[ACS-10100][Security] Remove npx usage from CI/CD and shell scripts to mitigate supply chain risks (#11201)

.github/workflows/release-branch.yml

@@ -58,8 +58,8 @@ jobs:
       - name: install
         run: |
           npm ci
-          nx run js-api:bundle
-          nx run cli:bundle
+          npm run bundle:js-api
+          npm run bundle:cli
       - uses: ./.github/actions/upload-node-modules-and-artifacts
 
   release-npm:
@@ -95,15 +95,15 @@ jobs:
             setMigrations();
       - name: Build libraries
         run: |
-          nx run-many --target=build --prod --skip-nx-cache
-          nx run-many --target=build-schematics
+          npm run build:libs
+          npm run build:schematics
       - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
         name: release libraries GH registry
         with:
           node-version-file: '.nvmrc'
           registry-url: 'https://npm.pkg.github.com'
           scope: '@alfresco'
-      - run: nx run-many -t npm-publish --tag=branch || exit 1
+      - run: npm run publish -- --tag=branch || exit 1
         env:
           NODE_AUTH_TOKEN: ${{ secrets.PAT_WRITE_PKG }}
       - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
@@ -112,7 +112,7 @@ jobs:
           node-version-file: '.nvmrc'
           registry-url: 'https://${{ vars.NPM_REGISTRY_ADDRESS }}'
           scope: '@alfresco'
-      - run: nx run-many -t npm-publish --tag=branch || exit 1
+      - run: npm run publish -- --tag=branch || exit 1
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_REGISTRY_TOKEN }}
 

.github/workflows/release.yml

@@ -65,8 +65,8 @@ jobs:
       - name: install
         run: |
           npm ci
-          nx run js-api:bundle
-          nx run cli:bundle
+          npm run bundle:js-api
+          npm run bundle:cli
       - uses: ./.github/actions/upload-node-modules-and-artifacts
 
   release-npm:
@@ -106,15 +106,15 @@ jobs:
             setMigrations();
       - name: build libraries
         run: |
-          nx run-many -t build --prod --skip-nx-cache
-          nx run-many -t build-schematics
+          npm run build:libs
+          npm run build:schematics
       - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
         name: release libraries GH registry
         with:
           node-version-file: '.nvmrc'
           registry-url: 'https://npm.pkg.github.com'
           scope: '@alfresco'
-      - run: nx run-many -t npm-publish --tag=$TAG_NPM || exit 1
+      - run: npm run publish -- --tag=$TAG_NPM || exit 1
         env:
           NODE_AUTH_TOKEN: ${{ secrets.PAT_WRITE_PKG }}
       - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
@@ -123,7 +123,7 @@ jobs:
           node-version-file: '.nvmrc'
           registry-url: 'https://${{ vars.NPM_REGISTRY_ADDRESS }}'
           scope: '@alfresco'
-      - run: nx run-many -t npm-publish --tag=$TAG_NPM || exit 1
+      - run: npm run publish -- --tag=$TAG_NPM || exit 1
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_REGISTRY_TOKEN }}
 

package.json

@@ -13,6 +13,9 @@
     "lint:affected": "nx affected:lint",
     "build:affected": "nx affected:build",
     "affected:libs": "nx affected:libs",
+    "build:libs": "nx run-many -t build --prod --skip-nx-cache",
+    "build:schematics": "nx run-many -t build-schematics",
+    "publish": "nx run-many -t npm-publish",
     "clean": "rimraf dist node_modules dist/libs"
   },
   "repository": {