Thanks to visit codestin.com
Credit goes to github.com

Skip to content

chore: set up npm trusted publishing #909

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 29, 2025
Merged

chore: set up npm trusted publishing #909

merged 1 commit into from
Sep 29, 2025

Conversation

broofa
Copy link
Member

@broofa broofa commented Sep 28, 2025
edited
Loading

Enabling NPM trusted publishing per https://docs.npmjs.com/trusted-publishers#github-actions-configuration.

I've updated npmjs.com settings for this package as follows:

CleanShot 2025-09-28 at 08 46 18

Hopefully this will "just work", but it it doesn't we can sort it out the next time we publish.

Closes #908

@broofa
Copy link
Member Author

broofa commented Sep 28, 2025

@JamieMagee : Please review and let me know if I've missed anything.

@broofa broofa requested a review from Copilot September 28, 2025 15:48
Copilot
Copilot AI reviewed Sep 28, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enables NPM trusted publishing by configuring the GitHub Actions workflow to support OpenID Connect (OIDC) token authentication, eliminating the need for stored NPM authentication tokens.

  • Adds id-token: write permission to the release workflow to enable OIDC token generation

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@broofa broofa marked this pull request as ready for review September 29, 2025 17:11
@broofa broofa merged commit cbd5b4b into main Sep 29, 2025
15 checks passed
@broofa broofa deleted the npm_trusted branch September 29, 2025 17:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@JamieMagee JamieMagee JamieMagee approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Consider adopting npm trusted publishing
2 participants
@broofa @JamieMagee