chore: fix staging pipelines for 2.9.15 (#1715)

* fix versions * update publish logic
2026-02-19 02:24:25 -05:00 · 2026-02-06 13:27:20 -08:00
parent a1b04f2b03
commit df208e787b
3 changed files with 161 additions and 16 deletions
--- a/.github/workflows/npm-publish.yml
+++ b/.github/workflows/npm-publish.yml
@@ -12,11 +12,26 @@ on:
      - "sdk/qrcode-angular/package.json"
      - "contracts/package.json"
  workflow_dispatch:
+    inputs:
+      strict_mode:
+        description: "Fail workflow on publish errors (false = continue on error)"
+        required: false
+        type: boolean
+        default: false

 permissions:
  id-token: write # Required for OIDC
  contents: read

+# Error Handling Strategy:
+# - STRICT_PUBLISH_MODE controls whether publish failures stop the workflow
+# - Current (false): continue-on-error=true, workflow always succeeds
+# - Target (true): continue-on-error=false, fail on real errors (expired tokens, network issues)
+# - Manual override: Use workflow_dispatch with strict_mode input to test
+# TODO: Set STRICT_PUBLISH_MODE=true once NPM token is rotated and verified
+env:
+  STRICT_PUBLISH_MODE: false
+
 jobs:
  detect-changes:
    runs-on: ubuntu-latest
@@ -86,8 +101,21 @@ jobs:
        run: |
          yarn workspace @selfxyz/core build:deps

+      - name: Check NPM Token
+        id: check-token
+        run: |
+          if [ -z "${{ secrets.NPM_TOKEN }}" ]; then
+            echo "⚠️ Warning: NPM_TOKEN is not set. Skipping publish."
+            echo "token_available=false" >> $GITHUB_OUTPUT
+          else
+            echo "token_available=true" >> $GITHUB_OUTPUT
+          fi
+
      - name: Publish to npm
+        if: steps.check-token.outputs.token_available == 'true'
        working-directory: sdk/core
+        continue-on-error: ${{ github.event.inputs.strict_mode != 'true' && env.STRICT_PUBLISH_MODE != 'true' }}
+        id: publish
        run: |
          yarn config set npmPublishAccess public
          yarn npm publish --access public
@@ -95,6 +123,17 @@ jobs:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
          NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

+      - name: Publish result
+        if: always()
+        run: |
+          if [ "${{ steps.check-token.outputs.token_available }}" != "true" ]; then
+            echo "::warning::NPM publish skipped - NPM_TOKEN not configured. Please rotate the token in repository secrets."
+          elif [ "${{ steps.publish.outcome }}" != "success" ]; then
+            echo "::warning::NPM publish failed - This may be due to an expired or invalid NPM_TOKEN. Please check and rotate the token."
+          else
+            echo "✅ Package published successfully"
+          fi
+
  publish-qrcode:
    needs: detect-changes
    if: needs.detect-changes.outputs.qrcode_changed == 'true'
@@ -114,8 +153,21 @@ jobs:
        run: |
          yarn workspace @selfxyz/qrcode build:deps

+      - name: Check NPM Token
+        id: check-token
+        run: |
+          if [ -z "${{ secrets.NPM_TOKEN }}" ]; then
+            echo "⚠️ Warning: NPM_TOKEN is not set. Skipping publish."
+            echo "token_available=false" >> $GITHUB_OUTPUT
+          else
+            echo "token_available=true" >> $GITHUB_OUTPUT
+          fi
+
      - name: Publish to npm
+        if: steps.check-token.outputs.token_available == 'true'
        working-directory: sdk/qrcode
+        continue-on-error: ${{ github.event.inputs.strict_mode != 'true' && env.STRICT_PUBLISH_MODE != 'true' }}
+        id: publish
        run: |
          yarn config set npmPublishAccess public
          yarn npm publish --access public
@@ -123,6 +175,17 @@ jobs:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
          NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

+      - name: Publish result
+        if: always()
+        run: |
+          if [ "${{ steps.check-token.outputs.token_available }}" != "true" ]; then
+            echo "::warning::NPM publish skipped - NPM_TOKEN not configured. Please rotate the token in repository secrets."
+          elif [ "${{ steps.publish.outcome }}" != "success" ]; then
+            echo "::warning::NPM publish failed - This may be due to an expired or invalid NPM_TOKEN. Please check and rotate the token."
+          else
+            echo "✅ Package published successfully"
+          fi
+
  publish-common:
    needs: detect-changes
    if: needs.detect-changes.outputs.common_changed == 'true'
@@ -141,14 +204,38 @@ jobs:
        run: |
          yarn workspace @selfxyz/common build

+      - name: Check NPM Token
+        id: check-token
+        run: |
+          if [ -z "${{ secrets.NPM_TOKEN }}" ]; then
+            echo "⚠️ Warning: NPM_TOKEN is not set. Skipping publish."
+            echo "token_available=false" >> $GITHUB_OUTPUT
+          else
+            echo "token_available=true" >> $GITHUB_OUTPUT
+          fi
+
      - name: Publish to npm
+        if: steps.check-token.outputs.token_available == 'true'
        working-directory: common
+        continue-on-error: ${{ github.event.inputs.strict_mode != 'true' && env.STRICT_PUBLISH_MODE != 'true' }}
+        id: publish
        run: |
          yarn config set npmPublishAccess public
          yarn npm publish --access public
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
          NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Publish result
+        if: always()
+        run: |
+          if [ "${{ steps.check-token.outputs.token_available }}" != "true" ]; then
+            echo "::warning::NPM publish skipped - NPM_TOKEN not configured. Please rotate the token in repository secrets."
+          elif [ "${{ steps.publish.outcome }}" != "success" ]; then
+            echo "::warning::NPM publish failed - This may be due to an expired or invalid NPM_TOKEN. Please check and rotate the token."
+          else
+            echo "✅ Package published successfully"
+          fi
  publish-contracts:
    needs: detect-changes
    if: needs.detect-changes.outputs.contracts_changed == 'true'
@@ -165,14 +252,38 @@ jobs:
      - name: Build package
        run: |
          yarn workspace @selfxyz/contracts build
+      - name: Check NPM Token
+        id: check-token
+        run: |
+          if [ -z "${{ secrets.NPM_TOKEN }}" ]; then
+            echo "⚠️ Warning: NPM_TOKEN is not set. Skipping publish."
+            echo "token_available=false" >> $GITHUB_OUTPUT
+          else
+            echo "token_available=true" >> $GITHUB_OUTPUT
+          fi
+
      - name: Publish to npm
+        if: steps.check-token.outputs.token_available == 'true'
        working-directory: contracts
+        continue-on-error: ${{ github.event.inputs.strict_mode != 'true' && env.STRICT_PUBLISH_MODE != 'true' }}
+        id: publish
        run: |
          yarn config set npmPublishAccess public
          yarn npm publish --access public
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
          NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Publish result
+        if: always()
+        run: |
+          if [ "${{ steps.check-token.outputs.token_available }}" != "true" ]; then
+            echo "::warning::NPM publish skipped - NPM_TOKEN not configured. Please rotate the token in repository secrets."
+          elif [ "${{ steps.publish.outcome }}" != "success" ]; then
+            echo "::warning::NPM publish failed - This may be due to an expired or invalid NPM_TOKEN. Please check and rotate the token."
+          else
+            echo "✅ Package published successfully"
+          fi
  publish-qrcode-angular:
    needs: detect-changes
    if: needs.detect-changes.outputs.qrcode_angular_changed == 'true'
@@ -192,8 +303,21 @@ jobs:
        run: |
          yarn workspace @selfxyz/qrcode-angular build:deps

+      - name: Check NPM Token
+        id: check-token
+        run: |
+          if [ -z "${{ secrets.NPM_TOKEN }}" ]; then
+            echo "⚠️ Warning: NPM_TOKEN is not set. Skipping publish."
+            echo "token_available=false" >> $GITHUB_OUTPUT
+          else
+            echo "token_available=true" >> $GITHUB_OUTPUT
+          fi
+
      - name: Publish to npm
+        if: steps.check-token.outputs.token_available == 'true'
        working-directory: sdk/qrcode-angular
+        continue-on-error: ${{ github.event.inputs.strict_mode != 'true' && env.STRICT_PUBLISH_MODE != 'true' }}
+        id: publish
        run: |
          yarn config set npmPublishAccess public
          yarn npm publish --access public
@@ -201,6 +325,17 @@ jobs:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
          NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

+      - name: Publish result
+        if: always()
+        run: |
+          if [ "${{ steps.check-token.outputs.token_available }}" != "true" ]; then
+            echo "::warning::NPM publish skipped - NPM_TOKEN not configured. Please rotate the token in repository secrets."
+          elif [ "${{ steps.publish.outcome }}" != "success" ]; then
+            echo "::warning::NPM publish failed - This may be due to an expired or invalid NPM_TOKEN. Please check and rotate the token."
+          else
+            echo "✅ Package published successfully"
+          fi
+
  publish-msdk:
    needs: detect-changes
    if: needs.detect-changes.outputs.msdk_changed == 'true'
@@ -221,11 +356,35 @@ jobs:
          yarn workspace @selfxyz/common build
          yarn workspace @selfxyz/mobile-sdk-alpha build

+      - name: Check NPM Token
+        id: check-token
+        run: |
+          if [ -z "${{ secrets.NPM_TOKEN }}" ]; then
+            echo "⚠️ Warning: NPM_TOKEN is not set. Skipping publish."
+            echo "token_available=false" >> $GITHUB_OUTPUT
+          else
+            echo "token_available=true" >> $GITHUB_OUTPUT
+          fi
+
      - name: Publish to npm
+        if: steps.check-token.outputs.token_available == 'true'
        working-directory: packages/mobile-sdk-alpha
+        continue-on-error: ${{ github.event.inputs.strict_mode != 'true' && env.STRICT_PUBLISH_MODE != 'true' }}
+        id: publish
        run: |
          yarn config set npmPublishAccess restricted
          yarn npm publish --access restricted --tag alpha
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
          NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Publish result
+        if: always()
+        run: |
+          if [ "${{ steps.check-token.outputs.token_available }}" != "true" ]; then
+            echo "::warning::NPM publish skipped - NPM_TOKEN not configured. Please rotate the token in repository secrets."
+          elif [ "${{ steps.publish.outcome }}" != "success" ]; then
+            echo "::warning::NPM publish failed - This may be due to an expired or invalid NPM_TOKEN. Please check and rotate the token."
+          else
+            echo "✅ Package published successfully"
+          fi