From d76d6100a821bd0c7851f27b1e891c6ce4ac869e Mon Sep 17 00:00:00 2001 From: Precious Oritsedere Date: Fri, 23 Jan 2026 17:27:43 +0000 Subject: [PATCH 1/7] Added npm publishing to the CI workflow. --- .github/workflows/ci.yml | 50 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 330472d..9ce46e6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,6 +7,7 @@ on: pull_request: branches: - "**" + workflow_dispatch: jobs: build: @@ -24,6 +25,14 @@ jobs: test -d dist/components || exit 1 test -f dist/components/components.jsonld || exit 1 test -f dist/components/context.jsonld || exit 1 + - name: Save build + uses: actions/upload-artifact@v6 + with: + name: build + path: | + . + !node_modules + retention-days: 1 test: strategy: @@ -41,3 +50,44 @@ jobs: - run: npm test env: CI: true + + + npm-publish-build: + needs: [build, test] + runs-on: ubuntu-latest + steps: + - uses: actions/download-artifact@v7 + with: + name: build + - uses: actions/setup-node@v6 + with: + node-version-file: .nvmrc + - uses: rlespinasse/github-slug-action@v3.x + - name: Append commit hash to package version + run: 'sed -i -E "s/(\"version\": *\"[^\"]+)/\1-${GITHUB_SHA_SHORT}/" package.json' + - name: Disable pre- and post-publish actions + run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json' + - uses: JS-DevTools/npm-publish@v4.1.4 + if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' + with: + token: ${{ secrets.NPM_TOKEN }} + tag: ${{ env.GITHUB_REF_SLUG }} + + npm-publish-latest: + needs: [build, test, npm-publish-build] + runs-on: ubuntu-latest + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + steps: + - uses: actions/download-artifact@v7 + with: + name: build + - uses: actions/setup-node@v6 + with: + node-version-file: .nvmrc + - name: Disable pre- and post-publish actions + run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json' + - uses: JS-DevTools/npm-publish@v4.1.4 + if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' + with: + token: ${{ secrets.NPM_TOKEN }} + tag: latest From 4f84df9c6209adbace1210ab9714664d3fe1788c Mon Sep 17 00:00:00 2001 From: Precious Oritsedere Date: Fri, 23 Jan 2026 17:32:31 +0000 Subject: [PATCH 2/7] updated the workfile --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9ce46e6..0d389cf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -61,7 +61,7 @@ jobs: name: build - uses: actions/setup-node@v6 with: - node-version-file: .nvmrc + node-version: '18' - uses: rlespinasse/github-slug-action@v3.x - name: Append commit hash to package version run: 'sed -i -E "s/(\"version\": *\"[^\"]+)/\1-${GITHUB_SHA_SHORT}/" package.json' @@ -83,7 +83,7 @@ jobs: name: build - uses: actions/setup-node@v6 with: - node-version-file: .nvmrc + node-version: '18' - name: Disable pre- and post-publish actions run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json' - uses: JS-DevTools/npm-publish@v4.1.4 From 5dbeddf145ab9f9edbbfe57c903a63d63284ad3d Mon Sep 17 00:00:00 2001 From: Precious Oritsedere Date: Fri, 23 Jan 2026 17:43:36 +0000 Subject: [PATCH 3/7] update publish workflow --- .github/workflows/ci.yml | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0d389cf..afb846e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,39 +55,47 @@ jobs: npm-publish-build: needs: [build, test] runs-on: ubuntu-latest + permissions: + id-token: write # Required for OIDC + contents: read steps: - uses: actions/download-artifact@v7 with: name: build - uses: actions/setup-node@v6 with: - node-version: '18' + node-version: 20.x + registry-url: 'https://registry.npmjs.org' + - name: Update npm to latest (required for OIDC) + run: npm install -g npm@latest - uses: rlespinasse/github-slug-action@v3.x - name: Append commit hash to package version run: 'sed -i -E "s/(\"version\": *\"[^\"]+)/\1-${GITHUB_SHA_SHORT}/" package.json' - name: Disable pre- and post-publish actions run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json' - - uses: JS-DevTools/npm-publish@v4.1.4 + - name: Publish to npm if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' - with: - token: ${{ secrets.NPM_TOKEN }} - tag: ${{ env.GITHUB_REF_SLUG }} + run: npm publish --tag ${{ env.GITHUB_REF_SLUG }} npm-publish-latest: needs: [build, test, npm-publish-build] runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' && github.event_name == 'push' + permissions: + id-token: write # Required for OIDC + contents: read steps: - uses: actions/download-artifact@v7 with: name: build - uses: actions/setup-node@v6 with: - node-version: '18' + node-version: 20.x + registry-url: 'https://registry.npmjs.org' + - name: Update npm to latest (required for OIDC) + run: npm install -g npm@latest - name: Disable pre- and post-publish actions run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json' - - uses: JS-DevTools/npm-publish@v4.1.4 + - name: Publish to npm if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' - with: - token: ${{ secrets.NPM_TOKEN }} - tag: latest + run: npm publish --tag latest From 17860c939fbc344c55ac1ecf661f0231fac406f3 Mon Sep 17 00:00:00 2001 From: Precious Oritsedere Date: Fri, 23 Jan 2026 17:48:12 +0000 Subject: [PATCH 4/7] Added npm ci --omit=dev step in both publish jobs to install dependencies --- .github/workflows/ci.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index afb846e..1319078 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -68,11 +68,13 @@ jobs: registry-url: 'https://registry.npmjs.org' - name: Update npm to latest (required for OIDC) run: npm install -g npm@latest + - name: Install dependencies + run: npm ci --omit=dev - uses: rlespinasse/github-slug-action@v3.x - name: Append commit hash to package version run: 'sed -i -E "s/(\"version\": *\"[^\"]+)/\1-${GITHUB_SHA_SHORT}/" package.json' - - name: Disable pre- and post-publish actions - run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json' + - name: Disable prepare script to avoid rebuild + run: 'sed -i -E "s/\"prepare\":/\"ignore:prepare\":/" package.json' - name: Publish to npm if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' run: npm publish --tag ${{ env.GITHUB_REF_SLUG }} @@ -94,8 +96,10 @@ jobs: registry-url: 'https://registry.npmjs.org' - name: Update npm to latest (required for OIDC) run: npm install -g npm@latest - - name: Disable pre- and post-publish actions - run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json' + - name: Install dependencies + run: npm ci --omit=dev + - name: Disable prepare script to avoid rebuild + run: 'sed -i -E "s/\"prepare\":/\"ignore:prepare\":/" package.json' - name: Publish to npm if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' run: npm publish --tag latest From 17578da3e192866693c717e24d07420bfcf26ad9 Mon Sep 17 00:00:00 2001 From: Precious Oritsedere Date: Fri, 23 Jan 2026 17:51:43 +0000 Subject: [PATCH 5/7] update publish workflow --- .github/workflows/ci.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1319078..e8e7d8d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -68,13 +68,13 @@ jobs: registry-url: 'https://registry.npmjs.org' - name: Update npm to latest (required for OIDC) run: npm install -g npm@latest - - name: Install dependencies - run: npm ci --omit=dev + - name: Disable prepare script to avoid rebuild + run: 'sed -i -E "s/\"prepare\":/\"ignore:prepare\":/" package.json' + - name: Install dependencies (skip scripts) + run: npm ci --ignore-scripts - uses: rlespinasse/github-slug-action@v3.x - name: Append commit hash to package version run: 'sed -i -E "s/(\"version\": *\"[^\"]+)/\1-${GITHUB_SHA_SHORT}/" package.json' - - name: Disable prepare script to avoid rebuild - run: 'sed -i -E "s/\"prepare\":/\"ignore:prepare\":/" package.json' - name: Publish to npm if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' run: npm publish --tag ${{ env.GITHUB_REF_SLUG }} @@ -96,10 +96,10 @@ jobs: registry-url: 'https://registry.npmjs.org' - name: Update npm to latest (required for OIDC) run: npm install -g npm@latest - - name: Install dependencies - run: npm ci --omit=dev - name: Disable prepare script to avoid rebuild run: 'sed -i -E "s/\"prepare\":/\"ignore:prepare\":/" package.json' + - name: Install dependencies (skip scripts) + run: npm ci --ignore-scripts - name: Publish to npm if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' run: npm publish --tag latest From c09f604a274d25cabcd01b2e59df70eb96aaa5e7 Mon Sep 17 00:00:00 2001 From: Precious Oritsedere Date: Fri, 23 Jan 2026 18:05:45 +0000 Subject: [PATCH 6/7] update workflow --- .github/workflows/ci.yml | 20 ++++++++------------ package.json | 5 ++++- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e8e7d8d..2839f7a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -53,7 +53,7 @@ jobs: npm-publish-build: - needs: [build, test] + needs: build runs-on: ubuntu-latest permissions: id-token: write # Required for OIDC @@ -68,21 +68,19 @@ jobs: registry-url: 'https://registry.npmjs.org' - name: Update npm to latest (required for OIDC) run: npm install -g npm@latest - - name: Disable prepare script to avoid rebuild - run: 'sed -i -E "s/\"prepare\":/\"ignore:prepare\":/" package.json' - - name: Install dependencies (skip scripts) - run: npm ci --ignore-scripts - - uses: rlespinasse/github-slug-action@v3.x + - uses: rlespinasse/github-slug-action@v4.x - name: Append commit hash to package version run: 'sed -i -E "s/(\"version\": *\"[^\"]+)/\1-${GITHUB_SHA_SHORT}/" package.json' + - name: Disable pre- and post-publish actions + run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json' - name: Publish to npm if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' run: npm publish --tag ${{ env.GITHUB_REF_SLUG }} npm-publish-latest: - needs: [build, test, npm-publish-build] + needs: [build, npm-publish-build] runs-on: ubuntu-latest - if: github.ref == 'refs/heads/main' && github.event_name == 'push' + if: github.ref == 'refs/heads/main' permissions: id-token: write # Required for OIDC contents: read @@ -96,10 +94,8 @@ jobs: registry-url: 'https://registry.npmjs.org' - name: Update npm to latest (required for OIDC) run: npm install -g npm@latest - - name: Disable prepare script to avoid rebuild - run: 'sed -i -E "s/\"prepare\":/\"ignore:prepare\":/" package.json' - - name: Install dependencies (skip scripts) - run: npm ci --ignore-scripts + - name: Disable pre- and post-publish actions + run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json' - name: Publish to npm if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]' run: npm publish --tag latest diff --git a/package.json b/package.json index e79128a..1339259 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,10 @@ "name": "css-profile-handler", "version": "7.0.0", "description": "A Community Solid Server module for managing user profiles", - "repository": "https://github.com/theodi/css-profile-handler.git", + "repository": { + "type": "git", + "url": "https://github.com/theodi/css-profile-handler.git" + }, "main": "./dist/index.js", "types": "./dist/index.d.ts", "lsd:module": "https://linkedsoftwaredependencies.org/bundles/npm/css-profile-handler", From 2b5f07d28e32eaf414a546552ecf10f6d117e588 Mon Sep 17 00:00:00 2001 From: Precious Oritsedere Date: Fri, 23 Jan 2026 18:09:08 +0000 Subject: [PATCH 7/7] update workflow --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2839f7a..f94720c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -71,6 +71,8 @@ jobs: - uses: rlespinasse/github-slug-action@v4.x - name: Append commit hash to package version run: 'sed -i -E "s/(\"version\": *\"[^\"]+)/\1-${GITHUB_SHA_SHORT}/" package.json' + - name: Disable prepare script to avoid rebuild + run: 'sed -i -E "s/\"prepare\":/\"ignore:prepare\":/" package.json' - name: Disable pre- and post-publish actions run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json' - name: Publish to npm @@ -94,6 +96,8 @@ jobs: registry-url: 'https://registry.npmjs.org' - name: Update npm to latest (required for OIDC) run: npm install -g npm@latest + - name: Disable prepare script to avoid rebuild + run: 'sed -i -E "s/\"prepare\":/\"ignore:prepare\":/" package.json' - name: Disable pre- and post-publish actions run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json' - name: Publish to npm