From d3a5fe8e67584e4daf70b9f4ea5feed02a1d54ae Mon Sep 17 00:00:00 2001 From: Raghd Hamzeh Date: Tue, 12 Aug 2025 09:02:09 -0400 Subject: [PATCH 1/6] chore(ci): test on node@22 and node@24 --- .github/workflows/main.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 37f1eed..0a40b09 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -9,13 +9,16 @@ on: permissions: contents: read +env: + NODE_VERSION: '24.x' + jobs: build: runs-on: ubuntu-latest strategy: matrix: - node-version: [16, 18, 20] + node-version: [16.x, 18.x, 20.x, 22.x, 24.x] steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -48,7 +51,7 @@ jobs: - name: Set up node uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: - node-version: 20 + node-version: ${{ env.NODE_VERSION }} cache: "npm" - name: Install dependencies @@ -87,7 +90,7 @@ jobs: - name: Set up node uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: - node-version: 20 + node-version: ${{ env.NODE_VERSION }} registry-url: "https://registry.npmjs.org" scope: "@openfga" always-auth: false From 1e5582e6f9d00178be4aa6830c1cc84a1b4f9334 Mon Sep 17 00:00:00 2001 From: Raghd Hamzeh Date: Tue, 12 Aug 2025 09:09:17 -0400 Subject: [PATCH 2/6] chore(ci): for scorecard workflow, fetch with depth 0 for pref reasons --- .github/workflows/scorecard.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c4cf487..0dcfbe8 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -37,6 +37,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false + fetch-depth: 0 - name: "Run analysis" uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 From 580f2ed3fead6a6a9a62faa2772e1a8bd666176b Mon Sep 17 00:00:00 2001 From: Raghd Hamzeh Date: Tue, 12 Aug 2025 09:18:41 -0400 Subject: [PATCH 3/6] chore(ci): move audit out of test --- .github/workflows/main.yaml | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 0a40b09..9f23871 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -57,9 +57,6 @@ jobs: - name: Install dependencies run: npm ci - - name: Audit dependencies - run: npm audit - - name: Check for circular dependencies run: npx madge --circular . --extensions ts,js @@ -73,9 +70,29 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} slug: openfga/js-sdk + audit: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + fetch-depth: 0 + + - name: Set up node + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + with: + node-version: ${{ env.NODE_VERSION }} + cache: "npm" + + - name: Install dependencies + run: npm ci + + - name: Audit dependencies + run: npm audit + publish: if: startsWith(github.ref, 'refs/tags/v') - needs: [build, test] + needs: [build, test, audit] runs-on: ubuntu-latest permissions: From 01c15f169e693e39acac5bac5a5c700993522ca8 Mon Sep 17 00:00:00 2001 From: Raghd Hamzeh Date: Wed, 5 Nov 2025 16:34:03 -0500 Subject: [PATCH 4/6] chore: fix targeting latest node --- .github/workflows/main.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 9f23871..09b0c12 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -10,7 +10,7 @@ permissions: contents: read env: - NODE_VERSION: '24.x' + TARGET_NODE_VERSION: '24.x' jobs: build: @@ -51,7 +51,7 @@ jobs: - name: Set up node uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: - node-version: ${{ env.NODE_VERSION }} + node-version: ${{ env.TARGET_NODE_VERSION }} cache: "npm" - name: Install dependencies @@ -81,7 +81,7 @@ jobs: - name: Set up node uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: - node-version: ${{ env.NODE_VERSION }} + node-version: ${{ env.TARGET_NODE_VERSION }} cache: "npm" - name: Install dependencies From 975a0237118fbcacafa3329bd6ee7718a7088144 Mon Sep 17 00:00:00 2001 From: Raghd Hamzeh Date: Wed, 5 Nov 2025 16:34:25 -0500 Subject: [PATCH 5/6] chore: clean up package.json --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index ca063ef..8202611 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ ], "repository": { "type": "git", - "url": "git://github.com:openfga/js-sdk.git" + "url": "git://github.com/openfga/js-sdk.git" }, "bugs": { "url": "https://github.com/openfga/js-sdk/issues" From f6b49293099d1bb9bdc120931bb579ca03d2c92d Mon Sep 17 00:00:00 2001 From: Raghd Hamzeh Date: Wed, 5 Nov 2025 16:46:30 -0500 Subject: [PATCH 6/6] Update .github/workflows/main.yaml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 09b0c12..4c882d9 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -107,7 +107,7 @@ jobs: - name: Set up node uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: - node-version: ${{ env.NODE_VERSION }} + node-version: ${{ env.TARGET_NODE_VERSION }} registry-url: "https://registry.npmjs.org" scope: "@openfga" always-auth: false