From 30a03075452c2247a87a7893c8332b00064b98c1 Mon Sep 17 00:00:00 2001 From: Arthurk12 Date: Thu, 2 Jul 2026 16:13:25 -0300 Subject: [PATCH 1/3] chore(ci): bumb actions/checkout and actinos/setup-node to v5 Both actions still declare node20 as their internal runtime, triggering Github's Node 20 deprecation warning on every run. v5 of each uses node24 internally; no input/output changes affect our usage. --- .github/workflows/publish.yml | 4 ++-- .github/workflows/storybook-deploy.yml | 4 ++-- .github/workflows/sync-develop.yml | 2 +- .github/workflows/tag_and_release.yml | 4 ++-- .github/workflows/ts-code-compilation.yml | 4 ++-- .github/workflows/ts-code-validation.yml | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2ecabaf..e07e16a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -15,10 +15,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version-file: '.nvmrc' registry-url: 'https://registry.npmjs.org' diff --git a/.github/workflows/storybook-deploy.yml b/.github/workflows/storybook-deploy.yml index e44199c..9d9af42 100644 --- a/.github/workflows/storybook-deploy.yml +++ b/.github/workflows/storybook-deploy.yml @@ -17,10 +17,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version-file: '.nvmrc' cache: 'npm' diff --git a/.github/workflows/sync-develop.yml b/.github/workflows/sync-develop.yml index 52469e4..78e13cd 100644 --- a/.github/workflows/sync-develop.yml +++ b/.github/workflows/sync-develop.yml @@ -14,7 +14,7 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/tag_and_release.yml b/.github/workflows/tag_and_release.yml index eb74386..77bf811 100644 --- a/.github/workflows/tag_and_release.yml +++ b/.github/workflows/tag_and_release.yml @@ -16,12 +16,12 @@ jobs: contents: write # Required to push commits and tags steps: - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 # Fetches all history for accurate changelog generation - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version-file: '.nvmrc' diff --git a/.github/workflows/ts-code-compilation.yml b/.github/workflows/ts-code-compilation.yml index 608e6c3..0846e13 100644 --- a/.github/workflows/ts-code-compilation.yml +++ b/.github/workflows/ts-code-compilation.yml @@ -6,7 +6,7 @@ jobs: ts-code-compilation: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 1 # Merges the base branch (e.g. develop) into the PR branch so compilation @@ -14,7 +14,7 @@ jobs: - name: Merge branches uses: ./.github/actions/merge-branches - name: install node - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version-file: '.nvmrc' - name: run npm install diff --git a/.github/workflows/ts-code-validation.yml b/.github/workflows/ts-code-validation.yml index edb83b4..1e1aa5c 100644 --- a/.github/workflows/ts-code-validation.yml +++ b/.github/workflows/ts-code-validation.yml @@ -7,7 +7,7 @@ jobs: ts-code-validation: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 1 # Merges the base branch (e.g. develop) into the PR branch so validation @@ -15,7 +15,7 @@ jobs: - name: Merge branches uses: ./.github/actions/merge-branches - name: install node - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version-file: '.nvmrc' - name: run npm install From 3266a1ff8140a1c869895a6d4645254d86dcc299 Mon Sep 17 00:00:00 2001 From: Arthurk12 Date: Thu, 2 Jul 2026 16:15:11 -0300 Subject: [PATCH 2/3] chore(ci): add pre-commit script to resync package-lock.json version conventional-changelog-action only bumps the top-level "version" field, leaving package-lock.json's nested packages[""] entry (its own copy of the root version) stale after every release. This script regenerates the lockfile via `npm install --package-lock-only` and is meant to be wired up as the action's pre-commit hook. --- .github/scripts/pre-commit.js | 12 ++++++++++++ .github/workflows/tag_and_release.yml | 1 + 2 files changed, 13 insertions(+) create mode 100644 .github/scripts/pre-commit.js diff --git a/.github/scripts/pre-commit.js b/.github/scripts/pre-commit.js new file mode 100644 index 0000000..a1b838a --- /dev/null +++ b/.github/scripts/pre-commit.js @@ -0,0 +1,12 @@ +const { execSync } = require('child_process'); + +// Called by TriPSs/conventional-changelog-action right after it bumps the +// version in package.json/package-lock.json, before committing the release. +// The action only text-replaces the top-level "version" field, so +// package-lock.json's nested packages[""] entry (its own copy of the root +// version) is left stale, requiring a manual fix after every release: +// https://github.com/bigbluebutton/bbb-ui-components-react/commit/2ff2bbb617197a4af5495961d57c17ca11d13356?diff=split#diff-053150b640a7ce75eff69d1a22cae7f0f94ad64ce9a855db544dda0929316519R9 +// Regenerating the lockfile here keeps it in sync before the release commit. +exports.preCommit = () => { + execSync('npm install --package-lock-only', { stdio: 'inherit' }); +}; diff --git a/.github/workflows/tag_and_release.yml b/.github/workflows/tag_and_release.yml index 77bf811..fb4a636 100644 --- a/.github/workflows/tag_and_release.yml +++ b/.github/workflows/tag_and_release.yml @@ -38,6 +38,7 @@ jobs: skip-ci: 'false' tag-prefix: 'v' version-file: './package.json, ./package-lock.json' + pre-commit: './.github/scripts/pre-commit.js' - name: Create GitHub Release if: ${{ github.event.inputs.create_github_release == 'true' && steps.changelog.outputs.skipped == 'false' }} From 140ef6c586400677579b2413d983ee89362c8576 Mon Sep 17 00:00:00 2001 From: Arthurk12 Date: Fri, 3 Jul 2026 14:57:23 -0300 Subject: [PATCH 3/3] chore(ci): bump Node to v24 in publish workflow to fix provenance The publish workflow fails when generating npm provenance via GitHub Actions. This is a known issue with older Node versions, where the OIDC token request used for provenance attestation returns a 404. Upgrading to Node 24 resolves the issue. --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e07e16a..19f8df4 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -20,7 +20,7 @@ jobs: - name: Setup Node.js uses: actions/setup-node@v5 with: - node-version-file: '.nvmrc' + node-version: '24.x' registry-url: 'https://registry.npmjs.org' - name: Install Dependencies