From 6a29e73799409d4ba0da871922d22e939b8064cd Mon Sep 17 00:00:00 2001 From: Nick Nisi Date: Thu, 5 Feb 2026 16:46:18 -0500 Subject: [PATCH 1/6] feat: derive VERSION from package.json instead of hardcoding Imports version directly from package.json so release-please can manage it from a single source of truth. Switches jest transform from ts-jest to babel-jest for all files to support import attributes, and removes the now-unused ts-jest dependency. --- jest.config.cjs | 3 +- package-lock.json | 154 ---------------------------------------------- package.json | 1 - src/workos.ts | 3 +- 4 files changed, 2 insertions(+), 159 deletions(-) diff --git a/jest.config.cjs b/jest.config.cjs index 1ed790d07..c0929fcbb 100644 --- a/jest.config.cjs +++ b/jest.config.cjs @@ -8,8 +8,7 @@ module.exports = { roots: ['/src'], setupFilesAfterEnv: ['./setup-jest.ts'], transform: { - '^.+\\.ts?$': 'ts-jest', - '^.+\\.m?js$': '/jest-transform-esm.cjs', + '^.+\\.m?[jt]s$': '/jest-transform-esm.cjs', }, transformIgnorePatterns: [ 'node_modules/(?!(iron-webcrypto|uint8array-extras|@noble|@scure|jose)/)', diff --git a/package-lock.json b/package-lock.json index e2b6b4344..f977a966e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -30,7 +30,6 @@ "jest-fetch-mock": "^3.0.3", "miniflare": "^4.20251004.0", "prettier": "^3.5.3", - "ts-jest": "29.4.4", "tsdown": "^0.17.0", "tsx": "^4.20.6", "typescript": "5.9.3", @@ -5413,19 +5412,6 @@ "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7" } }, - "node_modules/bs-logger": { - "version": "0.2.6", - "resolved": "https://registry.npmjs.org/bs-logger/-/bs-logger-0.2.6.tgz", - "integrity": "sha512-pd8DCoxmbgc7hyPKOvxtqNcjYoOsABPQdcCUjGp3d42VR2CX1ORhk2A87oqqu5R1kk+76nsxZupkmyd+MVtCog==", - "dev": true, - "license": "MIT", - "dependencies": { - "fast-json-stable-stringify": "2.x" - }, - "engines": { - "node": ">= 6" - } - }, "node_modules/bser": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", @@ -6836,28 +6822,6 @@ "dev": true, "license": "ISC" }, - "node_modules/handlebars": { - "version": "4.7.8", - "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz", - "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==", - "dev": true, - "license": "MIT", - "dependencies": { - "minimist": "^1.2.5", - "neo-async": "^2.6.2", - "source-map": "^0.6.1", - "wordwrap": "^1.0.0" - }, - "bin": { - "handlebars": "bin/handlebars" - }, - "engines": { - "node": ">=0.4.7" - }, - "optionalDependencies": { - "uglify-js": "^3.1.4" - } - }, "node_modules/has-flag": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", @@ -8015,13 +7979,6 @@ "dev": true, "license": "MIT" }, - "node_modules/lodash.memoize": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", - "integrity": "sha512-t7j+NzmgnQzTAYXcsHYLgimltOV1MXHtlOWf6GjL9Kj8GK5FInw5JotxvbOs+IvV1/Dzo04/fCGfLVs7aXb4Ag==", - "dev": true, - "license": "MIT" - }, "node_modules/lodash.merge": { "version": "4.6.2", "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", @@ -8065,13 +8022,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/make-error": { - "version": "1.3.6", - "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", - "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==", - "dev": true, - "license": "ISC" - }, "node_modules/makeerror": { "version": "1.0.12", "resolved": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", @@ -8266,16 +8216,6 @@ "url": "https://github.com/sponsors/isaacs" } }, - "node_modules/minimist": { - "version": "1.2.8", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", - "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", - "dev": true, - "license": "MIT", - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, "node_modules/minipass": { "version": "7.1.2", "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", @@ -8328,13 +8268,6 @@ "dev": true, "license": "MIT" }, - "node_modules/neo-async": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz", - "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==", - "dev": true, - "license": "MIT" - }, "node_modules/node-emoji": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/node-emoji/-/node-emoji-2.2.0.tgz", @@ -9869,72 +9802,6 @@ "url": "https://github.com/sponsors/jonschlinkert" } }, - "node_modules/ts-jest": { - "version": "29.4.4", - "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.4.4.tgz", - "integrity": "sha512-ccVcRABct5ZELCT5U0+DZwkXMCcOCLi2doHRrKy1nK/s7J7bch6TzJMsrY09WxgUUIP/ITfmcDS8D2yl63rnXw==", - "dev": true, - "license": "MIT", - "dependencies": { - "bs-logger": "^0.2.6", - "fast-json-stable-stringify": "^2.1.0", - "handlebars": "^4.7.8", - "json5": "^2.2.3", - "lodash.memoize": "^4.1.2", - "make-error": "^1.3.6", - "semver": "^7.7.2", - "type-fest": "^4.41.0", - "yargs-parser": "^21.1.1" - }, - "bin": { - "ts-jest": "cli.js" - }, - "engines": { - "node": "^14.15.0 || ^16.10.0 || ^18.0.0 || >=20.0.0" - }, - "peerDependencies": { - "@babel/core": ">=7.0.0-beta.0 <8", - "@jest/transform": "^29.0.0 || ^30.0.0", - "@jest/types": "^29.0.0 || ^30.0.0", - "babel-jest": "^29.0.0 || ^30.0.0", - "jest": "^29.0.0 || ^30.0.0", - "jest-util": "^29.0.0 || ^30.0.0", - "typescript": ">=4.3 <6" - }, - "peerDependenciesMeta": { - "@babel/core": { - "optional": true - }, - "@jest/transform": { - "optional": true - }, - "@jest/types": { - "optional": true - }, - "babel-jest": { - "optional": true - }, - "esbuild": { - "optional": true - }, - "jest-util": { - "optional": true - } - } - }, - "node_modules/ts-jest/node_modules/type-fest": { - "version": "4.41.0", - "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-4.41.0.tgz", - "integrity": "sha512-TeTSQ6H5YHvpqVwBRcnLDCBnDOHWYu7IvGbHT6N8AOymcr9PJGjc1GTtiWZTYg0NCgYwvnYWEkVChQAr9bjfwA==", - "dev": true, - "license": "(MIT OR CC0-1.0)", - "engines": { - "node": ">=16" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, "node_modules/tsdown": { "version": "0.17.2", "resolved": "https://registry.npmjs.org/tsdown/-/tsdown-0.17.2.tgz", @@ -10098,20 +9965,6 @@ "typescript": ">=4.8.4 <6.0.0" } }, - "node_modules/uglify-js": { - "version": "3.19.3", - "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.19.3.tgz", - "integrity": "sha512-v3Xu+yuwBXisp6QYTcH4UbH+xYJXqnq2m/LtQVWKWzYc1iehYnLixoQDN9FH6/j9/oybfd6W9Ghwkl8+UMKTKQ==", - "dev": true, - "license": "BSD-2-Clause", - "optional": true, - "bin": { - "uglifyjs": "bin/uglifyjs" - }, - "engines": { - "node": ">=0.8.0" - } - }, "node_modules/uint8array-extras": { "version": "1.5.0", "resolved": "https://registry.npmjs.org/uint8array-extras/-/uint8array-extras-1.5.0.tgz", @@ -10671,13 +10524,6 @@ "node": ">=0.10.0" } }, - "node_modules/wordwrap": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", - "integrity": "sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q==", - "dev": true, - "license": "MIT" - }, "node_modules/workerd": { "version": "1.20260107.1", "resolved": "https://registry.npmjs.org/workerd/-/workerd-1.20260107.1.tgz", diff --git a/package.json b/package.json index 6c130dab3..dc426d0aa 100644 --- a/package.json +++ b/package.json @@ -62,7 +62,6 @@ "jest-fetch-mock": "^3.0.3", "miniflare": "^4.20251004.0", "prettier": "^3.5.3", - "ts-jest": "29.4.4", "tsdown": "^0.17.0", "tsx": "^4.20.6", "typescript": "5.9.3", diff --git a/src/workos.ts b/src/workos.ts index 20ee48cd4..4d5b45156 100644 --- a/src/workos.ts +++ b/src/workos.ts @@ -46,8 +46,7 @@ import { CryptoProvider } from './common/crypto/crypto-provider'; import { ParseError } from './common/exceptions/parse-error'; import { getEnv } from './common/utils/env'; import { getRuntimeInfo } from './common/utils/runtime-info'; - -const VERSION = '8.6.0'; +import { version as VERSION } from '../package.json' with { type: 'json' }; const DEFAULT_HOSTNAME = 'api.workos.com'; From 871e55e053a0901ebcadcd696565ae5390905758 Mon Sep 17 00:00:00 2001 From: Nick Nisi Date: Thu, 5 Feb 2026 17:01:53 -0500 Subject: [PATCH 2/6] chore: add release-please configuration Automates version bumps, changelog generation, and GitHub releases via release-please. The existing release.yml workflow handles npm publishing when a release is created. --- .github/workflows/release-please.yml | 18 ++++++++++++++++++ .release-please-manifest.json | 3 +++ release-please-config.json | 12 ++++++++++++ 3 files changed, 33 insertions(+) create mode 100644 .github/workflows/release-please.yml create mode 100644 .release-please-manifest.json create mode 100644 release-please-config.json diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml new file mode 100644 index 000000000..9e2f5a9bf --- /dev/null +++ b/.github/workflows/release-please.yml @@ -0,0 +1,18 @@ +name: Release Please + +on: + push: + branches: + - main + +permissions: + contents: write + pull-requests: write + +jobs: + release-please: + runs-on: ubuntu-latest + steps: + - uses: googleapis/release-please-action@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.release-please-manifest.json b/.release-please-manifest.json new file mode 100644 index 000000000..f59c11ca8 --- /dev/null +++ b/.release-please-manifest.json @@ -0,0 +1,3 @@ +{ + ".": "8.2.0" +} diff --git a/release-please-config.json b/release-please-config.json new file mode 100644 index 000000000..7dcb33a62 --- /dev/null +++ b/release-please-config.json @@ -0,0 +1,12 @@ +{ + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json", + "include-component-in-tag": false, + "packages": { + ".": { + "release-type": "node", + "bump-minor-pre-major": true, + "changelog-path": "CHANGELOG.md", + "versioning": "default" + } + } +} From e58fa382a04f92d1ececb6741e091d7f9830827e Mon Sep 17 00:00:00 2001 From: Nick Nisi Date: Thu, 5 Feb 2026 17:08:13 -0500 Subject: [PATCH 3/6] ci: add PR title linting for conventional commits --- .github/workflows/lint-pr-title.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/workflows/lint-pr-title.yml diff --git a/.github/workflows/lint-pr-title.yml b/.github/workflows/lint-pr-title.yml new file mode 100644 index 000000000..b8e96ff0d --- /dev/null +++ b/.github/workflows/lint-pr-title.yml @@ -0,0 +1,16 @@ +name: Lint PR Title + +on: + pull_request_target: + types: [opened, edited, synchronize] + +permissions: + pull-requests: read + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@v5 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 1b663b99cd8a66071d68c86eaf5b18202ecbc03e Mon Sep 17 00:00:00 2001 From: Nick Nisi Date: Thu, 5 Feb 2026 17:12:35 -0500 Subject: [PATCH 4/6] chore: remove bump-minor-pre-major from release-please config This option only applies to 0.x versions. At 8.x, breaking changes already bump major by default. --- release-please-config.json | 1 - 1 file changed, 1 deletion(-) diff --git a/release-please-config.json b/release-please-config.json index 7dcb33a62..637e606c0 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -4,7 +4,6 @@ "packages": { ".": { "release-type": "node", - "bump-minor-pre-major": true, "changelog-path": "CHANGELOG.md", "versioning": "default" } From a35ba136ad14e1276c3ed2eb4d8b34db927022c4 Mon Sep 17 00:00:00 2001 From: Nick Nisi Date: Tue, 24 Feb 2026 15:42:55 -0600 Subject: [PATCH 5/6] ci: update release workflows for trusted publishing Chain release-please directly into the publish workflow via workflow_call and add id-token: write permission for npm provenance. Remove pre-release publish logic. --- .github/workflows/release-please.yml | 10 ++++++ .github/workflows/release.yml | 47 ++++++---------------------- 2 files changed, 20 insertions(+), 37 deletions(-) diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 9e2f5a9bf..50d0c3877 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -8,11 +8,21 @@ on: permissions: contents: write pull-requests: write + id-token: write jobs: release-please: runs-on: ubuntu-latest + outputs: + release_created: ${{ steps.release.outputs.release_created }} + tag_name: ${{ steps.release.outputs.tag_name }} steps: - uses: googleapis/release-please-action@v4 + id: release with: token: ${{ secrets.GITHUB_TOKEN }} + + publish: + needs: release-please + if: ${{ needs.release-please.outputs.release_created == 'true' }} + uses: ./.github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e91cb9438..d470e0ced 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,57 +1,30 @@ name: Release on: - # Support manually pushing a new release - workflow_dispatch: {} - # Trigger when a release or a pre-release is published - release: - types: [published] - -defaults: - run: - shell: bash + workflow_dispatch: + workflow_call: jobs: - test: - name: Publish to NPM + publish: + name: Publish to npm runs-on: ubuntu-latest permissions: contents: read id-token: write steps: - - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 with: node-version: 24 - registry-url: 'https://registry.npmjs.org' - name: Install Dependencies - run: | - npm install + run: npm install - name: Build Project - run: | - npm run build + run: npm run build - name: Run Tests - run: | - npm run test + run: npm run test - name: Publish - if: ${{ !github.event.release.prerelease }} - run: | - npm publish --tag latest --access=public --provenance - - - name: Publish Pre-Release - if: ${{ github.event.release.prerelease }} - run: | - # Tags may come prefixed with "v" which we want to remove before putting - # it as the version of this deploy. E.g. this will turn "v7.5.0-beta" to "7.5.0-beta" - CLEAN_TAG=$(echo "${{ github.event.release.tag_name }}" | sed 's/[^0-9]//') - jq ".version=\"${CLEAN_TAG}\"" package.json > package.json.deploy - cp package.json.deploy package.json - - echo "Deploying with package.json" - cat package.json - - npm publish --tag next --access=public --provenance + run: npm publish --tag latest --access public --provenance From 24d3bb575941e10834061d28a2a78ce2d6fef48e Mon Sep 17 00:00:00 2001 From: Nick Nisi Date: Tue, 24 Feb 2026 16:12:58 -0600 Subject: [PATCH 6/6] ci: bump actions/checkout and actions/setup-node to v6 --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d470e0ced..e42093f8c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,8 +12,8 @@ jobs: contents: read id-token: write steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@v6 + - uses: actions/setup-node@v6 with: node-version: 24