Merge v4 changes to main (#1912)

.github/actions/build/action.yml

@@ -5,7 +5,7 @@ inputs:
   node:
     description: The Node version to use
     required: false
-    default: 18
+    default: 22
 
 runs:
   using: composite
@@ -14,17 +14,17 @@ runs:
     - uses: actions/setup-node@v3
       with:
         node-version: ${{ inputs.node }}
-        cache: npm
+        cache: pnpm
 
     - shell: bash
-      run: npm ci
-      env:
-        NODE_ENV: development
+      run: |
+        npm i -g pnpm
+        pnpm --version  # Verify installation
 
     - shell: bash
-      run: npm run install:example
+      run: pnpm install
       env:
         NODE_ENV: development
 
     - shell: bash
-      run: npm run build
+      run: pnpm run build

.github/actions/npm-publish/action.yml

@@ -19,21 +19,25 @@ runs:
     - name: Checkout code
       uses: actions/checkout@v4
 
-    - name: Setup Node
+    - name: Setup Node.js with pnpm caching
+      uses: pnpm/action-setup@v4
+      with:
+        version: 10
+
+    - name: Install Node.js
       uses: actions/setup-node@v4
       with:
-        node-version: ${{ inputs.node-version }}
-        cache: 'npm'
-        registry-url: 'https://registry.npmjs.org'
+        node-version: 22
+        cache: 'pnpm'
 
     - name: Install dependencies
       shell: bash
-      run: npm ci --include=dev
+      run: pnpm install --frozen-lockfile
 
     - name: Build package
       if: inputs.require-build == 'true'
       shell: bash
-      run: npm run build
+      run: pnpm run build
 
     - name: Publish release to NPM
       shell: bash
@@ -46,7 +50,9 @@ runs:
         else
           TAG="latest"
         fi
-        npm publish --provenance --tag $TAG
+        npm config set "//registry.npmjs.org/:_authToken" "${NPM_TOKEN}"
+        pnpm publish --tag $TAG
       env:
-        NODE_AUTH_TOKEN: ${{ inputs.npm-token }}
+        NPM_TOKEN: ${{ inputs.npm-token }}
         VERSION: ${{ inputs.version }}
+        NPM_CONFIG_PROVENANCE: true

.github/actions/prepare/action.yml

@@ -5,21 +5,23 @@ inputs:
   node:
     description: The Node version to use
     required: false
-    default: 18
+    default: 22
   cache:
-      description: The cache key identifier to use
-      required: true
+    description: The cache key identifier to use
+    required: true
 
 runs:
   using: composite
 
   steps:
-      - uses: actions/setup-node@v3
-        with:
-          node-version: ${{ inputs.node }}
-          cache: npm
+    - name: Setup Node.js with pnpm caching
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ inputs.node }}
+        cache: 'pnpm'
 
-      - uses: actions/cache/restore@v3
-        with:
-          path: .
-          key: ${{ inputs.cache }}
+    - name: Restore cache manually
+      uses: actions/cache/restore@v4
+      with:
+        path: .
+        key: ${{ inputs.cache }}

.github/workflows/playwright.yml

@@ -0,0 +1,34 @@
+name: Playwright Tests
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+jobs:
+  test:
+    if: false # Disable this job temporarily. TODO: Fix this workflow
+    timeout-minutes: 60
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-node@v4
+      with:
+        node-version: lts/*
+    - name: Install dependencies
+      run: npm install -g pnpm && pnpm install
+    - name: Install Playwright Browsers
+      run: pnpm exec playwright install --with-deps
+
+    - name: Run build step
+      uses: ./.github/actions/build
+      with:
+        node: 22
+
+    - name: Run Playwright tests
+      run: pnpm exec playwright test
+    - uses: actions/upload-artifact@v4
+      if: ${{ !cancelled() }}
+      with:
+        name: playwright-report
+        path: playwright-report/
+        retention-days: 30

.github/workflows/release.yml

@@ -18,7 +18,7 @@ jobs:
   rl-scanner:
     uses: ./.github/workflows/rl-secure.yml
     with:
-      node-version: 18 ## depends if build requires node else we can remove this.
+      node-version: 22 ## Updated to Node.js 22
       artifact-name: 'nextjs-auth0.tgz' ## Will change respective to Repository 
     secrets:
       RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
@@ -32,7 +32,7 @@ jobs:
     uses: ./.github/workflows/npm-release.yml
     needs: rl-scanner ## this is important as this will not let release job to run until rl-scanner is done
     with:
-      node-version: 18
+      node-version: 22 ## Updated to Node.js 22
       require-build: false
     secrets:
       npm-token: ${{ secrets.NPM_TOKEN }}

.github/workflows/rl-secure.yml

@@ -37,6 +37,20 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10
+
+      - name: Setup Node.js with pnpm caching
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ inputs.node-version }}
+          cache: "pnpm"
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
       - name: Build package
         uses: ./.github/actions/build
         with:

.github/workflows/snyk.yml

@@ -34,6 +34,14 @@ jobs:
       - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4 # docs https://pnpm.io/continuous-integration#github-actions
+        with:
+          version: 10
+
+      - shell: bash
+        run: pnpm i
 
       - uses: snyk/actions/node@b98d498629f1c368650224d6d212bf7dfa89e4bf # [email protected]
         env: