Skip to content

ci: migrate to NPM OIDC trusted publishing #185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nicksteffens merged 8 commits into from
Dec 5, 2025
Merged

ci: migrate to NPM OIDC trusted publishing #185

nicksteffens merged 8 commits into from
Dec 5, 2025

Conversation

@nicksteffens
Copy link
Member

@nicksteffens nicksteffens commented Dec 5, 2025

Summary

  • Migrate from NPM_TOKEN secret to OIDC trusted publishing authentication
  • Consolidate release workflow with dropdown for release type (release/prerelease/pr)
  • Add required npm.skipChecks since there's no token to validate before publishing

Changes

  • Permissions: Added id-token: write for OIDC
  • Registry URL: Added registry-url: 'https://registry.npmjs.org' to setup-node
  • NPM version: Upgrade to npm 11.x+ for OIDC support
  • CI flag: Added --ci to release-it commands
  • Config: Added npm.skipChecks: true to .release-it.json

NPM Trusted Publishing Setup Required

After merging, configure on npmjs.com → Package Settings → Configure Trusted Publishing:

  • Repository: movableink/fluid
  • Workflow: .github/workflows/release-it.yml
  • Environment: leave blank

Test plan

  • Verify workflow syntax is valid
  • After npm trusted publishing is configured, trigger a test release

Closes sc-173900

🤖 Generated with Claude Code

@nicksteffens nicksteffens force-pushed the nicksteffens+claude/sc-173900/npm-oidc-migration branch from ebe84b5 to eed3005 Compare December 5, 2025 19:39
@nicksteffens @claude
ci: migrate to NPM OIDC trusted publishing
28f4a91 
- Replace NPM_TOKEN secret with OIDC authentication
- Add id-token: write permission for OIDC
- Add setup-node with registry-url for npm provenance
- Upgrade npm to 11.x for OIDC support
- Add --ci flag to release-it commands
- Add npm.skipChecks since no token to validate
- Consolidate release types into single workflow with dropdown

Closes sc-173900

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@nicksteffens nicksteffens force-pushed the nicksteffens+claude/sc-173900/npm-oidc-migration branch from eed3005 to 28f4a91 Compare December 5, 2025 19:59
nicksteffens and others added 7 commits December 5, 2025 20:02
@nicksteffens
chore: release v2.3.2-oidc.0
f9994d5
@nicksteffens @claude
ci: add push trigger for automatic releases on main
7bfd344 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@nicksteffens
chore: release v2.3.2-oidc.1
9790e25
@nicksteffens @claude
ci: use npx instead of yarn release script
928bda7 
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@nicksteffens
chore: release v2.3.2-oidc.2
2cfe3d8
@nicksteffens @claude
refactor: use npm-oidc-release action
aebc40f 
Simplify workflow by using the reusable npm-oidc-release action
instead of inline steps.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@nicksteffens
chore: release v2.3.2-oidc.3
7732eab
@nicksteffens nicksteffens merged commit 0fda6cb into main Dec 5, 2025
2 checks passed
@nicksteffens nicksteffens deleted the nicksteffens+claude/sc-173900/npm-oidc-migration branch December 5, 2025 21:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alecrajeev alecrajeev alecrajeev approved these changes

@shawna-mi shawna-mi shawna-mi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nicksteffens @alecrajeev @shawna-mi