Skip to content

👷 Enable oidc npm trusted publishing #961

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
carloscuesta merged 2 commits into from
Dec 11, 2025
Merged

👷 Enable oidc npm trusted publishing #961

carloscuesta merged 2 commits into from
Dec 11, 2025

Conversation

@carloscuesta
Copy link
Owner

@carloscuesta carloscuesta commented Dec 11, 2025

Description

👋🏼

Enabling trusted publishing for npm publish using oidc tokens:
https://docs.npmjs.com/trusted-publishers

@carloscuesta carloscuesta self-assigned this Dec 11, 2025
@vercel
Copy link

vercel bot commented Dec 11, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
react-native-error-boundary Ready Ready Preview Comment Dec 11, 2025 11:15pm

@carloscuesta carloscuesta requested a review from Copilot December 11, 2025 07:35
@codecov
Copy link

codecov bot commented Dec 11, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (4699634) to head (a4309bd).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff            @@
##            master      #961   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            3         3           
  Lines           17        17           
  Branches         4         4           
=========================================
  Hits            17        17

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Copilot AI reviewed Dec 11, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR modernizes the npm publishing workflow by migrating from token-based authentication to OIDC (OpenID Connect) trusted publishing. This eliminates the need to manage long-lived NPM_AUTOMATION_TOKEN secrets and leverages GitHub's identity tokens for more secure, temporary authentication.

Key Changes:

  • Added workflow-level permissions for OIDC (id-token: write and contents: read)
  • Removed manual npm token configuration and replaced with direct npm publish command
  • Added step to update npm to the latest version before publishing

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@carloscuesta carloscuesta merged commit c13d297 into master Dec 11, 2025
3 checks passed
@carloscuesta carloscuesta deleted the enable-npm-trusted-publishing branch December 11, 2025 23:16
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 13, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@carloscuesta carloscuesta

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@carloscuesta