🌱 Add step to publish to open-vsx

[hhpatel14]

Add a step to publish the extension to the Open VSX registry.

Backport this change to the release-8.0 branch and rerun the release workflow to catch up on publishing to the Open VSX registry. Since the v8.0.0 already published to maketplace, the step skips gracefully, logs “already published”, and proceed to the next step

CI kept using deprecated [email protected] because no local version existed. The deprecated vsce CLI lacked flag --changelog-path and stuck at v2.15.0. @vscode/vsce newer, well maintained and works with Node 20+.

Summary by CodeRabbit

• Chores

  • Enhanced release workflow: added conditional publishing to Open VSX for non‑prereleases, added a preflight check before Marketplace publish, preserved changelog preference when present, and retained creation of the release after publishing.

• Build

  • Added dev dependencies for VS Code and Open VSX publishing tools to support the updated release process.

[coderabbitai]

Walkthrough

Adds a new Open VSX publish step to the release workflow (runs when prerelease == false) that uses ovsx publish, passing --changelog-path if artifacts/release.md exists. In the VS Code Marketplace publish path, adds a preflight check (npx @vscode/vsce --version) and retains existing publish behavior (uses --changelog-path when artifacts/release.md exists and passes through packagePath), still gated on prerelease == false. Keeps the Create Release step unchanged. Adds @vscode/vsce and ovsx as devDependencies in vscode/package.json.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• 🌱 Update release workflow for publishing to marketplace #736 — Modifies the release workflow to add Marketplace publishing and related devDependency changes (strongly related).
• 👻 Use @vscode/vsce to publish #882 — Switches the release workflow to use @vscode/vsce/npx for publishing commands (strongly related).

Suggested reviewers

• jmontleon
• ibolton336
• dymurray

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The pull request title uses the :seedling: prefix, which correctly indicates this is an infrastructure/workflow change according to the repository's template. The title "Add step to publish to open-vsx" is concise, clear, and directly describes the main change in the changeset—adding a new publishing step to the release workflow for the Open VSX registry. It is fully related to the primary objective of the pull request and provides enough specificity that a teammate reviewing history would understand the purpose without ambiguity.
Description Check	✅ Passed	The pull request description provides substantive and well-organized information about the changes. It clearly explains what was added (a step to publish to Open VSX registry), the migration rationale (moving from deprecated [email protected] to the maintained @vscode/vsce package), and implementation details such as graceful skipping for already-published versions and Node 20+ compatibility. The description is neither vague nor generic, though it does include the template guidance block at the end which appears to be leftover instructional text rather than part of the structured description itself.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0e8ae9b and 57d5827.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (2)

• .github/workflows/release.yml (1 hunks)
• vscode/package.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• vscode/package.json
• .github/workflows/release.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Build (windows)
• GitHub Check: Build (linux)
• GitHub Check: Build (macos)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 22d05d0 and ad79ca3.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (2)

• .github/workflows/release.yml (1 hunks)
• vscode/package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Build (macos)
• GitHub Check: Build (linux)
• GitHub Check: Build (windows)

🔇 Additional comments (1)

vscode/package.json (1)

451-452: Keep package-lock in sync with these new devDependencies

Adding @vscode/vsce and ovsx requires updating vscode/package-lock.json; otherwise the new npm ci step will fail when it cannot resolve these packages. Please regenerate and commit the lockfile update so CI has the exact versions recorded.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ad79ca3 and 07cef50.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (2)

• .github/workflows/release.yml (1 hunks)
• vscode/package.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/release.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Build (windows)
• GitHub Check: Build (linux)
• GitHub Check: Build (macos)

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Pin vsce/ovsx versions for deterministic releases.

Relying on the floating "latest" tag means every npm ci can pull a different CLI, so the release workflow may suddenly break or change behavior without any PR. Please lock both packages to known-good versions (e.g., ^x.y.z) and update them intentionally via PR when needed. This keeps the publishing pipeline reproducible and auditable.

🤖 Prompt for AI Agents

In vscode/package.json around lines 451-452 the dev dependencies use floating
"latest" for @vscode/vsce and ovsx which makes releases non-deterministic;
change both entries to pinned semver ranges (e.g., ^x.y.z) referencing
known-good versions, run npm ci / install to refresh and commit the updated
lockfile (package-lock.json or yarn.lock), and open a follow-up PR when
upgrading those pinned versions in future.

[djzager]

Just a comment on where we declare our dependency on ovsx

[djzager]

ovsx should be added as a devDependency on the root level package.json. We should use a ^someVersion so we at least declare a minimum version.