Skip to content

Dev#164

Merged
jorgedanisc merged 3 commits into
mainfrom
dev
Dec 14, 2025
Merged

Dev#164
jorgedanisc merged 3 commits into
mainfrom
dev

Conversation

@jorgedanisc

Copy link
Copy Markdown
Contributor

No description provided.

@jorgedanisc jorgedanisc self-assigned this Dec 14, 2025
Copilot AI review requested due to automatic review settings December 14, 2025 01:00

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR modifies the ducjs package release configuration and workflow. The changes involve removing the explicit npmPublish setting from the semantic-release npm plugin configuration while adding verifyConditions: false, and enhancing the release workflow with Node.js setup and npm audit signatures verification.

Key Changes:

  • Modified @semantic-release/npm plugin configuration by removing explicit npmPublish setting and disabling verifyConditions
  • Added Node.js setup step and npm security audit to the release workflow

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
packages/ducjs/release.config.cjs Removes npmPublish: true and adds verifyConditions: false to @semantic-release/npm configuration
.github/workflows/release-ducjs.yml Adds Node.js setup step and npm audit signatures verification before release

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

npmPublish: true,
provenance: true, // Required for OIDC
provenance: true,
verifyConditions: false

Copilot AI Dec 14, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The npmPublish: true property has been removed, which may prevent the package from being published to npm. Other packages in the repository (ducsvg, ducpdf) retain this property in their @semantic-release/npm configurations. While npmPublish defaults to true, it's better to be explicit, especially since this was intentionally configured before. Additionally, verifyConditions: false disables important pre-release checks that verify npm authentication and package validity. This could allow releases to proceed even when they will ultimately fail during publishing.

Suggested change
verifyConditions: false
npmPublish: true,

Copilot uses AI. Check for mistakes.
@@ -49,7 +53,8 @@ jobs:
current-branch: ${{ github.ref_name }}
package-name: ducjs

Copilot AI Dec 14, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The npm audit signatures command requires Node.js and npm to be installed. While the Node.js setup step was added at line 33, other release workflows in the repository (release-ducsvg.yml, release-ducpdf.yml) do not include this audit step. Consider adding this security check to all package release workflows for consistency, or document why ducjs requires this additional verification step while other packages do not.

Suggested change
# Note: The following audit step is included only in the ducjs release workflow.
# If this is intentional (e.g., ducjs has unique security requirements), please ensure this is documented here.
# Otherwise, consider adding this step to other release workflows for consistency.

Copilot uses AI. Check for mistakes.
@jorgedanisc jorgedanisc merged commit d05253c into main Dec 14, 2025
7 checks passed
@github-actions

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 2.2.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 3.1.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 3.1.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 2.3.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 2.1.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

jorgedanisc added a commit that referenced this pull request Jun 2, 2026
jorgedanisc added a commit that referenced this pull request Jun 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants