chore: update NPM publishing using OIDC #89
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR modernizes the npm publishing workflow by migrating from token-based authentication to OIDC (OpenID Connect) authentication and adding automated git tagging functionality.
- Updates GitHub Actions to v4 (checkout and setup-node)
- Migrates from NPM_TOKEN secret to OIDC-based authentication with id-token permissions
- Adds automated git tag creation and pushing based on package.json version
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
.github/workflows/npmpublish.yml
Outdated
| - run: | | ||
| git tag "v$(jq -r .version package.json)" |
There was a problem hiding this comment.
The tagging logic creates tags based on the package.json version, but this happens after npm ci and before npm publish. If the version in package.json hasn't been bumped before the workflow runs, this will attempt to create a tag for a version that may already exist or doesn't represent new changes. Consider adding version bumping logic (e.g., npm version) before creating the tag, or ensure the version is updated as part of the release process before triggering this workflow.
| - run: | | |
| git tag "v$(jq -r .version package.json)" | |
| - name: Bump version and create tag | |
| run: | | |
| npm version patch -m "chore(release): %s [skip ci]" | |
| git push origin HEAD |
Co-authored-by: Copilot <[email protected]>
1 participant
No description provided.