Skip to content

Modernize CI & dependencies #4

Open
#5
Open
Modernize CI & dependencies#4
#5
Assignees
copilot-swe-agent
@TheMrCam

Description

@TheMrCam
TheMrCam
opened on Nov 14, 2025

Overview

The CI workflows immediately fail because of outdated configuration. We should probably update some dependencies since they're likely outdated as well.

Details

CI workflows

jest.yml

  • node-version: [14.x, 16.x, 18.x] should be updated to the latest three supported node versions
  • registry-url should be changed to https://registry.npmjs.org/ as https://registry.landrush.npme.io/ no longer exists (AFAICT)
  • Further changes may be necessary to prevent additional failures
  • May require updates based on updated dependencies

publish.yml

This workflow has never been ran here, and I'm sure it's unusable at this point. I have the following template working in other repositories:

# General workflow for publishing package to npmjs registry.
# Now also creates a draft release in GitHub releases.
#
# Runs on v*.*.* tag push, from tags created by `npm version`.
# v*.*.*-alpha.* tags will publish with `--tag alpha`, otherwise
# publishes with default `npm publish`.
#
# Example:
#     npm version patch       # creates tag v0.0.N
#     git push origin v0.0.N  # publishes package@latest, if tests OK
#
#     npm version prepatch --preid alpha  # creates tag v0.0.M-alpha.0 (M=N+1)
#     git push origin v0.0.M-alpha.0      # publishes package@alpha
#
# Expects package.json to include the following script:
#     "prepack": "npm run build"

name: Publish from tag

on:
  push:
    tags:
      - v*.*.*

jobs:
  publish:
    name: Publish to npmjs.com
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: 22
          # needed to enable reading env.NODE_AUTH_TOKEN
          registry-url: https://registry.npmjs.org/
      - name: Install dependencies
        # Skip post-install scripts here, as a malicious
        # script could steal NODE_AUTH_TOKEN.
        run: npm ci --ignore-scripts
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
      - name: Post-install scripts
        # `npm rebuild` will run all those post-install scripts for us.
        run: npm rebuild && npm run prepare --if-present
      # - name: Test source code
      #   run: npm run test
      - name: Build & publish latest
        if: ${{ ! contains(github.ref, '-alpha.') }}
        # Expects package to have `"prepack": "npm run build"`
        # which is good practice anyway, imo
        run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH }}
      - name: Build & publish alpha
        if: ${{ contains(github.ref, '-alpha.') }}
        run: npm publish --tag alpha
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH }}
      - name: Create package tarball
        # ignore-scripts because we already did the build
        run: npm pack --ignore-scripts
      - uses: actions/upload-artifact@v4
        name: Upload release artifact
        with:
          name: npm-pack-tarball
          if-no-files-found: error
          path: |
            *.tgz

  release:
    name: Create GitHub release
    runs-on: ubuntu-latest
    needs: publish

    permissions:
      # required for softprops/action-gh-release
      contents: write
      # required for mikepenz/release-changelog-builder-action
      pull-requests: read

    steps:
      - uses: actions/checkout@v4
      - uses: actions/download-artifact@v4
        name: Download release artifact
        with:
          name: npm-pack-tarball
      - name: Generate release notes
        id: build_changelog
        uses: mikepenz/release-changelog-builder-action@v5
        with:
          configuration: '.github/changelog.json'
          ignorePreReleases: ${{ ! contains(github.ref_name, '-') }}
      - name: Trim tag name
        run: echo "trimmed_tag=$(echo ${{github.ref_name}} | cut -c 2-)" >> $GITHUB_ENV
      - name: Create release
        id: create_release
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ github.ref }}
          name: Release ${{ github.ref_name }}
          body: |
            ${{ steps.build_changelog.outputs.changelog }}

            **${{ contains(github.ref_name, '-') && 'Prerelease' || 'Full' }} changelog:** ${{ github.server_url }}/${{ github.repository }}/compare/${{ steps.build_changelog.outputs.fromTag }}...${{ steps.build_changelog.outputs.toTag }}
            **NPM release:** https://npmjs.com/package/@scope/package/v/${{ env.trimmed_tag }}
          draft: true
          prerelease: ${{ contains(github.ref_name, '-') }}
          files: |
            *.tgz

Note: the only real repo-specific line is NPM release:, where @scope/package should be replaced with the npm package name so the URL works

We may need to update or add new secrets here for this to work.

Dependencies

I'm not sure which dependencies are critical to update. For this issue, I care more about fixing the CI, so I'd prefer to update dependencies in a non-refactor-inducing way.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions