Skip to content

fix: release#18

Merged
petar-omni merged 1 commit intomainfrom
fix/release
Nov 27, 2025
Merged

fix: release#18
petar-omni merged 1 commit intomainfrom
fix/release

Conversation

@petar-omni
Copy link
Contributor

@petar-omni petar-omni commented Nov 27, 2025

No description provided.

@changeset-bot
Copy link

changeset-bot bot commented Nov 27, 2025

⚠️ No Changeset found

Latest commit: 472b7c3

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@petar-omni petar-omni merged commit 40a4f5b into main Nov 27, 2025
10 checks passed
@petar-omni petar-omni deleted the fix/release branch November 27, 2025 13:49
Copilot AI reviewed Nov 27, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the release workflow to remove the NPM_TOKEN secret and switch to OIDC-based authentication for npm publishing.

  • Removes NPM_TOKEN by setting it to an empty string
  • Adds a comment explaining the change references a changesets GitHub issue

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/release.yml
@@ -42,3 +42,6 @@ jobs:
commitMode: github-api
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Copy link

Copilot AI Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Setting NPM_TOKEN to an empty string may not be sufficient to enable OIDC authentication for npm publishing. The workflow has id-token: write permission (line 17), but there's no explicit configuration to set up npm to use OIDC provenance.

According to the changesets issue referenced, you typically need to configure npm authentication by creating an .npmrc file or setting NPM_CONFIG_PROVENANCE=true environment variable to enable OIDC-based publishing with provenance. Consider adding:

env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  NPM_CONFIG_PROVENANCE: true

Or ensure an .npmrc file is configured appropriately for OIDC authentication.

Suggested change
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_CONFIG_PROVENANCE: true

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Philippoes Philippoes Philippoes approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@petar-omni @Philippoes