Skip to content

chore: update npm package workflow#140

Merged
MotherJammer merged 3 commits intodevelopfrom
chore/npm-release-update
Dec 9, 2025
Merged

chore: update npm package workflow#140
MotherJammer merged 3 commits intodevelopfrom
chore/npm-release-update

Conversation

@MotherJammer
Copy link
Contributor

@MotherJammer MotherJammer commented Dec 4, 2025

This PR updates the CI/CD pipeline to use npm Trusted Publishing (OIDC) instead of the deprecated classic automation tokens.

Changes

  • Added permissions: id-token: write to enable OIDC authentication.
  • Upgraded actions/setup-node from v1 to v4.
  • Switched from npm install to npm ci for clean, deterministic builds.
  • Added the --provenance flag to the publish command to sign the package (security best practice).
  • Removed the dependency on the static NPM_AUTH_TOKEN secret. The workflow now leverages the automatic GITHUB_TOKEN for the OIDC exchange.

@MotherJammer MotherJammer self-assigned this Dec 4, 2025
@MotherJammer MotherJammer marked this pull request as ready for review December 4, 2025 19:25
@MotherJammer MotherJammer merged commit c7fe1ce into develop Dec 9, 2025
3 of 4 checks passed
@MotherJammer MotherJammer deleted the chore/npm-release-update branch December 9, 2025 13:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@victormendoza96 victormendoza96 victormendoza96 approved these changes

@mastudillot mastudillot mastudillot approved these changes

@Matiasnickolas Matiasnickolas Awaiting requested review from Matiasnickolas

Assignees

@MotherJammer MotherJammer

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MotherJammer @victormendoza96 @mastudillot