From 2e9477b6b95cf918448e142394efc7b76c4f0242 Mon Sep 17 00:00:00 2001 From: ValeryG Date: Mon, 25 Aug 2025 09:26:01 -0600 Subject: [PATCH 1/7] chore: npmjs trusted publishing [KHCP-17666] --- .../setup-pnpm-with-dependencies/action.yaml | 1 + .../workflows/cleanup-preview-packages.yaml | 35 ------- .github/workflows/pr-closed.yaml | 6 +- .github/workflows/publish.yaml | 91 +++++++++++++++++-- .github/workflows/test.yaml | 73 --------------- .nvmrc | 2 +- package.json | 9 +- 7 files changed, 97 insertions(+), 120 deletions(-) delete mode 100644 .github/workflows/cleanup-preview-packages.yaml diff --git a/.github/actions/setup-pnpm-with-dependencies/action.yaml b/.github/actions/setup-pnpm-with-dependencies/action.yaml index d01dbd00..61fb0bc6 100644 --- a/.github/actions/setup-pnpm-with-dependencies/action.yaml +++ b/.github/actions/setup-pnpm-with-dependencies/action.yaml @@ -40,6 +40,7 @@ runs: uses: actions/setup-node@v4 with: node-version: ${{ steps.node-version.outputs.node-version }} + registry-url: https://registry.npmjs.org - name: Install PNPM shell: bash diff --git a/.github/workflows/cleanup-preview-packages.yaml b/.github/workflows/cleanup-preview-packages.yaml deleted file mode 100644 index d9524a09..00000000 --- a/.github/workflows/cleanup-preview-packages.yaml +++ /dev/null @@ -1,35 +0,0 @@ -name: Cleanup PR preview packages -on: - workflow_dispatch: - - schedule: - - cron: '0 2/6 * * 6,0' - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - cleanup: - name: Cleanup PR Previews - runs-on: ubuntu-latest - timeout-minutes: 30 - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} - GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} - - steps: - - name: Checkout Source Code - uses: actions/checkout@v4 - - - name: Prepare cleanup - id: prepare - run: | - echo "openPRs=$(gh pr list --state open --json number|jq -cM 'map(.number|tostring)')" >> $GITHUB_OUTPUT - echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc - - - name: Cleanup PR preview - uses: Kong/public-shared-actions/pr-previews/cleanup@main - with: - package: "@kong/markdown" - openPRs: ${{ steps.prepare.outputs.openPRs }} diff --git a/.github/workflows/pr-closed.yaml b/.github/workflows/pr-closed.yaml index a8042797..cf8fa213 100644 --- a/.github/workflows/pr-closed.yaml +++ b/.github/workflows/pr-closed.yaml @@ -4,13 +4,15 @@ on: types: - closed +permissions: + pull-requests: write + contents: read + jobs: remove-pr-preview-comment: name: Remove PR preview comment from PR runs-on: ubuntu-latest timeout-minutes: 5 - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} steps: - name: Checkout Source Code uses: actions/checkout@v4 diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 1efbeddb..ac2ec264 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -5,6 +5,20 @@ on: branches: - main + pull_request: + types: + - opened + - synchronize + - reopened + - labeled + branches: + - main + +permissions: + id-token: write + contents: read + actions: read + jobs: run-tests: name: Tests @@ -16,6 +30,15 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: + + - name: Remove preview consumption comment + if: github.event_name == 'pull_request' + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: pr_preview_consumption + delete: true + GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} + - name: Checkout uses: actions/checkout@v4 with: @@ -27,12 +50,6 @@ jobs: git config user.email "konnectx-engineers+kongponents-bot@konghq.com" git config user.name "Kong UI Bot" - - name: Create .npmrc - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} - # Reference the env variable NPM_TOKEN here, not the secret - run: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc - - name: Setup PNPM with Dependencies uses: ./.github/actions/setup-pnpm-with-dependencies/ @@ -40,12 +57,72 @@ jobs: # Since we lint in the Tests job, we can just build here run: pnpm run build + + - name: Publish Package Preview + id: package-preview + # Do not run for `alpha` or `beta` branches + if: github.event_name == 'pull_request' && (github.actor != 'renovate[bot]' || contains(github.event.pull_request.labels.*.name, 'create preview package')) && !contains(github.head_ref || github.ref_name, 'alpha') && !contains(github.head_ref || github.ref_name, 'beta') + run: | + git config user.email "konnectx-engineers+kongponents-bot@konghq.com" + git config user.name "Kong UI Bot" + + preid="pr.${{ github.event.pull_request.number }}.$(git rev-parse --short ${{ github.event.pull_request.head.sha }})" + tag="pr-${{ github.event.pull_request.number }}" + echo "preid=${preid}" + + # Use yarn to bump the version for the prerelease + pnpm version prerelease --preid ${preid} --no-git-tag-version --yes --amend + + package_version=$(jq -r ".version" package.json) + package=@kong/markdown@"${package_version}" + + npm show "${package}" >/dev/null 2>&1 && npm_show_status=0 || npm_show_status=1 + if [ $npm_show_status -eq 0 ]; then + echo "Package ${package} is already published. Skipping publishing." + exit 0 + fi + + npm_instructions="" + + pkg=$(pnpm publish --no-git-checks --access public --report-summary --tag "${tag}" | grep "+ "| sed 's/+ //') + + if [[ -z "${pkg}" ]]; then + echo "Error publishing package" + exit -1 + fi + + npm_instructions="@$(echo ${pkg}|cut -d'@' -f2)@${tag}" + + echo "npm_instructions<> $GITHUB_OUTPUT + echo -e "$npm_instructions" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + - name: Provide preview link info + if: ${{ steps.package-preview.outputs.npm_instructions != '' }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: pr_preview_consumption + message: | + ### Install the preview package from this PR + + ```sh + ${{ steps.package-preview.outputs.npm_instructions }} + ``` + GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} + - name: Semantic Release uses: cycjimmy/semantic-release-action@v4 + if: github.event_name == 'push' env: # Since branch protections are on (pushing commits) you need to use a bot PAT GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} + + # as of now cycjimmy/semantic-release-action is not publishing to npmjs as + # trusted publishing is not yet supported, so we want to do a publish as separate step + - name: Publish to npm + if: github.event_name == 'push' + run: | + npm publish deploy-github-pages: name: Deploy GitHub Pages diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 29a158ac..25c04742 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,14 +1,6 @@ name: Tests on: - pull_request: - types: - - opened - - synchronize - - reopened - - labeled - branches: - - main # Allow calling manually from GitHub workflow_dispatch: @@ -22,13 +14,6 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - name: Remove preview consumption comment - if: github.event_name == 'pull_request' - uses: marocchino/sticky-pull-request-comment@v2 - with: - header: pr_preview_consumption - delete: true - GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} - name: Checkout uses: actions/checkout@v4 @@ -46,64 +31,6 @@ jobs: - name: Lint run: pnpm run lint - - name: Build - run: pnpm run build - - name: Test run: pnpm run test - - name: Publish Package Preview - id: package-preview - # Do not run for `alpha` or `beta` branches - if: github.event_name == 'pull_request' && (github.actor != 'renovate[bot]' || contains(github.event.pull_request.labels.*.name, 'create preview package')) && !contains(github.head_ref || github.ref_name, 'alpha') && !contains(github.head_ref || github.ref_name, 'beta') - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} - run: | - git config user.email "konnectx-engineers+kongponents-bot@konghq.com" - git config user.name "Kong UI Bot" - - preid="pr.${{ github.event.pull_request.number }}.$(git rev-parse --short ${{ github.event.pull_request.head.sha }})" - tag="pr-${{ github.event.pull_request.number }}" - echo "preid=${preid}" - - echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc - - # Use yarn to bump the version for the prerelease - pnpm version prerelease --preid ${preid} --no-git-tag-version --yes --amend - - package_version=$(jq -r ".version" package.json) - package=@kong/markdown@"${package_version}" - - npm show "${package}" >/dev/null 2>&1 && npm_show_status=0 || npm_show_status=1 - if [ $npm_show_status -eq 0 ]; then - echo "Package ${package} is already published. Skipping publishing." - exit 0 - fi - - npm_instructions="" - - pkg=$(pnpm publish --no-git-checks --access public --report-summary --tag "${tag}" | grep "+ "| sed 's/+ //') - - if [[ -z "${pkg}" ]]; then - echo "Error publishing package" - exit -1 - fi - - npm_instructions="@$(echo ${pkg}|cut -d'@' -f2)@${tag}" - - echo "npm_instructions<> $GITHUB_OUTPUT - echo -e "$npm_instructions" >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT - - - name: Provide preview link info - if: ${{ steps.package-preview.outputs.npm_instructions != '' }} - uses: marocchino/sticky-pull-request-comment@v2 - with: - header: pr_preview_consumption - message: | - ### Install the preview package from this PR - - ```sh - ${{ steps.package-preview.outputs.npm_instructions }} - ``` - GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} diff --git a/.nvmrc b/.nvmrc index 90756595..b5e8f5c1 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -20.15.0 +24.6.0 diff --git a/package.json b/package.json index 6a5ea158..16fec583 100644 --- a/package.json +++ b/package.json @@ -163,7 +163,12 @@ "changelogFile": "CHANGELOG.md" } ], - "@semantic-release/npm", + [ + "@semantic-release/npm", + { + "npmPublish": false + } + ], [ "@semantic-release/git", { @@ -180,7 +185,7 @@ "node": ">=18.17.0" }, "volta": { - "node": "20.15.0", + "node": "24.6.0", "pnpm": "9.6.0" }, "config": { From d8bf8050614ac4eac087f9f6d99ca616551b71cc Mon Sep 17 00:00:00 2001 From: ValeryG Date: Mon, 25 Aug 2025 09:32:09 -0600 Subject: [PATCH 2/7] fix: restore lost on merge --- .github/workflows/publish.yaml | 103 ++++++++++++++++++++++++++++----- .github/workflows/test.yaml | 75 +----------------------- 2 files changed, 91 insertions(+), 87 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index e9e57afa..ac2ec264 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -5,6 +5,20 @@ on: branches: - main + pull_request: + types: + - opened + - synchronize + - reopened + - labeled + branches: + - main + +permissions: + id-token: write + contents: read + actions: read + jobs: run-tests: name: Tests @@ -16,8 +30,17 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: + + - name: Remove preview consumption comment + if: github.event_name == 'pull_request' + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: pr_preview_consumption + delete: true + GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} + - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@v4 with: fetch-depth: 0 token: ${{ secrets.KONGPONENTS_BOT_PAT }} @@ -27,12 +50,6 @@ jobs: git config user.email "konnectx-engineers+kongponents-bot@konghq.com" git config user.name "Kong UI Bot" - - name: Create .npmrc - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} - # Reference the env variable NPM_TOKEN here, not the secret - run: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc - - name: Setup PNPM with Dependencies uses: ./.github/actions/setup-pnpm-with-dependencies/ @@ -40,12 +57,72 @@ jobs: # Since we lint in the Tests job, we can just build here run: pnpm run build + + - name: Publish Package Preview + id: package-preview + # Do not run for `alpha` or `beta` branches + if: github.event_name == 'pull_request' && (github.actor != 'renovate[bot]' || contains(github.event.pull_request.labels.*.name, 'create preview package')) && !contains(github.head_ref || github.ref_name, 'alpha') && !contains(github.head_ref || github.ref_name, 'beta') + run: | + git config user.email "konnectx-engineers+kongponents-bot@konghq.com" + git config user.name "Kong UI Bot" + + preid="pr.${{ github.event.pull_request.number }}.$(git rev-parse --short ${{ github.event.pull_request.head.sha }})" + tag="pr-${{ github.event.pull_request.number }}" + echo "preid=${preid}" + + # Use yarn to bump the version for the prerelease + pnpm version prerelease --preid ${preid} --no-git-tag-version --yes --amend + + package_version=$(jq -r ".version" package.json) + package=@kong/markdown@"${package_version}" + + npm show "${package}" >/dev/null 2>&1 && npm_show_status=0 || npm_show_status=1 + if [ $npm_show_status -eq 0 ]; then + echo "Package ${package} is already published. Skipping publishing." + exit 0 + fi + + npm_instructions="" + + pkg=$(pnpm publish --no-git-checks --access public --report-summary --tag "${tag}" | grep "+ "| sed 's/+ //') + + if [[ -z "${pkg}" ]]; then + echo "Error publishing package" + exit -1 + fi + + npm_instructions="@$(echo ${pkg}|cut -d'@' -f2)@${tag}" + + echo "npm_instructions<> $GITHUB_OUTPUT + echo -e "$npm_instructions" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + - name: Provide preview link info + if: ${{ steps.package-preview.outputs.npm_instructions != '' }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: pr_preview_consumption + message: | + ### Install the preview package from this PR + + ```sh + ${{ steps.package-preview.outputs.npm_instructions }} + ``` + GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} + - name: Semantic Release - uses: cycjimmy/semantic-release-action@16ca923e6ccbb50770c415a0ccd43709a8c5f7a4 # v4.2.2 + uses: cycjimmy/semantic-release-action@v4 + if: github.event_name == 'push' env: # Since branch protections are on (pushing commits) you need to use a bot PAT GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} + + # as of now cycjimmy/semantic-release-action is not publishing to npmjs as + # trusted publishing is not yet supported, so we want to do a publish as separate step + - name: Publish to npm + if: github.event_name == 'push' + run: | + npm publish deploy-github-pages: name: Deploy GitHub Pages @@ -68,7 +145,7 @@ jobs: cancel-in-progress: false steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@v4 - name: Setup PNPM with Dependencies uses: ./.github/actions/setup-pnpm-with-dependencies/ @@ -82,14 +159,14 @@ jobs: run: pnpm run build:sandbox - name: Setup Pages - uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5 + uses: actions/configure-pages@v5 - name: Upload artifact - uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 + uses: actions/upload-pages-artifact@v3 with: # Upload sandbox/dist directory path: './sandbox/dist' - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 + uses: actions/deploy-pages@v4 diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index c3a55ff6..25c04742 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,14 +1,6 @@ name: Tests on: - pull_request: - types: - - opened - - synchronize - - reopened - - labeled - branches: - - main # Allow calling manually from GitHub workflow_dispatch: @@ -22,16 +14,9 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 20 steps: - - name: Remove preview consumption comment - if: github.event_name == 'pull_request' - uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 - with: - header: pr_preview_consumption - delete: true - GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@v4 with: fetch-depth: 0 @@ -46,64 +31,6 @@ jobs: - name: Lint run: pnpm run lint - - name: Build - run: pnpm run build - - name: Test run: pnpm run test - - name: Publish Package Preview - id: package-preview - # Do not run for `alpha` or `beta` branches - if: github.event_name == 'pull_request' && (github.actor != 'renovate[bot]' || contains(github.event.pull_request.labels.*.name, 'create preview package')) && !contains(github.head_ref || github.ref_name, 'alpha') && !contains(github.head_ref || github.ref_name, 'beta') - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} - run: | - git config user.email "konnectx-engineers+kongponents-bot@konghq.com" - git config user.name "Kong UI Bot" - - preid="pr.${{ github.event.pull_request.number }}.$(git rev-parse --short ${{ github.event.pull_request.head.sha }})" - tag="pr-${{ github.event.pull_request.number }}" - echo "preid=${preid}" - - echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc - - # Use yarn to bump the version for the prerelease - pnpm version prerelease --preid ${preid} --no-git-tag-version --yes --amend - - package_version=$(jq -r ".version" package.json) - package=@kong/markdown@"${package_version}" - - npm show "${package}" >/dev/null 2>&1 && npm_show_status=0 || npm_show_status=1 - if [ $npm_show_status -eq 0 ]; then - echo "Package ${package} is already published. Skipping publishing." - exit 0 - fi - - npm_instructions="" - - pkg=$(pnpm publish --no-git-checks --access public --report-summary --tag "${tag}" | grep "+ "| sed 's/+ //') - - if [[ -z "${pkg}" ]]; then - echo "Error publishing package" - exit -1 - fi - - npm_instructions="@$(echo ${pkg}|cut -d'@' -f2)@${tag}" - - echo "npm_instructions<> $GITHUB_OUTPUT - echo -e "$npm_instructions" >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT - - - name: Provide preview link info - if: ${{ steps.package-preview.outputs.npm_instructions != '' }} - uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 - with: - header: pr_preview_consumption - message: | - ### Install the preview package from this PR - - ```sh - ${{ steps.package-preview.outputs.npm_instructions }} - ``` - GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} From e73d2d380fce3f8852d48c9484008ce4901cec12 Mon Sep 17 00:00:00 2001 From: ValeryG Date: Mon, 25 Aug 2025 09:32:41 -0600 Subject: [PATCH 3/7] fix: restore lost on merge --- package.json | 96 +++++++++++++++++++++++++--------------------------- 1 file changed, 46 insertions(+), 50 deletions(-) diff --git a/package.json b/package.json index e2b01d93..16fec583 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@kong/markdown", - "version": "1.7.34", + "version": "1.7.8", "description": "Kong's open-source markdown renderer and live editor", "keywords": [ "markdown", @@ -21,12 +21,9 @@ "typings": "dist/types", "exports": { ".": { - "types": "./dist/types/index.d.ts", "import": "./dist/kong-markdown.es.js", "require": "./dist/kong-markdown.umd.js" }, - "./dist/style.css": "./dist/markdown.css", - "./style.css": "./dist/markdown.css", "./package.json": "./package.json", "./dist/*": "./dist/*" }, @@ -56,16 +53,16 @@ "vue": ">= 3.3.13 < 4" }, "dependencies": { - "@kong/icons": "^1.33.2", + "@kong/icons": "^1.15.1", "@mdit-vue/plugin-frontmatter": "^2.1.3", "@sindresorhus/slugify": "^2.2.1", - "@vueuse/core": "^12.0.0", + "@vueuse/core": "^10.11.0", "buffer": "^6.0.3", "html-format": "^1.1.7", "markdown-it": "^14.1.0", "markdown-it-abbr": "^2.0.0", - "markdown-it-anchor": "^9.2.0", - "markdown-it-attrs": "^4.2.0", + "markdown-it-anchor": "^9.0.1", + "markdown-it-attrs": "^4.1.6", "markdown-it-deflist": "^3.0.0", "markdown-it-emoji": "^3.0.0", "markdown-it-footnote": "^4.0.0", @@ -75,66 +72,60 @@ "markdown-it-sup": "^2.0.0", "markdown-it-task-lists": "^2.1.1", "markdown-it-textual-uml": "^0.17.1", - "mermaid": "^11.4.1", - "uuid": "^11.0.5" + "mermaid": "^10.9.1", + "uuid": "^10.0.0" }, "devDependencies": { - "@babel/types": "^7.26.9", - "@commitlint/cli": "^19.6.1", - "@commitlint/config-conventional": "^19.6.0", + "@babel/types": "^7.24.7", + "@commitlint/cli": "^19.3.0", + "@commitlint/config-conventional": "^19.2.2", "@digitalroute/cz-conventional-changelog-for-jira": "^8.0.1", - "@evilmartians/lefthook": "^1.8.5", - "@kong/design-tokens": "^1.17.6", - "@kong/eslint-config-kong-ui": "^1.3.0", + "@evilmartians/lefthook": "^1.7.1", + "@kong/design-tokens": "^1.17.2", + "@kong/eslint-config-kong-ui": "^1.1.1", "@mdit-vue/types": "^2.1.0", "@semantic-release/changelog": "^6.0.3", "@semantic-release/git": "^10.0.1", - "@shikijs/markdown-it": "^1.29.2", - "@stylistic/stylelint-plugin": "^3.1.2", + "@shikijs/markdown-it": "^1.16.2", + "@stylistic/stylelint-plugin": "^2.1.2", "@types/jsdom": "^21.1.7", - "@types/markdown-it": "^14.1.2", + "@types/markdown-it": "^14.1.1", "@types/markdown-it-attrs": "^4.1.3", "@types/markdown-it-emoji": "^3.0.1", "@types/markdown-it-footnote": "^3.0.4", - "@types/node": "^22.10.10", + "@types/node": "^20.14.10", "@types/uuid": "^10.0.0", - "@vitejs/plugin-vue": "^6.0.0", - "@vitest/ui": "^3.0.8", + "@vitejs/plugin-vue": "^5.0.5", + "@vitest/ui": "^2.0.1", "@vue/test-utils": "^2.4.6", - "@vue/tsconfig": "^0.7.0", - "autoprefixer": "^10.4.20", - "c8": "^10.1.3", - "commitizen": "^4.3.1", + "@vue/tsconfig": "^0.5.1", + "autoprefixer": "^10.4.19", + "c8": "^10.1.2", + "commitizen": "^4.3.0", "cross-env": "^7.0.3", "cz-conventional-changelog": "^3.3.0", - "eslint": "^9.17.0", - "jsdom": "^26.0.0", - "postcss": "^8.4.49", + "eslint": "^9.6.0", + "jsdom": "^24.1.0", + "postcss": "^8.4.39", "postcss-html": "^1.7.0", - "rimraf": "^6.0.1", + "rimraf": "^5.0.8", "rollup-plugin-visualizer": "^5.12.0", - "sass": "^1.83.4", - "semantic-release": "^24.2.3", - "shiki": "^1.29.2", - "stylelint": "^16.10.0", + "sass": "^1.77.6", + "semantic-release": "^24.0.0", + "shiki": "^1.16.2", + "stylelint": "^16.6.1", "stylelint-config-html": "^1.1.0", "stylelint-config-recommended-scss": "^14.1.0", "stylelint-config-recommended-vue": "^1.5.0", "stylelint-order": "^6.0.4", "ts-node": "^10.9.2", - "tsc-alias": "^1.8.11", - "typescript": "^5.6.3", - "vite": "^6.0.11", - "vite-plugin-vue-devtools": "^7.6.8", - "vitest": "3.0.8", - "vue": "^3.5.13", - "vue-tsc": "^2.1.10" - }, - "pnpm": { - "onlyBuiltDependencies": [ - "@evilmartians/lefthook", - "esbuild" - ] + "tsc-alias": "^1.8.10", + "typescript": "^5.5.3", + "vite": "^5.3.3", + "vite-plugin-vue-devtools": "^7.3.5", + "vitest": "2.0.1", + "vue": "^3.4.31", + "vue-tsc": "^2.0.26" }, "repository": { "type": "git", @@ -172,7 +163,12 @@ "changelogFile": "CHANGELOG.md" } ], - "@semantic-release/npm", + [ + "@semantic-release/npm", + { + "npmPublish": false + } + ], [ "@semantic-release/git", { @@ -189,8 +185,8 @@ "node": ">=18.17.0" }, "volta": { - "node": "22.12.0", - "pnpm": "9.14.4" + "node": "24.6.0", + "pnpm": "9.6.0" }, "config": { "commitizen": { From d31403bff265dbc6d8761d143c0b6152211e4952 Mon Sep 17 00:00:00 2001 From: ValeryG Date: Mon, 25 Aug 2025 09:37:53 -0600 Subject: [PATCH 4/7] fix: remove unneeded --- .../workflows/cleanup-preview-packages.yaml | 35 ------------------- 1 file changed, 35 deletions(-) delete mode 100644 .github/workflows/cleanup-preview-packages.yaml diff --git a/.github/workflows/cleanup-preview-packages.yaml b/.github/workflows/cleanup-preview-packages.yaml deleted file mode 100644 index 9fd4a595..00000000 --- a/.github/workflows/cleanup-preview-packages.yaml +++ /dev/null @@ -1,35 +0,0 @@ -name: Cleanup PR preview packages -on: - workflow_dispatch: - - schedule: - - cron: '0 2/6 * * 6,0' - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -jobs: - cleanup: - name: Cleanup PR Previews - runs-on: ubuntu-latest - timeout-minutes: 30 - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN_PUBLIC_PUBLISH }} - GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} - - steps: - - name: Checkout Source Code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Prepare cleanup - id: prepare - run: | - echo "openPRs=$(gh pr list --state open --json number|jq -cM 'map(.number|tostring)')" >> $GITHUB_OUTPUT - echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc - - - name: Cleanup PR preview - uses: Kong/public-shared-actions/pr-previews/cleanup@main - with: - package: "@kong/markdown" - openPRs: ${{ steps.prepare.outputs.openPRs }} From e6afaa0c63e65683f276038b7ceb0d645da80a51 Mon Sep 17 00:00:00 2001 From: ValeryG Date: Mon, 25 Aug 2025 09:39:42 -0600 Subject: [PATCH 5/7] fix: package.json changes --- package.json | 87 +++++++++++++++++++++++++++++----------------------- 1 file changed, 48 insertions(+), 39 deletions(-) diff --git a/package.json b/package.json index 16fec583..7ce9a8c3 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@kong/markdown", - "version": "1.7.8", + "version": "1.7.34", "description": "Kong's open-source markdown renderer and live editor", "keywords": [ "markdown", @@ -21,9 +21,12 @@ "typings": "dist/types", "exports": { ".": { + "types": "./dist/types/index.d.ts", "import": "./dist/kong-markdown.es.js", "require": "./dist/kong-markdown.umd.js" }, + "./dist/style.css": "./dist/markdown.css", + "./style.css": "./dist/markdown.css", "./package.json": "./package.json", "./dist/*": "./dist/*" }, @@ -53,16 +56,16 @@ "vue": ">= 3.3.13 < 4" }, "dependencies": { - "@kong/icons": "^1.15.1", + "@kong/icons": "^1.33.2", "@mdit-vue/plugin-frontmatter": "^2.1.3", "@sindresorhus/slugify": "^2.2.1", - "@vueuse/core": "^10.11.0", + "@vueuse/core": "^12.0.0", "buffer": "^6.0.3", "html-format": "^1.1.7", "markdown-it": "^14.1.0", "markdown-it-abbr": "^2.0.0", - "markdown-it-anchor": "^9.0.1", - "markdown-it-attrs": "^4.1.6", + "markdown-it-anchor": "^9.2.0", + "markdown-it-attrs": "^4.2.0", "markdown-it-deflist": "^3.0.0", "markdown-it-emoji": "^3.0.0", "markdown-it-footnote": "^4.0.0", @@ -72,60 +75,66 @@ "markdown-it-sup": "^2.0.0", "markdown-it-task-lists": "^2.1.1", "markdown-it-textual-uml": "^0.17.1", - "mermaid": "^10.9.1", - "uuid": "^10.0.0" + "mermaid": "^11.4.1", + "uuid": "^11.0.5" }, "devDependencies": { - "@babel/types": "^7.24.7", - "@commitlint/cli": "^19.3.0", - "@commitlint/config-conventional": "^19.2.2", + "@babel/types": "^7.26.9", + "@commitlint/cli": "^19.6.1", + "@commitlint/config-conventional": "^19.6.0", "@digitalroute/cz-conventional-changelog-for-jira": "^8.0.1", - "@evilmartians/lefthook": "^1.7.1", - "@kong/design-tokens": "^1.17.2", - "@kong/eslint-config-kong-ui": "^1.1.1", + "@evilmartians/lefthook": "^1.8.5", + "@kong/design-tokens": "^1.17.6", + "@kong/eslint-config-kong-ui": "^1.3.0", "@mdit-vue/types": "^2.1.0", "@semantic-release/changelog": "^6.0.3", "@semantic-release/git": "^10.0.1", - "@shikijs/markdown-it": "^1.16.2", - "@stylistic/stylelint-plugin": "^2.1.2", + "@shikijs/markdown-it": "^1.29.2", + "@stylistic/stylelint-plugin": "^3.1.2", "@types/jsdom": "^21.1.7", - "@types/markdown-it": "^14.1.1", + "@types/markdown-it": "^14.1.2", "@types/markdown-it-attrs": "^4.1.3", "@types/markdown-it-emoji": "^3.0.1", "@types/markdown-it-footnote": "^3.0.4", - "@types/node": "^20.14.10", + "@types/node": "^22.10.10", "@types/uuid": "^10.0.0", - "@vitejs/plugin-vue": "^5.0.5", - "@vitest/ui": "^2.0.1", + "@vitejs/plugin-vue": "^6.0.0", + "@vitest/ui": "^3.0.8", "@vue/test-utils": "^2.4.6", - "@vue/tsconfig": "^0.5.1", - "autoprefixer": "^10.4.19", - "c8": "^10.1.2", - "commitizen": "^4.3.0", + "@vue/tsconfig": "^0.7.0", + "autoprefixer": "^10.4.20", + "c8": "^10.1.3", + "commitizen": "^4.3.1", "cross-env": "^7.0.3", "cz-conventional-changelog": "^3.3.0", - "eslint": "^9.6.0", - "jsdom": "^24.1.0", - "postcss": "^8.4.39", + "eslint": "^9.17.0", + "jsdom": "^26.0.0", + "postcss": "^8.4.49", "postcss-html": "^1.7.0", - "rimraf": "^5.0.8", + "rimraf": "^6.0.1", "rollup-plugin-visualizer": "^5.12.0", - "sass": "^1.77.6", - "semantic-release": "^24.0.0", - "shiki": "^1.16.2", - "stylelint": "^16.6.1", + "sass": "^1.83.4", + "semantic-release": "^24.2.3", + "shiki": "^1.29.2", + "stylelint": "^16.10.0", "stylelint-config-html": "^1.1.0", "stylelint-config-recommended-scss": "^14.1.0", "stylelint-config-recommended-vue": "^1.5.0", "stylelint-order": "^6.0.4", "ts-node": "^10.9.2", - "tsc-alias": "^1.8.10", - "typescript": "^5.5.3", - "vite": "^5.3.3", - "vite-plugin-vue-devtools": "^7.3.5", - "vitest": "2.0.1", - "vue": "^3.4.31", - "vue-tsc": "^2.0.26" + "tsc-alias": "^1.8.11", + "typescript": "^5.6.3", + "vite": "^6.0.11", + "vite-plugin-vue-devtools": "^7.6.8", + "vitest": "3.0.8", + "vue": "^3.5.13", + "vue-tsc": "^2.1.10" + }, + "pnpm": { + "onlyBuiltDependencies": [ + "@evilmartians/lefthook", + "esbuild" + ] }, "repository": { "type": "git", @@ -186,7 +195,7 @@ }, "volta": { "node": "24.6.0", - "pnpm": "9.6.0" + "pnpm": "9.14.4" }, "config": { "commitizen": { From c07967af3caadd8d0a24413837cdf5aa318dea71 Mon Sep 17 00:00:00 2001 From: ValeryG Date: Mon, 25 Aug 2025 09:40:59 -0600 Subject: [PATCH 6/7] fix: test.yaml --- .github/workflows/test.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 25c04742..afd54be9 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -16,9 +16,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 uses: actions/checkout@v4 - name: Setup PNPM with Dependencies uses: ./.github/actions/setup-pnpm-with-dependencies/ From 9693780e011fdad69665baca56d26a094099f2ec Mon Sep 17 00:00:00 2001 From: ValeryG Date: Mon, 25 Aug 2025 09:45:44 -0600 Subject: [PATCH 7/7] fix: resolve merges --- .github/workflows/publish.yaml | 12 ++++++------ .github/workflows/test.yaml | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index ac2ec264..d25edda4 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -40,7 +40,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 token: ${{ secrets.KONGPONENTS_BOT_PAT }} @@ -111,7 +111,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.KONGPONENTS_BOT_PAT }} - name: Semantic Release - uses: cycjimmy/semantic-release-action@v4 + uses: cycjimmy/semantic-release-action@16ca923e6ccbb50770c415a0ccd43709a8c5f7a4 # v4.2.2 if: github.event_name == 'push' env: # Since branch protections are on (pushing commits) you need to use a bot PAT @@ -145,7 +145,7 @@ jobs: cancel-in-progress: false steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup PNPM with Dependencies uses: ./.github/actions/setup-pnpm-with-dependencies/ @@ -159,14 +159,14 @@ jobs: run: pnpm run build:sandbox - name: Setup Pages - uses: actions/configure-pages@v5 + uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5 - name: Upload artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 with: # Upload sandbox/dist directory path: './sandbox/dist' - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index afd54be9..ff125ba3 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup PNPM with Dependencies uses: ./.github/actions/setup-pnpm-with-dependencies/