feat(npm-provenance) - Update to Node.js 20 and add npm package prove…

…nance (#566)

* feat(npm-provenance) - Update to Node.js 20 and add npm package provenance, modified package.json files to contain repository and publish information

* fix(package.json) - Typos, restricted access in publishConfig

---------

Co-authored-by: kruplm <[email protected]>

.github/workflows/continuous-integration.yml

@@ -23,12 +23,12 @@ jobs:
     strategy:
       matrix:
         dotnet-version: [ '6.0.x' ]
-        node-version: [ '18.x' ]
+        node-version: [ '20.x' ]
     steps:
-    - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+    - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
 
     - name: Setup Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+      uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
       with:
         node-version: ${{ matrix.node-version }}
         COMPOSEUI_SKIP_DOWNLOAD: ${{env.COMPOSEUI_SKIP_DOWNLOAD}}
@@ -99,7 +99,7 @@ jobs:
 
     # By uploading it's shared with the other workflows that are reusing this
     - name: Upload Shell Binaries
-      uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+      uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
       with:
         name: shell-binaries
         path: ${{ github.workspace }}/src/shell/dotnet/Shell/bin/Release/net6.0-windows/

.github/workflows/release.yml

@@ -22,7 +22,6 @@ jobs:
     permissions:
       contents: write
     steps:
-
       # Using shared artifact from build workflow
       - name: Download Artifact
         uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
@@ -52,13 +51,16 @@ jobs:
     name: Publish Package to npmjs
     runs-on: windows-latest
     needs: upload
+    permissions:
+      id-token: write
     steps:
       - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
       - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
-          node-version: 18
+          node-version: 20
           registry-url: https://registry.npmjs.org/
       - run: |
              lerna publish from-package --no-private --yes
         env:
           NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
+          NPM_CONFIG_PROVENANCE: true

package.json

@@ -10,6 +10,10 @@
     "src/fdc3/js/*",
     "prototypes/process-explorer/*"
   ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/MorganStanley/ComposeUI.git"
+  },
   "devDependencies": {
     "lerna": "8.1.2"
   }

src/fdc3/js/composeui-fdc3/package.json

@@ -23,6 +23,14 @@
     "jest-environment-jsdom": "^29.7.0",
     "rxjs": "^7.8.1"
   },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/morganstanley/ComposeUI.git"
+  },
+  "publishConfig": {
+    "access": "restricted",
+    "provenance": true
+  },
   "devDependencies": {
     "@rollup/plugin-commonjs": "25.0.7",
     "@rollup/plugin-node-resolve": "15.2.3",

src/messaging/js/composeui-messaging-client/package.json

@@ -16,6 +16,14 @@
         "build:rollup": "rollup -c",
         "test": "jest"
     },
+    "publishConfig": {
+        "access": "public",
+        "provenance": true
+    },
+    "repository": {
+        "type": "git",
+        "url": "git+https://github.com/morganstanley/ComposeUI.git"
+    },
     "author": "Morgan Stanley",
     "license": "Apache-2.0",
     "devDependencies": {

src/shell/js/composeui-node-launcher/package.json

@@ -10,14 +10,18 @@
   "license": "Apache-2.0",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/morganstanley/ComposeUI.git#main"
+    "url": "git+https://github.com/morganstanley/ComposeUI.git"
   },
   "scripts": {
     "clean": "rimraf output",
     "build": "npm run clean && tsc",
     "install": "node ./src/cli/install.js",
     "test": "jest"
   },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
   "bin": {
     "composeui": "./output/cli/cli.js"
   },