fix: Use NPM OIDC

.github/workflows/release.yml

@@ -44,7 +44,7 @@ jobs:
             - name: Set Secrets
               uses: DevCycleHQ/aws-secrets-action@main
               with:
-                secrets_map: '{"NODE_AUTH_TOKEN":"DEVCYCLE_GITHUB_JS-SDKS_NPM_TOKEN"}'
+                secrets_map: '{}' # Using OIDC; no static NPM token required
                 aws_account_id: '134377926370'
 
             - name: Configure git

lib/shared/bucketing-assembly-script/package.json

@@ -16,5 +16,9 @@
     },
     "devDependencies": {
         "@devcycle/bucketing-test-data": "1.36.0"
+    },
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/DevCycleHQ/js-sdks.git"
     }
 }

lib/shared/bucketing-test-data/package.json

@@ -1,5 +1,9 @@
 {
     "name": "@devcycle/bucketing-test-data",
     "version": "1.36.0",
-    "license": "MIT"
+    "license": "MIT",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/DevCycleHQ/js-sdks.git"
+    }
 }

lib/shared/bucketing/package.json

@@ -9,5 +9,9 @@
         "ua-parser-js": "^1.0.40"
     },
     "types": "src/index.d.ts",
-    "main": "src/index.js"
+    "main": "src/index.js",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/DevCycleHQ/js-sdks.git"
+    }
 }

lib/shared/sse-connection/package.json

@@ -6,5 +6,9 @@
         "eventsource": "^2.0.2"
     },
     "types": "src/index.d.ts",
-    "main": "src/index.js"
+    "main": "src/index.js",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/DevCycleHQ/js-sdks.git"
+    }
 }

lib/shared/types/package.json

@@ -17,5 +17,9 @@
         "iso-639-1": "^2.1.15",
         "lodash": "^4.17.21",
         "reflect-metadata": "^0.1.14"
+    },
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/DevCycleHQ/js-sdks.git"
     }
 }

lib/shared/vercel-edge-config/package.json

@@ -10,5 +10,9 @@
     },
     "type": "commonjs",
     "main": "./src/index.js",
-    "typings": "./src/index.d.ts"
+    "typings": "./src/index.d.ts",
+    "repository": {
+        "type": "git",
+        "url": "git://github.com/DevCycleHQ/js-sdks.git"
+    }
 }

scripts/npm-safe-publish.sh

@@ -15,18 +15,13 @@ PACKAGE=$1
 JQ_PATH=".version"
 NPM_REGISTRY="$(yarn config get npmRegistryServer)"
 SHA="$(git rev-parse HEAD)"
-OTP=""
 DRY_RUN=""
 
 
 # Use bash function to parse arguments more efficiently
 function parse_arguments() {
   while (( "$#" )); do
     case "$1" in
-      --otp=*)
-        OTP="${1#*=}"
-        shift
-        ;;
       --dry-run)
         DRY_RUN="true"
         echo "Dry run enabled. Not pushing to NPM."
@@ -39,14 +34,6 @@ function parse_arguments() {
   done
 }
 
-function npm_authenticated() {
-  if [[ -z "$NODE_AUTH_TOKEN" ]]; then
-    npm "$@" --otp="$OTP"
-  else
-    npm "$@"
-  fi
-}
-
 parse_arguments "$@"
 
 NPM_SHOW="$(npm show "$PACKAGE" version)"
@@ -57,12 +44,6 @@ if [[ "$NPM_REGISTRY" != "https://registry.yarnpkg.com" ]]; then
   exit 1
 fi
 
-# check if otp is set
-if [[ -z "$OTP" && -z "$NODE_AUTH_TOKEN" ]]; then
-  echo "::error::Must specify the NPM one-time password using the --otp option, or set the NODE_AUTH_TOKEN environment variable. Aborting."
-  exit 1
-fi
-
 echo "$PACKAGE npm show: $NPM_SHOW, npm ls: $NPM_LS"
 
 if [[ "$NPM_SHOW" != "$NPM_LS" ]]; then
@@ -90,8 +71,13 @@ if [[ "$NPM_SHOW" != "$NPM_LS" ]]; then
   fi
 
   if [[ -z "$DRY_RUN" ]]; then
+    # Preflight authentication check
+    if ! npm whoami >/dev/null 2>&1; then
+      echo "::error::Not authenticated to npm (missing OIDC/token). Aborting."
+      exit 1
+    fi
     echo "::info::Publishing $PACKAGE@$NPM_LS to NPM."
-    npm_authenticated publish --access=public
+    npm publish --access=public --provenance
   else
     echo "::warning::[DRY RUN] Not publishing $PACKAGE@$NPM_LS to NPM."
   fi