Skip to content

Commit 93ac722

Browse files
zgliczgithub-actions[bot]
zglicz
and
github-actions[bot]
authored
JS-1596 Configure eslint-plugin-sonarjs release for npm trusted publishing (#6827)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
1 parent 83d1074 commit 93ac722

3 files changed

Lines changed: 6 additions & 7 deletions

File tree

.github/workflows/.npmrc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
11
always-auth=true
22
email=helpdesk+npmjs@sonarsource.com
3-
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
3+
registry=https://registry.npmjs.org/

.github/workflows/release_eslint_plugin.yml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,9 @@ on:
1212
jobs:
1313
publish:
1414
permissions:
15-
id-token: write # required for SonarSource/vault-action-wrapper
15+
id-token: write # required for GitHub OIDC and SonarSource/vault-action-wrapper
1616
runs-on: github-ubuntu-latest-s
17+
environment: release
1718
env:
1819
RELEASE_TAG: ${{ github.event.inputs.release_version }}
1920
NPM_REPOSITORY: "sonarsource-npm-public"
@@ -28,7 +29,6 @@ jobs:
2829
development/kv/data/repox url | repox_url;
2930
development/artifactory/token/{REPO_OWNER_NAME_DASH}-qa-deployer access_token | qa_deployer_access_token;
3031
development/artifactory/token/{REPO_OWNER_NAME_DASH}-promoter access_token | promoter_access_token;
31-
development/kv/data/npmjs sonartech_npm_token | npm_token;
3232
development/github/token/{REPO_OWNER_NAME_DASH}-rspec token | RSPEC_GITHUB_TOKEN;
3333
- name: Setup JFrog for deploy
3434
uses: SonarSource/jfrog-setup-wrapper@e0f353c7f1bcc7b2f663063d72b5fec7948f6815 # 3.6.0
@@ -41,7 +41,6 @@ jobs:
4141
- run: cp .github/workflows/.npmrc .npmrc
4242
- name: Publish npm package
4343
env:
44-
NPM_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).npm_token }}
4544
GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).RSPEC_GITHUB_TOKEN }}
4645
run: |
4746
jfrog rt npm-config --repo-resolve npm --repo-deploy sonarsource-npm-public-qa
@@ -50,7 +49,7 @@ jobs:
5049
cp .npmrc lib/.npmrc
5150
cd lib
5251
npm version $RELEASE_TAG --no-git-tag-version
53-
npm publish
52+
npm publish --provenance
5453
jfrog rt npm-publish --build-name=eslint-plugin-sonarjs --build-number=${{ github.event.inputs.release_version }}
5554
jfrog rt build-publish eslint-plugin-sonarjs ${{ github.event.inputs.release_version }}
5655
- name: Promote npm package

packages/analysis/src/jsts/rules/README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@ If you have any questions, encounter any bugs, or have feature requests, please
124124
| [assertions-in-tests](https://sonarsource.github.io/rspec/#/rspec/S2699/javascript) | Tests should include assertions || | | 💭 | |
125125
| [aws-apigateway-public-api](https://sonarsource.github.io/rspec/#/rspec/S6333/javascript) | Creating public APIs is security-sensitive || | | | |
126126
| [aws-ec2-rds-dms-public](https://sonarsource.github.io/rspec/#/rspec/S6329/javascript) | Allowing public network access to cloud resources is security-sensitive || | | | |
127-
| [aws-ec2-unencrypted-ebs-volume](https://sonarsource.github.io/rspec/#/rspec/S6275/javascript) | Using unencrypted EBS volumes is security-sensitive || | | | |
127+
| [aws-ec2-unencrypted-ebs-volume](https://sonarsource.github.io/rspec/#/rspec/S6275/javascript) | EBS volumes should be encrypted || | | | |
128128
| [aws-efs-unencrypted](https://sonarsource.github.io/rspec/#/rspec/S6332/javascript) | Using unencrypted EFS file systems is security-sensitive || | | | |
129129
| [aws-iam-all-privileges](https://sonarsource.github.io/rspec/#/rspec/S6302/javascript) | Policies should not grant all privileges || | | | |
130130
| [aws-iam-all-resources-accessible](https://sonarsource.github.io/rspec/#/rspec/S6304/javascript) | Policies granting access to all resources of an account are security-sensitive | | | | | |
@@ -380,7 +380,7 @@ If you have any questions, encounter any bugs, or have feature requests, please
380380
| [void-use](https://sonarsource.github.io/rspec/#/rspec/S3735/javascript) | "void" should not be used || | | 💭 | |
381381
| [weak-ssl](https://sonarsource.github.io/rspec/#/rspec/S4423/javascript) | Weak SSL/TLS protocols should not be used || | | | |
382382
| [web-sql-database](https://sonarsource.github.io/rspec/#/rspec/S2817/javascript) | Web SQL databases should not be used | | | | 💭 ||
383-
| [x-powered-by](https://sonarsource.github.io/rspec/#/rspec/S5689/javascript) | Disclosing fingerprints from web application technologies is security-sensitive || | | | |
383+
| [x-powered-by](https://sonarsource.github.io/rspec/#/rspec/S5689/javascript) | Web application technologies should not disclose version information || | | | |
384384
| [xml-parser-xxe](https://sonarsource.github.io/rspec/#/rspec/S2755/javascript) | XML parsers should not be vulnerable to XXE attacks || | | | |
385385
| [xpath](https://sonarsource.github.io/rspec/#/rspec/S4817/javascript) | Executing XPath expressions is security-sensitive | | | | ||
386386

0 commit comments

Comments
 (0)