Skip to content

Enable NPM trusted publishing with OIDC#1

Merged
hillna merged 5 commits intomainfrom
nick/inf-65-update-npm-publish-workflows-to-use-trusted-publishing
Jan 29, 2026
Merged

Enable NPM trusted publishing with OIDC#1
hillna merged 5 commits intomainfrom
nick/inf-65-update-npm-publish-workflows-to-use-trusted-publishing

Conversation

@hillna
Copy link
Contributor

@hillna hillna commented Jan 13, 2026
edited
Loading

Summary

  • Upgrade from Yarn 1.x to Yarn 4.x with corepack
  • Switch from npm publish to yarn npm publish for trusted publishing support
  • Upgrade ESLint toolchain for Node.js 22 compatibility:
    • ESLint 7.32.0 → 8.57.0
    • @typescript-eslint 4.x → 5.62.0
    • eslint-plugin-jest 24.x → 27.9.0
    • prettier 2.x → 3.5.1
  • Fix clean script glob pattern for zsh compatibility

Test plan

  • CI passes with build, lint, and tests

@hillna
Use npm trusted publishing for package releases
1804ddb 
- Add OIDC permissions (id-token: write, contents: read) for trusted publishing
- Replace NODE_AUTH_TOKEN with npx npm@latest publish --provenance
@linear
Copy link

linear bot commented Jan 13, 2026

INF-65 Update NPM publish workflows to use Trusted Publishing

@hillna hillna force-pushed the nick/inf-65-update-npm-publish-workflows-to-use-trusted-publishing branch 2 times, most recently from e477e42 to c4079ee Compare January 14, 2026 17:12
@hillna
Use yarn npm publish with OIDC for trusted publishing
95c1808 
- Upgrade to Yarn 4.12.0 for OIDC support (PR yarnpkg/berry#6898)
- Replace npx npm@latest publish --provenance with yarn npm publish
- Provenance is automatic with OIDC trusted publishing
- Add packageManager field where missing
@hillna hillna force-pushed the nick/inf-65-update-npm-publish-workflows-to-use-trusted-publishing branch from c4079ee to 95c1808 Compare January 14, 2026 17:24
@hillna hillna self-assigned this Jan 14, 2026
@hillna hillna marked this pull request as ready for review January 14, 2026 18:46
@hillna hillna requested a review from jtbandes January 26, 2026 16:40
@hillna hillna marked this pull request as draft January 26, 2026 21:04
hillna added 3 commits January 28, 2026 15:03
@hillna
Upgrade to Yarn 4.x for OIDC trusted publishing
7a171a8 
- Add packageManager field (yarn@4.9.1)
- Add .yarnrc.yml with nodeLinker: node-modules
- Update CI: corepack enable, --immutable, yarn npm publish
- Update Node.js to 22.x
- Update TypeScript to 5.7.3, Jest to 29.7.0
@hillna
Upgrade ESLint toolchain for Node.js 22 compatibility
cbb278d 
- Upgrade ESLint from 7.32.0 to 8.57.0 (fixes ESM compatibility with Node 22)
- Upgrade @typescript-eslint packages from 4.x to 5.62.0
- Upgrade eslint-plugin-jest from 24.x to 27.9.0
- Upgrade prettier from 2.x to 3.5.1
- Fix clean script glob pattern for zsh compatibility
@hillna
Fix clean script glob quoting for zsh
a1dc7a4 
Use single quotes to pass the glob pattern to rimraf instead of
letting zsh expand it (which fails when no files match).
@hillna hillna marked this pull request as ready for review January 28, 2026 21:44
@hillna hillna merged commit 9d540de into main Jan 29, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jtbandes jtbandes jtbandes approved these changes

Assignees

@hillna hillna

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hillna @jtbandes