Skip to content

👷 Enable oidc npm trusted publishing #1961

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
carloscuesta merged 2 commits into from
Dec 21, 2025
Merged

👷 Enable oidc npm trusted publishing #1961

carloscuesta merged 2 commits into from
Dec 21, 2025

Conversation

@carloscuesta
Copy link
Owner

@carloscuesta carloscuesta commented Dec 21, 2025

Description

👋🏼

Enabling trusted publishing for npm publish using oidc tokens:
https://docs.npmjs.com/trusted-publishers

@carloscuesta carloscuesta self-assigned this Dec 21, 2025
@vercel
Copy link

vercel bot commented Dec 21, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
gitmoji Ready Ready Preview, Comment Dec 21, 2025 9:09am

@carloscuesta carloscuesta requested a review from Copilot December 21, 2025 09:08
Copilot AI reviewed Dec 21, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enables OIDC-based trusted publishing for npm packages by configuring GitHub Actions with the necessary permissions and removing the legacy token-based authentication. The workflow now uses OpenID Connect tokens for secure publishing without requiring stored secrets.

Key Changes:

  • Added OIDC permissions (id-token: write and contents: read) to the GitHub workflow
  • Removed manual NPM token configuration and replaced it with OIDC-based authentication
  • Updated Node.js version from 22 to 24

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
.node-version Updated Node.js version from 22 to 24 to support OIDC publishing requirements
.github/workflows/npm-publish.yml Added OIDC permissions and simplified npm publishing by removing token-based authentication

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@carloscuesta carloscuesta merged commit 754a1d8 into master Dec 21, 2025
6 checks passed
@carloscuesta carloscuesta deleted the npm-oidc-publish branch December 21, 2025 23:03
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 23, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@carloscuesta carloscuesta

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@carloscuesta