Skip to content

chore(publish): setup trusted publisher for npm releases#12

Merged
CorentinTh merged 1 commit into
mainfrom
publish-from-trusted-origin
Sep 20, 2025
Merged

chore(publish): setup trusted publisher for npm releases#12
CorentinTh merged 1 commit into
mainfrom
publish-from-trusted-origin

Conversation

@CorentinTh

Copy link
Copy Markdown
Owner

No description provided.

@CorentinTh CorentinTh requested a review from Copilot September 20, 2025 22:26
@CorentinTh CorentinTh self-assigned this Sep 20, 2025

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR sets up trusted publisher configuration for automated npm package releases using GitHub Actions with OpenID Connect (OIDC) authentication. The changes enable secure publishing without storing npm tokens by leveraging GitHub's trusted publishing feature.

  • Modifies the release script to only handle version bumping and tagging, removing the direct publish step
  • Adds publishConfig with provenance settings for trusted publishing
  • Creates a GitHub Actions workflow that automatically publishes packages when tags are pushed

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
package.json Updates release script and adds publishConfig for trusted publishing with provenance
.github/workflows/publish.yml Creates automated publish workflow triggered by version tags with OIDC permissions

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

Comment thread .github/workflows/publish.yml
@CorentinTh CorentinTh merged commit f69fa39 into main Sep 20, 2025
2 checks passed
@CorentinTh CorentinTh deleted the publish-from-trusted-origin branch September 20, 2025 22:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants