Skip to content

Switch to trusted publishing #1368

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 12, 2025
Merged

Switch to trusted publishing #1368

merged 1 commit into from
Nov 12, 2025

Conversation

@eps1lon
Copy link
Member

@eps1lon eps1lon commented Nov 12, 2025

eps1lon
eps1lon commented Nov 12, 2025
View reviewed changes
.github/workflows/validate.yml
Comment on lines -100 to -101
'next',
'next-major',
Copy link
Member Author

@eps1lon eps1lon Nov 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

branches are currently not used and removing those patterns here simplifies the protection rules for the GH deploy environment

Image

@codesandbox-ci
Copy link

codesandbox-ci bot commented Nov 12, 2025
edited
Loading

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 4fb0eb9:

Sandbox Source
react-testing-library-examples Configuration

@eps1lon eps1lon force-pushed the sebbie/11-12-switch_to_trusted_publishing branch from 5c0da41 to 1fedb70 Compare November 12, 2025 10:29
eps1lon
eps1lon commented Nov 12, 2025
View reviewed changes
.github/workflows/validate.yml
uses: cycjimmy/semantic-release-action@v5
with:
semantic_version: 17
semantic_version: 25
Copy link
Member Author

@eps1lon eps1lon Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See cycjimmy/semantic-release-action#269 (comment)

eps1lon
eps1lon commented Nov 12, 2025
View reviewed changes
.github/workflows/validate.yml

- name: 🚀 Release
uses: cycjimmy/semantic-release-action@v2
uses: cycjimmy/semantic-release-action@v5
Copy link
Member Author

@eps1lon eps1lon Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only breaking changes are bumping used node version from 16 to 24

@eps1lon eps1lon force-pushed the sebbie/11-12-switch_to_trusted_publishing branch from 1fedb70 to 4976d92 Compare November 12, 2025 10:31
@eps1lon eps1lon requested a review from Copilot November 12, 2025 10:31
Copilot finished reviewing on behalf of eps1lon November 12, 2025 10:33
Copilot AI reviewed Nov 12, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR switches from using npm authentication tokens to npm's trusted publishing feature (OIDC-based authentication) for automated package releases. This improves security by eliminating the need to store long-lived NPM_TOKEN secrets.

Key changes:

  • Added OIDC authentication support via id-token: write permission
  • Updated semantic-release action from v2 to v5 and semantic-release from version 17 to 25
  • Removed next and next-major branches from release configuration

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@eps1lon eps1lon force-pushed the sebbie/11-12-switch_to_trusted_publishing branch from 4976d92 to 4fb0eb9 Compare November 12, 2025 11:04
eps1lon
eps1lon commented Nov 12, 2025
View reviewed changes
.github/workflows/validate.yml
uses: actions/setup-node@v3
with:
node-version: 18
node-version: 24
Copy link
Member Author

@eps1lon eps1lon Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So that we get newer NPM versions. Had to do the same to fix it for my own packages: eps1lon/codemod-missing-await-act@2619b41

@eps1lon eps1lon marked this pull request as ready for review November 12, 2025 11:14
@eps1lon eps1lon merged commit e395d5b into main Nov 12, 2025
4 checks passed
@eps1lon eps1lon deleted the sebbie/11-12-switch_to_trusted_publishing branch November 12, 2025 11:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eps1lon