Improve/fix release automation #85
Conversation
There was a problem hiding this comment.
Pull request overview
This PR improves the release automation by adding automatic PR creation via GitHub CLI and migrating from token-based npm authentication to npm's Trusted Publishing feature, which uses OpenID Connect (OIDC) for authentication without requiring stored secrets.
Changes:
- Automated Pull Request creation in the release preparation script when GitHub CLI is available
- Removed npm token authentication from the release workflow in favor of Trusted Publishing
- Updated documentation to reference the new Trusted Publishing feature
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| scripts/prepare-release.sh | Added automatic PR creation using gh CLI with fallback instructions when CLI is unavailable |
| .github/workflows/release.yaml | Updated npm to ensure version 11.5.1+ for Trusted Publishing support and removed NODE_AUTH_TOKEN |
| RELEASING.md | Added reference to npm's Trusted Publishing documentation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
Comments suppressed due to low confidence (1)
.github/workflows/release.yaml:74
- The GitHub Release creation step is missing the
tag_nameparameter. Thesoftprops/action-gh-releaseaction needs to know which tag to create a release for. Without this, the action may fail or create a release for the wrong tag.
Add tag_name: ${{ steps.package-version.outputs.tag }} to the with section to specify which tag this release should be associated with.
- name: Create GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: true
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - An npm automation token stored as a GitHub secret named `NPM_TOKEN` | ||
| - `publishConfig.access` set appropriately in `package.json` | ||
| Publishing requires that the GitHub action is registered as a trusted publisher | ||
| for the package in npm.js. |
There was a problem hiding this comment.
There's a typo in 'npm.js'. It should be 'npmjs.com' or just 'npm'.
| for the package in npm.js. | |
| for the package on npm. |
A few more tweaks. This PR automates the creation of the release PR (when the gh command is available) and fixes npm publishing to use the new Trusted Publishing feature, which requires no token stored in the repo (yea!).