Skip to content

chore: enable trusted publishing for npm packages#2444

Merged
chenjiahan merged 1 commit intomainfrom
oidc
Aug 5, 2025
Merged

chore: enable trusted publishing for npm packages#2444
chenjiahan merged 1 commit intomainfrom
oidc

Conversation

@Timeless0911
Copy link
Copy Markdown
Contributor

@Timeless0911 Timeless0911 commented Aug 5, 2025

Summary

Enable OIDC publishing to make it easier and more secure to publish npm packages from CI.

Related Links

Checklist

  • Tests updated (or not required).
  • Documentation updated (or not required).

Copilot AI review requested due to automatic review settings August 5, 2025 09:33
@netlify
Copy link
Copy Markdown

netlify Bot commented Aug 5, 2025
edited
Loading

Deploy Preview for rspress-v2 ready!

Name Link
🔨 Latest commit 4c4d62f
🔍 Latest deploy log https://app.netlify.com/projects/rspress-v2/deploys/6891cff743049c00089a743d
😎 Deploy Preview https://deploy-preview-2444--rspress-v2.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link
Copy Markdown

netlify Bot commented Aug 5, 2025
edited
Loading

Deploy Preview for rspress ready!

Name Link
🔨 Latest commit 4c4d62f
🔍 Latest deploy log https://app.netlify.com/projects/rspress/deploys/6891cff7b16ceb00085e784c
😎 Deploy Preview https://deploy-preview-2444--rspress.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse		 1 paths audited
Performance: 90 (🟢 up 13 from production)
Accessibility: 97 (no change from production)
Best Practices: 92 (🟢 up 9 from production)
SEO: 100 (no change from production)
PWA: -
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify project configuration.

Copilot AI reviewed Aug 5, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enables OIDC trusted publishing for npm packages to improve security and simplify the CI publishing process. The changes transition from token-based authentication to GitHub's OIDC-based trusted publishing system.

  • Removes "provenance": true configuration from all package.json files
  • Updates GitHub Actions workflow to use OIDC authentication instead of npm tokens
  • Changes environment from "production" to "npm" and updates npm to latest version

Reviewed Changes

Copilot reviewed 16 out of 16 changed files in this pull request and generated 2 comments.

File Description
packages/*/package.json Removes provenance configuration from publishConfig sections
.github/workflows/release.yml Updates workflow to use OIDC authentication and latest npm version

Comment thread .github/workflows/release.yml
Comment thread .github/workflows/release.yml
@chenjiahan chenjiahan enabled auto-merge (squash) August 5, 2025 09:40
@chenjiahan chenjiahan merged commit 8978da3 into main Aug 5, 2025
12 checks passed
@chenjiahan chenjiahan deleted the oidc branch August 5, 2025 09:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@chenjiahan chenjiahan chenjiahan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Timeless0911 @chenjiahan