Skip to content

ci: simplify npm publish step for Trusted Publishing (OIDC)#129

Closed
dshoen619 wants to merge 2 commits into
mainfrom
david/per-15197-npm-trusted-publishing
Closed

ci: simplify npm publish step for Trusted Publishing (OIDC)#129
dshoen619 wants to merge 2 commits into
mainfrom
david/per-15197-npm-trusted-publishing

Conversation

@dshoen619

Copy link
Copy Markdown
Collaborator

Summary

  • Simplifies the Publish package to NPM step in node_sdk_publish.yaml to a single npm publish command.
  • Removes the manual prerelease/--tag rc branching and the explicit --access public flag, relying on npm Trusted Publishing (OIDC) for authentication.

Context

Follow-up to the migration to npm Trusted Publishing (PER-15197). Authentication is handled via the job's id-token: write permission plus a Trusted Publisher configured on npmjs.com — no NPM_TOKEN needed.

Test plan

  • Verify a release publishes successfully via the workflow.

🤖 Generated with Claude Code

@linear-code

linear-code Bot commented Jun 24, 2026

Copy link
Copy Markdown

PER-15197

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Simplifies the GitHub Actions release workflow for publishing the Node SDK to npm by replacing the prerelease/standard branching publish logic with a single npm publish, aligned with npm Trusted Publishing (OIDC) authentication.

Changes:

  • Replaced conditional prerelease (--tag rc) vs stable publish logic with a single npm publish.
  • Removed explicit --access public from the publish command.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines 101 to +102
- name: Publish package to NPM
run: |
if [[ "${{ github.event.release.prerelease }}" == "true" ]]; then
echo "Publishing as a release candidate (rc)..."
npm publish --access public --tag rc
else
echo "Publishing as the latest release..."
npm publish --access public
fi
run: npm publish
@dshoen619 dshoen619 self-assigned this Jun 24, 2026
@dshoen619 dshoen619 requested a review from zeevmoney June 28, 2026 15:19
@dshoen619 dshoen619 closed this Jun 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants