From b0047da92fab9b4ac83dec4f48d7e7c1539facf7 Mon Sep 17 00:00:00 2001 From: Jeremy Tuloup Date: Tue, 14 Oct 2025 13:45:06 +0200 Subject: [PATCH 1/6] Document npm truster publishers --- .../making_release_from_releaser.md | 33 ++++++++++++- .../convert_repo_from_releaser.md | 47 +++++++++++++++--- .../how_to_guides/convert_repo_from_repo.md | 49 ++++++++++++++++--- docs/source/reference/theory.md | 2 +- 4 files changed, 112 insertions(+), 19 deletions(-) diff --git a/docs/source/get_started/making_release_from_releaser.md b/docs/source/get_started/making_release_from_releaser.md index 3f395529..2afade8c 100644 --- a/docs/source/get_started/making_release_from_releaser.md +++ b/docs/source/get_started/making_release_from_releaser.md @@ -49,9 +49,38 @@ already uses Jupyter Releaser. -- If the repo generates npm release(s), add access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens), saved as `NPM_TOKEN` in "Secrets". +- If the repo generates npm release(s), set up npm: -> If you want to set _provenance_ on your package, you need to ensure the publish release job as `permissions`: `id-token : write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions)). +
Using npm Trusted Publishers (recommended) + +- npm Trusted Publishers is supported with npm >= 11.5.1 +- Ensure the publish release job has `permissions`: `id-token: write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements)) +- Set up the Node.js version in your workflow using one of these approaches: + + Using the `base-setup` action from `jupyterlab/maintainer-tools`: + ```yaml + - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 + with: + node_version: "24" + ``` + + Or using the standard `setup-node` action: + ```yaml + - uses: actions/setup-node@v6 + with: + node-version: "24" + ``` + +- With Trusted Publishers enabled, npm packages will be published without needing to store an `NPM_TOKEN` secret + +
+ +
Using NPM_TOKEN (legacy way) + +- Create an access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens), saved as `NPM_TOKEN` in "Secrets" +- If you want to set _provenance_ on your package, you need to ensure the publish release job has `permissions`: `id-token: write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions)) + +
## Prep Release diff --git a/docs/source/how_to_guides/convert_repo_from_releaser.md b/docs/source/how_to_guides/convert_repo_from_releaser.md index 0c1cf2f6..66f83f44 100644 --- a/docs/source/how_to_guides/convert_repo_from_releaser.md +++ b/docs/source/how_to_guides/convert_repo_from_releaser.md @@ -10,7 +10,7 @@ See checklist below for details: - Bump version configuration (if using Python), for example [tbump](https://github.com/dmerejkowsky/tbump) - [Access token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) with access to target GitHub repo to run GitHub Actions. - Access token for the [PyPI registry](https://packaging.python.org/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#saving-credentials-on-github) -- If needed, access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens). +- If publishing to npm, we recommend using [npm Trusted Publishers](https://docs.npmjs.com/trusted-publishers) (requires npm >= 11.5.1, available via Node.js >= 24). Otherwise, create an access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens). ## Checklist for Adoption @@ -19,9 +19,9 @@ A. Prep the `jupyter_releaser` fork: - [ ] Clone this repository onto your GitHub user account. - [ ] Add a GitHub [personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) with access to target GitHub repo to run - GitHub Actions, saved as `ADMIN_GITHUB_TOKEN` in the - [repository secrets](https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository). - The token will need "public_repo", and "repo:status" permissions. + GitHub Actions, saved as `ADMIN_GITHUB_TOKEN` in the + [repository secrets](https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository). + The token will need "public_repo", and "repo:status" permissions. - [ ] Set up PyPI: @@ -54,9 +54,40 @@ A. Prep the `jupyter_releaser` fork: -- [ ] If needed, add access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens), saved as `NPM_TOKEN`. +- [ ] Set up npm (if publishing to npm): -> If you want to set _provenance_ on your package, you need to ensure the publish release job as `permissions`: `id-token : write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions)). +
Using npm Trusted Publishers (recommended) + +- npm Trusted Publishers is supported with npm >= 11.5.1 +- Ensure the publish release job has `permissions`: `id-token: write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements)) +- Set up the Node.js version in your workflow using one of these approaches: + + Using the `base-setup` action from `jupyterlab/maintainer-tools`: + + ```yaml + - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 + with: + node_version: "24" + ``` + + Or using the standard `setup-node` action: + + ```yaml + - uses: actions/setup-node@v4 + with: + node-version: "24" + ``` + +- With Trusted Publishers enabled, npm packages will be published with provenance automatically, without needing to store an `NPM_TOKEN` secret + +
+ +
Using NPM_TOKEN (legacy way) + +- Create an access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens), saved as `NPM_TOKEN` +- If you want to set _provenance_ on your package, you need to ensure the publish release job has `permissions`: `id-token: write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions)) + +
B. Prep target repository: @@ -66,7 +97,7 @@ B. Prep target repository: - Note that [directives](https://myst-parser.readthedocs.io/en/latest/using/syntax.html#syntax-directives) can still be used - [ ] Add HTML start and end comment markers to Changelog file - see example in [CHANGELOG.md](https://github.com/jupyter-server/jupyter_releaser/blob/main/CHANGELOG.md) (view in raw mode) - [ ] We recommend using [hatch](https://hatch.pypa.io/latest/) for your - build system and for version handling. + build system and for version handling. - If previously providing `version_info` like `version_info = (1, 7, 0, '.dev', '0')`, use a pattern like the one below in your version file: ```python @@ -111,7 +142,7 @@ version_info = tuple(parts) ``` - [ ] Add a workflow that uses the [`enforce-label`](https://github.com/jupyterlab/maintainer-tools#enforce-labels) action from `jupyterlab/maintainer-tools` to ensure that all PRs have on of the triage labels used to - categorize the changelog. + categorize the changelog. - [ ] Update or add `RELEASE.md` that describes the onboarding and release process, e.g. [jupyter_server](https://github.com/jupyter-server/jupyter_server/blob/main/RELEASE.md). diff --git a/docs/source/how_to_guides/convert_repo_from_repo.md b/docs/source/how_to_guides/convert_repo_from_repo.md index cae7bc50..9138e61e 100644 --- a/docs/source/how_to_guides/convert_repo_from_repo.md +++ b/docs/source/how_to_guides/convert_repo_from_repo.md @@ -9,7 +9,7 @@ See checklist below for details: - Markdown changelog - Bump version configuration (if using Python), for example [hatch](https://hatch.pypa.io/latest/) - [Add a trusted publisher](https://docs.pypi.org/trusted-publishers/adding-a-publisher/) to your PyPI project -- If needed, access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens). +- If publishing to npm, we recommend using [npm Trusted Publishers](https://docs.npmjs.com/trusted-publishers) (requires npm >= 11.5.1, available via Node.js >= 24). Otherwise, create an access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens). ## Checklist for Adoption @@ -25,7 +25,7 @@ See checklist below for details: - Store the `APP_ID` and the private key in a secure location (Jupyter Vault if using a Jupyter Org) - [ ] Create a "release" [environment](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment) on your repository and add an `APP_ID` Environment Variable and `APP_PRIVATE_KEY` secret. - The environment should be enabled for ["Protected branches only"](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches-and-tags). + The environment should be enabled for ["Protected branches only"](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches-and-tags). - [ ] Configure [Rulesets](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets) for the repository @@ -38,7 +38,7 @@ See checklist below for details: - Allow the GitHub App to bypass protections - [ ] Copy `prep-release.yml` and `publish-release.yml` (or only `full-release.yml`) from the - [example-workflows](https://github.com/jupyter-server/jupyter_releaser/tree/main/example-workflows) folder in this repository. + [example-workflows](https://github.com/jupyter-server/jupyter_releaser/tree/main/example-workflows) folder in this repository. - [ ] Set up PyPI: @@ -47,8 +47,41 @@ See checklist below for details: _environment_ should be `release` (the name of the GitHub environment). - Ensure the publish release job as `permissions`: `id-token : write` (see the [documentation](https://docs.pypi.org/trusted-publishers/using-a-publisher/)) -- [ ] If needed, add access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens), saved as `NPM_TOKEN`. Again this should - be created using a machine account that only has publish access. +- [ ] Set up npm (if publishing to npm): + +
Using npm Trusted Publishers (recommended) + +- npm Trusted Publishers is supported with npm >= 11.5.1 +- Ensure the publish release job has `permissions`: `id-token: write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements)) +- Set up the Node.js version in your workflow using one of these approaches: + + Using the `base-setup` action from `jupyterlab/maintainer-tools`: + + ```yaml + - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 + with: + node_version: "24" + ``` + + Or using the standard `setup-node` action: + + ```yaml + - uses: actions/setup-node@v4 + with: + node-version: "24" + ``` + +- With Trusted Publishers enabled, npm packages will be published with provenance automatically, without needing to store an `NPM_TOKEN` secret + +
+ +
Using NPM_TOKEN (legacy way) + +- Create an access token for [npm](https://docs.npmjs.com/creating-and-viewing-access-tokens), saved as `NPM_TOKEN` +- This should be created using a machine account that only has publish access +- If you want to set _provenance_ on your package, you need to ensure the publish release job has `permissions`: `id-token: write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions)) + +
- [ ] Ensure that only trusted users with 2FA have admin access to the repository, since they will be able to trigger releases. @@ -71,7 +104,7 @@ See checklist below for details: ``` - [ ] We recommend using [hatch](https://hatch.pypa.io/latest/) for your - build system and for version handling. + build system and for version handling. - If previously providing `version_info` like `version_info = (1, 7, 0, '.dev', '0')`, use a pattern like the one below in your version file: @@ -119,7 +152,7 @@ version_info = tuple(parts) ``` - [ ] Add a workflow that uses the [`enforce-label`](https://github.com/jupyterlab/maintainer-tools#enforce-labels) action - from `jupyterlab/maintainer-tools` to ensure that all PRs have on of the triage labels used to categorize the changelog. + from `jupyterlab/maintainer-tools` to ensure that all PRs have on of the triage labels used to categorize the changelog. ```yaml name: Enforce PR label @@ -149,7 +182,7 @@ jobs: - [ ] Try out the `Prep Release` and `Publish Release` process against a fork of the target repo first so you don't accidentally push tags and GitHub releases to the source repository. Set the `TWINE_REPOSITORY_URL` environment variable to `https://test.pypi.org/legacy/` in the "Finalize Release" action part of the workflow - [ ] Try the `Publish Release` process using a prerelease version on the main - repository before publishing a final version. + repository before publishing a final version. ## Backport Branches diff --git a/docs/source/reference/theory.md b/docs/source/reference/theory.md index dbe796ff..680a6f33 100644 --- a/docs/source/reference/theory.md +++ b/docs/source/reference/theory.md @@ -17,7 +17,7 @@ This project should help maintainers reduce toil and save time in the release pr We strive to use the most secure release practices possible, reflected in the `Checklist for Adoption` and the example workflows. -This includes using PyPI Trusted Publishing, using GitHub Environments, encouraging the use of Rulesets and GitHub Apps with limited bypass capability, and provenance data for npm. +This includes using PyPI Trusted Publishing, npm Trusted Publishers (with npm >= 11.5.1), using GitHub Environments, encouraging the use of Rulesets and GitHub Apps with limited bypass capability, and provenance data for npm. In addition, there is an automatic check for whether the user who triggered the action is an admin. ## Action Details From d875b03014e95be02415026d7913060803847ca7 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 14 Oct 2025 11:46:41 +0000 Subject: [PATCH 2/6] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- .../get_started/making_release_from_releaser.md | 4 ++++ .../how_to_guides/convert_repo_from_releaser.md | 12 +++++++----- docs/source/how_to_guides/convert_repo_from_repo.md | 12 +++++++----- 3 files changed, 18 insertions(+), 10 deletions(-) diff --git a/docs/source/get_started/making_release_from_releaser.md b/docs/source/get_started/making_release_from_releaser.md index 2afade8c..83e5b011 100644 --- a/docs/source/get_started/making_release_from_releaser.md +++ b/docs/source/get_started/making_release_from_releaser.md @@ -54,10 +54,13 @@ already uses Jupyter Releaser.
Using npm Trusted Publishers (recommended) - npm Trusted Publishers is supported with npm >= 11.5.1 + - Ensure the publish release job has `permissions`: `id-token: write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements)) + - Set up the Node.js version in your workflow using one of these approaches: Using the `base-setup` action from `jupyterlab/maintainer-tools`: + ```yaml - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 with: @@ -65,6 +68,7 @@ already uses Jupyter Releaser. ``` Or using the standard `setup-node` action: + ```yaml - uses: actions/setup-node@v6 with: diff --git a/docs/source/how_to_guides/convert_repo_from_releaser.md b/docs/source/how_to_guides/convert_repo_from_releaser.md index 66f83f44..726e57f2 100644 --- a/docs/source/how_to_guides/convert_repo_from_releaser.md +++ b/docs/source/how_to_guides/convert_repo_from_releaser.md @@ -19,9 +19,9 @@ A. Prep the `jupyter_releaser` fork: - [ ] Clone this repository onto your GitHub user account. - [ ] Add a GitHub [personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) with access to target GitHub repo to run - GitHub Actions, saved as `ADMIN_GITHUB_TOKEN` in the - [repository secrets](https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository). - The token will need "public_repo", and "repo:status" permissions. + GitHub Actions, saved as `ADMIN_GITHUB_TOKEN` in the + [repository secrets](https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository). + The token will need "public_repo", and "repo:status" permissions. - [ ] Set up PyPI: @@ -59,7 +59,9 @@ A. Prep the `jupyter_releaser` fork:
Using npm Trusted Publishers (recommended) - npm Trusted Publishers is supported with npm >= 11.5.1 + - Ensure the publish release job has `permissions`: `id-token: write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements)) + - Set up the Node.js version in your workflow using one of these approaches: Using the `base-setup` action from `jupyterlab/maintainer-tools`: @@ -97,7 +99,7 @@ B. Prep target repository: - Note that [directives](https://myst-parser.readthedocs.io/en/latest/using/syntax.html#syntax-directives) can still be used - [ ] Add HTML start and end comment markers to Changelog file - see example in [CHANGELOG.md](https://github.com/jupyter-server/jupyter_releaser/blob/main/CHANGELOG.md) (view in raw mode) - [ ] We recommend using [hatch](https://hatch.pypa.io/latest/) for your - build system and for version handling. + build system and for version handling. - If previously providing `version_info` like `version_info = (1, 7, 0, '.dev', '0')`, use a pattern like the one below in your version file: ```python @@ -142,7 +144,7 @@ version_info = tuple(parts) ``` - [ ] Add a workflow that uses the [`enforce-label`](https://github.com/jupyterlab/maintainer-tools#enforce-labels) action from `jupyterlab/maintainer-tools` to ensure that all PRs have on of the triage labels used to - categorize the changelog. + categorize the changelog. - [ ] Update or add `RELEASE.md` that describes the onboarding and release process, e.g. [jupyter_server](https://github.com/jupyter-server/jupyter_server/blob/main/RELEASE.md). diff --git a/docs/source/how_to_guides/convert_repo_from_repo.md b/docs/source/how_to_guides/convert_repo_from_repo.md index 9138e61e..1ae90712 100644 --- a/docs/source/how_to_guides/convert_repo_from_repo.md +++ b/docs/source/how_to_guides/convert_repo_from_repo.md @@ -25,7 +25,7 @@ See checklist below for details: - Store the `APP_ID` and the private key in a secure location (Jupyter Vault if using a Jupyter Org) - [ ] Create a "release" [environment](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment) on your repository and add an `APP_ID` Environment Variable and `APP_PRIVATE_KEY` secret. - The environment should be enabled for ["Protected branches only"](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches-and-tags). + The environment should be enabled for ["Protected branches only"](https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-branches-and-tags). - [ ] Configure [Rulesets](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets) for the repository @@ -38,7 +38,7 @@ See checklist below for details: - Allow the GitHub App to bypass protections - [ ] Copy `prep-release.yml` and `publish-release.yml` (or only `full-release.yml`) from the - [example-workflows](https://github.com/jupyter-server/jupyter_releaser/tree/main/example-workflows) folder in this repository. + [example-workflows](https://github.com/jupyter-server/jupyter_releaser/tree/main/example-workflows) folder in this repository. - [ ] Set up PyPI: @@ -52,7 +52,9 @@ See checklist below for details:
Using npm Trusted Publishers (recommended) - npm Trusted Publishers is supported with npm >= 11.5.1 + - Ensure the publish release job has `permissions`: `id-token: write` (see the [documentation](https://docs.npmjs.com/generating-provenance-statements)) + - Set up the Node.js version in your workflow using one of these approaches: Using the `base-setup` action from `jupyterlab/maintainer-tools`: @@ -104,7 +106,7 @@ See checklist below for details: ``` - [ ] We recommend using [hatch](https://hatch.pypa.io/latest/) for your - build system and for version handling. + build system and for version handling. - If previously providing `version_info` like `version_info = (1, 7, 0, '.dev', '0')`, use a pattern like the one below in your version file: @@ -152,7 +154,7 @@ version_info = tuple(parts) ``` - [ ] Add a workflow that uses the [`enforce-label`](https://github.com/jupyterlab/maintainer-tools#enforce-labels) action - from `jupyterlab/maintainer-tools` to ensure that all PRs have on of the triage labels used to categorize the changelog. + from `jupyterlab/maintainer-tools` to ensure that all PRs have on of the triage labels used to categorize the changelog. ```yaml name: Enforce PR label @@ -182,7 +184,7 @@ jobs: - [ ] Try out the `Prep Release` and `Publish Release` process against a fork of the target repo first so you don't accidentally push tags and GitHub releases to the source repository. Set the `TWINE_REPOSITORY_URL` environment variable to `https://test.pypi.org/legacy/` in the "Finalize Release" action part of the workflow - [ ] Try the `Publish Release` process using a prerelease version on the main - repository before publishing a final version. + repository before publishing a final version. ## Backport Branches From 797c1f5fe8a8d9f655f077528e6d3c5d68dec11e Mon Sep 17 00:00:00 2001 From: Jeremy Tuloup Date: Wed, 15 Oct 2025 11:07:43 +0200 Subject: [PATCH 3/6] Log when there is no npm token --- jupyter_releaser/npm.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/jupyter_releaser/npm.py b/jupyter_releaser/npm.py index c9d98820..45558b5f 100644 --- a/jupyter_releaser/npm.py +++ b/jupyter_releaser/npm.py @@ -1,4 +1,5 @@ """npm-related utilities.""" + # Copyright (c) Jupyter Development Team. # Distributed under the terms of the Modified BSD License. import json @@ -153,6 +154,8 @@ def handle_npm_config(npm_token): short_reg = registry.replace("https://", "//") short_reg = short_reg.replace("http://", "//") auth_entry = f"{short_reg}:_authToken={npm_token}" + else: + util.log("No NPM_TOKEN provided, will attempt to use npm Trusted Publishers if configured") # Handle existing config if npmrc.exists(): @@ -182,13 +185,13 @@ def get_package_versions(version): npm_version = data.get("version", "") if npm_version != version: message += f"\nPython version: {version}" - message += f'\nnpm version: {data["name"]}: {npm_version}' + message += f"\nnpm version: {data['name']}: {npm_version}" if "workspaces" in data: message += "\nnpm workspace versions:" for path in _get_workspace_packages(data): text = path.joinpath("package.json").read_text(encoding="utf-8") data = json.loads(text) - message += f'\n{data["name"]}: {data.get("version", "")}' + message += f"\n{data['name']}: {data.get('version', '')}" return message From bd702beddc061d7a65b9c5aba8192944bf87c3e4 Mon Sep 17 00:00:00 2001 From: Jeremy Tuloup Date: Mon, 1 Dec 2025 17:32:52 +0100 Subject: [PATCH 4/6] cleanup --- docs/source/get_started/making_release_from_releaser.md | 2 -- docs/source/how_to_guides/convert_repo_from_releaser.md | 2 -- docs/source/how_to_guides/convert_repo_from_repo.md | 2 -- 3 files changed, 6 deletions(-) diff --git a/docs/source/get_started/making_release_from_releaser.md b/docs/source/get_started/making_release_from_releaser.md index 83e5b011..f8f86e52 100644 --- a/docs/source/get_started/making_release_from_releaser.md +++ b/docs/source/get_started/making_release_from_releaser.md @@ -71,8 +71,6 @@ already uses Jupyter Releaser. ```yaml - uses: actions/setup-node@v6 - with: - node-version: "24" ``` - With Trusted Publishers enabled, npm packages will be published without needing to store an `NPM_TOKEN` secret diff --git a/docs/source/how_to_guides/convert_repo_from_releaser.md b/docs/source/how_to_guides/convert_repo_from_releaser.md index 726e57f2..212a340c 100644 --- a/docs/source/how_to_guides/convert_repo_from_releaser.md +++ b/docs/source/how_to_guides/convert_repo_from_releaser.md @@ -76,8 +76,6 @@ A. Prep the `jupyter_releaser` fork: ```yaml - uses: actions/setup-node@v4 - with: - node-version: "24" ``` - With Trusted Publishers enabled, npm packages will be published with provenance automatically, without needing to store an `NPM_TOKEN` secret diff --git a/docs/source/how_to_guides/convert_repo_from_repo.md b/docs/source/how_to_guides/convert_repo_from_repo.md index 1ae90712..4925cf8e 100644 --- a/docs/source/how_to_guides/convert_repo_from_repo.md +++ b/docs/source/how_to_guides/convert_repo_from_repo.md @@ -69,8 +69,6 @@ See checklist below for details: ```yaml - uses: actions/setup-node@v4 - with: - node-version: "24" ``` - With Trusted Publishers enabled, npm packages will be published with provenance automatically, without needing to store an `NPM_TOKEN` secret From 39bebaa18f4d342cc4a4c086fbea407f434dc41e Mon Sep 17 00:00:00 2001 From: Jeremy Tuloup Date: Mon, 1 Dec 2025 17:38:19 +0100 Subject: [PATCH 5/6] More cleanup --- .github/workflows/check-release.yml | 2 -- .github/workflows/generate-changelog.yml | 2 -- .github/workflows/prep-release.yml | 2 -- .github/workflows/prep-self-release.yml | 2 -- .github/workflows/publish-changelog.yml | 2 -- .github/workflows/publish-release.yml | 2 -- .github/workflows/publish-self-release.yml | 2 -- .github/workflows/test.yml | 14 -------------- .../get_started/making_release_from_releaser.md | 2 -- .../how_to_guides/convert_repo_from_releaser.md | 2 -- .../source/how_to_guides/convert_repo_from_repo.md | 2 -- 11 files changed, 34 deletions(-) diff --git a/.github/workflows/check-release.yml b/.github/workflows/check-release.yml index 1dcf650e..22029032 100644 --- a/.github/workflows/check-release.yml +++ b/.github/workflows/check-release.yml @@ -15,8 +15,6 @@ jobs: steps: - uses: actions/checkout@v4 - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - with: - node_version: "24.x" - name: Install Dependencies shell: bash run: | diff --git a/.github/workflows/generate-changelog.yml b/.github/workflows/generate-changelog.yml index e7e6e3d5..3e890e9c 100644 --- a/.github/workflows/generate-changelog.yml +++ b/.github/workflows/generate-changelog.yml @@ -32,8 +32,6 @@ jobs: steps: - uses: actions/checkout@v4 - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - with: - node_version: "24.x" - name: Install Dependencies shell: bash run: | diff --git a/.github/workflows/prep-release.yml b/.github/workflows/prep-release.yml index f308ac8a..4b8025b1 100644 --- a/.github/workflows/prep-release.yml +++ b/.github/workflows/prep-release.yml @@ -32,8 +32,6 @@ jobs: steps: - uses: actions/checkout@v4 - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - with: - node_version: "24.x" - name: Install Dependencies shell: bash run: | diff --git a/.github/workflows/prep-self-release.yml b/.github/workflows/prep-self-release.yml index 647dbb63..b59e97a3 100644 --- a/.github/workflows/prep-self-release.yml +++ b/.github/workflows/prep-self-release.yml @@ -31,8 +31,6 @@ jobs: steps: - uses: actions/checkout@v4 - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - with: - node_version: "24.x" - name: Install Dependencies shell: bash run: | diff --git a/.github/workflows/publish-changelog.yml b/.github/workflows/publish-changelog.yml index ee4d52f8..8ec872ad 100644 --- a/.github/workflows/publish-changelog.yml +++ b/.github/workflows/publish-changelog.yml @@ -16,8 +16,6 @@ jobs: steps: - uses: actions/checkout@v4 - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - with: - node_version: "24.x" - name: Install Dependencies shell: bash diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index a802be61..f8422fb8 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -21,8 +21,6 @@ jobs: steps: - uses: actions/checkout@v4 - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - with: - node_version: "24.x" - name: Install Dependencies shell: bash run: | diff --git a/.github/workflows/publish-self-release.yml b/.github/workflows/publish-self-release.yml index 441c3ec1..ad9f9beb 100644 --- a/.github/workflows/publish-self-release.yml +++ b/.github/workflows/publish-self-release.yml @@ -21,8 +21,6 @@ jobs: steps: - uses: actions/checkout@v4 - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - with: - node_version: "24.x" - name: Install Dependencies shell: bash run: | diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ff693bb1..6920b85e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -20,8 +20,6 @@ jobs: steps: - uses: actions/checkout@v4 - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - with: - node_version: "24.x" - name: Run Linters run: | hatch run typing:test @@ -34,8 +32,6 @@ jobs: steps: - uses: actions/checkout@v4 - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - with: - node_version: "24.x" - uses: jupyterlab/maintainer-tools/.github/actions/check-links@v1 with: ignore_links: https://blog.jupyter.org/.* @@ -50,8 +46,6 @@ jobs: steps: - uses: actions/checkout@v4 - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - with: - node_version: "24.x" - name: Run the tests with coverage on Ubuntu if: ${{ matrix.os == 'ubuntu-latest' }} @@ -78,8 +72,6 @@ jobs: steps: - uses: actions/checkout@v4 - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - with: - node_version: "24.x" - env: GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }} RH_REPOSITORY: jupyter-server/jupyter_releaser @@ -111,7 +103,6 @@ jobs: - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 with: dependency_type: minimum - node_version: "24.x" - name: Run the unit tests run: | hatch run test:nowarn || hatch run test:nowarn --lf @@ -126,7 +117,6 @@ jobs: with: dependency_type: pre python_version: "3.12" - node_version: "24.x" - name: Run the tests run: | hatch run test:nowarn || hatch run test:nowarn --lf @@ -137,8 +127,6 @@ jobs: steps: - uses: actions/checkout@v4 - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - with: - node_version: "24.x" - run: hatch run docs:build check_local_actions: @@ -146,8 +134,6 @@ jobs: steps: - uses: actions/checkout@v4 - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - with: - node_version: "24.x" - name: prep-release uses: ./.github/actions/prep-release diff --git a/docs/source/get_started/making_release_from_releaser.md b/docs/source/get_started/making_release_from_releaser.md index f8f86e52..9528df4a 100644 --- a/docs/source/get_started/making_release_from_releaser.md +++ b/docs/source/get_started/making_release_from_releaser.md @@ -63,8 +63,6 @@ already uses Jupyter Releaser. ```yaml - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - with: - node_version: "24" ``` Or using the standard `setup-node` action: diff --git a/docs/source/how_to_guides/convert_repo_from_releaser.md b/docs/source/how_to_guides/convert_repo_from_releaser.md index 212a340c..faba021c 100644 --- a/docs/source/how_to_guides/convert_repo_from_releaser.md +++ b/docs/source/how_to_guides/convert_repo_from_releaser.md @@ -68,8 +68,6 @@ A. Prep the `jupyter_releaser` fork: ```yaml - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - with: - node_version: "24" ``` Or using the standard `setup-node` action: diff --git a/docs/source/how_to_guides/convert_repo_from_repo.md b/docs/source/how_to_guides/convert_repo_from_repo.md index 4925cf8e..2dc3b506 100644 --- a/docs/source/how_to_guides/convert_repo_from_repo.md +++ b/docs/source/how_to_guides/convert_repo_from_repo.md @@ -61,8 +61,6 @@ See checklist below for details: ```yaml - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - with: - node_version: "24" ``` Or using the standard `setup-node` action: From f08c8937cbd2d785f997b78ba83f925668c9a684 Mon Sep 17 00:00:00 2001 From: Jeremy Tuloup Date: Mon, 1 Dec 2025 17:51:45 +0100 Subject: [PATCH 6/6] specify with setup-node --- docs/source/get_started/making_release_from_releaser.md | 2 ++ docs/source/how_to_guides/convert_repo_from_releaser.md | 4 +++- docs/source/how_to_guides/convert_repo_from_repo.md | 4 +++- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/source/get_started/making_release_from_releaser.md b/docs/source/get_started/making_release_from_releaser.md index 9528df4a..079ab5a3 100644 --- a/docs/source/get_started/making_release_from_releaser.md +++ b/docs/source/get_started/making_release_from_releaser.md @@ -69,6 +69,8 @@ already uses Jupyter Releaser. ```yaml - uses: actions/setup-node@v6 + with: + node-version: "24.x" ``` - With Trusted Publishers enabled, npm packages will be published without needing to store an `NPM_TOKEN` secret diff --git a/docs/source/how_to_guides/convert_repo_from_releaser.md b/docs/source/how_to_guides/convert_repo_from_releaser.md index faba021c..3267df40 100644 --- a/docs/source/how_to_guides/convert_repo_from_releaser.md +++ b/docs/source/how_to_guides/convert_repo_from_releaser.md @@ -73,7 +73,9 @@ A. Prep the `jupyter_releaser` fork: Or using the standard `setup-node` action: ```yaml - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v6 + with: + node-version: "24.x" ``` - With Trusted Publishers enabled, npm packages will be published with provenance automatically, without needing to store an `NPM_TOKEN` secret diff --git a/docs/source/how_to_guides/convert_repo_from_repo.md b/docs/source/how_to_guides/convert_repo_from_repo.md index 2dc3b506..6396fffe 100644 --- a/docs/source/how_to_guides/convert_repo_from_repo.md +++ b/docs/source/how_to_guides/convert_repo_from_repo.md @@ -66,7 +66,9 @@ See checklist below for details: Or using the standard `setup-node` action: ```yaml - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v6 + with: + node-version: "24.x" ``` - With Trusted Publishers enabled, npm packages will be published with provenance automatically, without needing to store an `NPM_TOKEN` secret