@changesets/get-github-info@0.6.0': dependencies: @@ -3264,7 +3264,7 @@ snapshots: dependencies: tslib: 2.8.1 - '@trivago/prettier-plugin-sort-imports@5.2.2(prettier@3.5.3)': + '@trivago/prettier-plugin-sort-imports@5.2.2(prettier@3.6.2)': dependencies: '@babel/generator': 7.26.10 '@babel/parser': 7.26.10 @@ -3272,7 +3272,7 @@ snapshots: '@babel/types': 7.26.10 javascript-natural-sort: 0.7.1 lodash: 4.17.21 - prettier: 3.5.3 + prettier: 3.6.2 transitivePeerDependencies: - supports-color @@ -4902,12 +4902,12 @@ snapshots: prettier-plugin-astro@0.14.1: dependencies: '@astrojs/compiler': 2.11.0 - prettier: 3.5.3 + prettier: 3.6.2 sass-formatter: 0.7.9 prettier@2.8.8: {} - prettier@3.5.3: {} + prettier@3.6.2: {} prismjs@1.30.0: {}