You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updates the SDK release process to use npm Trusted Publishers for OIDC-based authentication and makes SDK releases a manual step separate from the main release workflow.
Replace NODE_AUTH_TOKEN with OIDC trusted publishing for npm (adds id-token: write permission)
Remove SDK job from automated release workflow; now triggered manually via workflow_dispatch
Remove NPMJS_TOKEN and PYPI_API_TOKEN secrets from CI workflows
Update RELEASE.md with manual SDK release instructions
Clean up Taskfile.yml and .npmrc to remove token references
paralta
changed the title
feat(release): migrate JavaScript SDK to npm Trusted Publishers and decouple SDK releases from CI
feat(release): migrate js sdk to npm trusted publishers and decouple sdk releases from ci
Jan 9, 2026
paralta
linked an issue
Jan 9, 2026
that may be
closed
by this pull request
@paralta what is the reason behind having to release packages manually? afaik the process can still work automatically, even with this approach, since we can specify id-token as the requirement and pass it from the main workflow
@ramizpolic The SDK release workflow was moved to manual execution because version conflicts (when a version has already been pushed) cause the entire CI pipeline to fail and block. Once the SDK release process is more reliable at handling these cases, we can re-integrate it into the automated CI workflow.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
paralta
changed the title
Updates the SDK release process to use npm Trusted Publishers for OIDC-based authentication and makes SDK releases a manual step separate from the main release workflow.
NODE_AUTH_TOKENwith OIDC trusted publishing for npm (addsid-token: writepermission)workflow_dispatchNPMJS_TOKENandPYPI_API_TOKENsecrets from CI workflowsRELEASE.mdwith manual SDK release instructionsTaskfile.ymland.npmrcto remove token references