ci: enable trusted publishing

[JounQin]

Important

Enhances release workflow by upgrading npm and removing unnecessary npm configurations in .github/workflows/release.yml.

• Workflow Changes:
  • Adds a step to upgrade npm to the latest version in .github/workflows/release.yml.
  • Removes NPM_CONFIG_PROVENANCE and NPM_TOKEN environment variables from the release job in .github/workflows/release.yml.

^{This description was created by for 4527ef9. You can customize this summary. It will automatically update as commits are pushed.}

Summary by CodeRabbit

• Chores
  • Updated release workflow to upgrade npm before installing dependencies, improving reliability of release and publish steps.
  • Removed unused environment variables from the publish step to streamline CI configuration.
  • Added a changeset for a patch release of @pkgr/utils to rebuild it against the latest core package.
  • No user-facing functionality changes; this update affects release infrastructure only.

[changeset-bot]

🦋 Changeset detected

Latest commit: a7546b6

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@pkgr/utils	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 4527ef9 in 27 seconds. Click for details.

• Reviewed 20 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 2 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. .github/workflows/release.yml:34

• Draft comment:
  Consider pinning the npm version instead of always upgrading to 'latest' to avoid unexpected breaks.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

2. .github/workflows/release.yml:52

• Draft comment:
  Verify that removal of NPM_CONFIG_PROVENANCE and NPM_TOKEN won’t impact npm publishing if needed.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

Workflow ID: wflow_Zuqwqrvo54rUe5DU

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

[github-actions]

📊 Package size report   No changes

File	Before	After
Total (Includes all files)	3.1 MB	3.1 MB
Tarball size	1.1 MB	1.1 MB

Unchanged files

File	Size
.changeset/config.json	309 B
.changeset/README.md	510 B
.codesandbox/ci.json	76 B
.editorconfig	145 B
.gitattributes	35 B
.github/workflows/autofix.yml	925 B
.github/workflows/ci.yml	1.7 kB
.github/workflows/pkg-pr-new.yml	645 B
.github/workflows/pkg-size.yml	727 B
.github/workflows/release.yml	1.5 kB
.github/workflows/vercel.yml	1.0 kB
.markuplintrc	43 B
.nano-staged.js	48 B
.nvmrc	6 B
.prettierignore	6 B
.remarkrc	42 B
.renovaterc	49 B
.simple-git-hooks.js	49 B
.stylelintignore	99 B
.stylelintrc	42 B
.yarn/plugins/plugin-prepare-lifecycle.cjs	202 B
.yarn/releases/yarn-4.9.2.cjs	3.0 MB
.yarnrc.yml	397 B
CHANGELOG.md	486 B
docs/App.tsx	1.2 kB
docs/global.css	321 B
docs/index.tsx	299 B
eslint.config.js	302 B
index.html	402 B
LICENSE	1.1 kB
package.json	3.0 kB
packages/browser/CHANGELOG.md	1.7 kB
packages/browser/index.d.cts	60 B
packages/browser/index.ts	4.7 kB
packages/browser/openChrome.applescript	2.5 kB
packages/browser/package.json	998 B
packages/browser/tsconfig.json	139 B
packages/core/CHANGELOG.md	3.8 kB
packages/core/index.d.cts	54 B
packages/core/package.json	945 B
packages/core/src/constants.ts	413 B
packages/core/src/helpers.ts	2.8 kB
packages/core/src/index.ts	60 B
packages/core/tsconfig.json	154 B
packages/es-modules/CHANGELOG.md	5.2 kB
packages/es-modules/index.d.cts	64 B
packages/es-modules/index.ts	1.4 kB
packages/es-modules/package.json	1.0 kB
packages/es-modules/README.md	3.7 kB
packages/es-modules/test/test.spec.ts	936 B
packages/es-modules/tsconfig.json	139 B
packages/imagemin/CHANGELOG.md	9.2 kB
packages/imagemin/index.d.cts	57 B
packages/imagemin/package.json	1.3 kB
packages/imagemin/src/cli.ts	508 B
packages/imagemin/src/index.ts	1.2 kB
packages/imagemin/tsconfig.json	154 B
packages/rollup/CHANGELOG.md	22.6 kB
packages/rollup/package.json	1.5 kB
packages/rollup/shim.d.ts	647 B
packages/rollup/src/cli.ts	4.0 kB
packages/rollup/src/config.ts	11.9 kB
packages/rollup/tsconfig.json	132 B
packages/umd-globals/CHANGELOG.md	6.2 kB
packages/umd-globals/index.d.cts	66 B
packages/umd-globals/index.ts	1.8 kB
packages/umd-globals/package.json	919 B
packages/umd-globals/README.md	3.4 kB
packages/umd-globals/test/test.spec.ts	1.9 kB
packages/umd-globals/tsconfig.json	139 B
packages/utils/CHANGELOG.md	12.7 kB
packages/utils/index.d.cts	51 B
packages/utils/package.json	961 B
packages/utils/src/constants.ts	497 B
packages/utils/src/helpers.ts	2.8 kB
packages/utils/src/index.ts	117 B
packages/utils/src/monorepo.ts	691 B
packages/utils/tsconfig.json	154 B
README.md	4.1 kB
test/global.d.ts	41 B
test/tsconfig.json	96 B
tsconfig.base.json	172 B
tsconfig.json	395 B
vercel.json	190 B
vite.config.ts	544 B
vitest.config.ts	342 B

_{🤖 This report was automatically generated by pkg-size-action}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 9.74%. Comparing base (4c9a7dc) to head (a7546b6).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@          Coverage Diff           @@
##           master    #426   +/-   ##
======================================
  Coverage    9.74%   9.74%           
======================================
  Files          12      12           
  Lines         431     431           
  Branches      187     187           
======================================
  Hits           42      42           
  Misses        389     389           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Deploy preview for pkgr ready!

✅ Preview
https://pkgr-l3mufxx3h-1stg.vercel.app

Built with commit a7546b6.
This pull request is being automatically deployed with vercel-action

[pkg-pr-new]

Open in StackBlitz

@pkgr/browser

npm i https://pkg.pr.new/@pkgr/browser@426

@pkgr/core

npm i https://pkg.pr.new/@pkgr/core@426

@pkgr/es-modules

npm i https://pkg.pr.new/@pkgr/es-modules@426

@pkgr/imagemin

npm i https://pkg.pr.new/@pkgr/imagemin@426

@pkgr/rollup

npm i https://pkg.pr.new/@pkgr/rollup@426

@pkgr/umd-globals

npm i https://pkg.pr.new/@pkgr/umd-globals@426

@pkgr/utils

npm i https://pkg.pr.new/@pkgr/utils@426

commit: a7546b6

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Adds a patch changeset to rebuild @pkgr/utils with a new @pkgr/core, and updates the release GitHub Actions workflow to run an npm upgrade step and to remove two environment variables from the publish step.

Changes

Cohort / File(s)	Summary of Changes
Release automation workflow .github/workflows/release.yml	Added an "Upgrade npm" step (npm install -g npm@latest) after Node setup and before dependency installation; removed NPM_CONFIG_PROVENANCE and NPM_TOKEN from the environment of the publish step.
Changeset notes .changeset/mighty-plums-hunt.md	Added a patch changeset declaring [@pkgr/utils]: patch with message "fix: rebuild @pkgr/utils with new @pkgr/core correctly".

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Runner as GitHub Actions Runner
    participant Setup as Setup Node.js LTS
    participant Upgrade as Upgrade npm (new)
    participant Install as Install Dependencies
    participant Publish as Create Release PR / Publish

    Runner->>Setup: actions/setup-node
    Setup-->>Runner: Node.js ready
    Runner->>Upgrade: npm install -g npm@latest
    Upgrade-->>Runner: npm updated
    Runner->>Install: pnpm install / npm ci
    Install-->>Runner: dependencies installed
    Runner->>Publish: create-release-pr / publish
    note right of Publish: Removed env vars: NPM_CONFIG_PROVENANCE, NPM_TOKEN

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• chore: release package(s) #385 — Touches the same @pkgr/utils rebuild/update; likely paired with this changeset.
• chore: release package(s) #417 — Releases or patches @pkgr/core that this utils rebuild targets.
• chore: release package(s) #424 — Related release/versioning changes for @pkgr/core and coordination with @pkgr/utils.

Poem

A rabbit hops, a tiny fix applied,
Rebuilds complete, dependencies aligned.
npm refreshed, the workflow hums anew,
Tokens trimmed, the pipeline skips askew.
I thump my foot—release goes through! 🐇✨

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 4c9a7dc and a7546b6.

📒 Files selected for processing (2)

• .changeset/mighty-plums-hunt.md (1 hunks)
• .github/workflows/release.yml (1 hunks)

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ci/trusted_publisher

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.