Skip to content

DX-809 update to use preferred OIDC for npm publish in github actions #99

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lloyd-cio merged 5 commits into from
Nov 24, 2025
Merged

DX-809 update to use preferred OIDC for npm publish in github actions #99

lloyd-cio merged 5 commits into from
Nov 24, 2025

Conversation

@lloyd-cio
Copy link
Contributor

@lloyd-cio lloyd-cio commented Nov 21, 2025
edited by cursor bot
Loading

Note

Migrates the release workflow to OIDC-based npm publish, adds required permissions, and updates GitHub Actions to v4.

  • CI/CD (release workflow) in .github/workflows/release.yml:
    • OIDC for NPM publish: Adds permissions (id-token: write, contents: read), sets registry URL, installs latest npm, and replaces JS-DevTools/npm-publish with npm publish.
    • Actions updates: Bumps actions/checkout to v4 and actions/setup-node to v4; uses Node.js 20.
    • Job settings: Adds environment: release.
    • Other: Minor formatting cleanup in S3 upload step.

Written by Cursor Bugbot for commit e10ad9c. This will update automatically on new commits. Configure here.

@lloyd-cio lloyd-cio requested a review from a team as a code owner November 21, 2025 20:37
cursor[bot]
cursor bot reviewed Nov 21, 2025
View reviewed changes
cursor[bot]
cursor bot reviewed Nov 21, 2025
View reviewed changes
cursor[bot]
cursor bot reviewed Nov 21, 2025
View reviewed changes
lloyd-cio
lloyd-cio commented Nov 21, 2025
View reviewed changes
.github/workflows/release.yml
Comment on lines -48 to -50
uses: JS-DevTools/npm-publish@9ff4ebfbe48473265867fb9608c047e7995edfa3 # v3.1.1
with:
token: ${{ secrets.NPM_TOKEN }}
Copy link
Contributor Author

@lloyd-cio lloyd-cio Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using standard npm publish to and dropping the no-longer-supported auth tokens - use the OIDC config, instead.

Copy link
Contributor Author

@lloyd-cio lloyd-cio Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any concerns on using the standard npm publish over this custom publish action ?

@lloyd-cio lloyd-cio merged commit c21e46f into develop Nov 24, 2025
2 checks passed
@lloyd-cio lloyd-cio deleted the DX-809 branch November 24, 2025 20:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@McCarthyCIO McCarthyCIO McCarthyCIO approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lloyd-cio @McCarthyCIO