Skip to content

Configure npm publish workflow with provenance support#180

Merged
ljones140 merged 3 commits intomainfrom
bteng22/npm-publish
Apr 21, 2026
Merged

Configure npm publish workflow with provenance support#180
ljones140 merged 3 commits intomainfrom
bteng22/npm-publish

Conversation

@bteng22
Copy link
Copy Markdown
Contributor

@bteng22 bteng22 commented Apr 20, 2026

Updated publish workflow to include provenance and removed npm whoami step.

Purpose

We required trusted publishing for npm packages using OIDC https://docs.npmjs.com/trusted-publishers. It's been configured in NPM and now we just need to enable it in the workflow

image

Related Issues

https://github.slack.com/archives/CMZ4DC9BL/p1776702563854929

@bteng22
Configure npm publish workflow with provenance support
bea2874 
Updated publish workflow to include provenance and removed npm whoami step.
Copilot AI review requested due to automatic review settings April 20, 2026 20:06
@bteng22 bteng22 requested a review from a team as a code owner April 20, 2026 20:06
Copilot AI reviewed Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the npm publish GitHub Actions workflow to support npm Trusted Publishing by enabling OIDC-based provenance and removing the use of a long-lived npm token.

Changes:

  • Add id-token: write permission so npm can request an OIDC token for provenance/trusted publishing.
  • Remove npm whoami and token-based publishing, switching to npm publish --provenance.
Show a summary per file
File Description
.github/workflows/publish.yml Enables OIDC token issuance for npm provenance and updates the publish command accordingly.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 1/1 changed files
  • Comments generated: 3

Comment thread .github/workflows/publish.yml Outdated
Comment thread .github/workflows/publish.yml Outdated
Comment thread .github/workflows/publish.yml
bteng22 and others added 2 commits April 20, 2026 13:44
@bteng22
Potential fix for pull request finding
7f29f6b 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@bteng22
Potential fix for pull request finding
ad77067 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
ljones140
ljones140 approved these changes Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@ljones140 ljones140 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @bteng22

@ljones140 ljones140 merged commit 150c399 into main Apr 21, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ljones140 ljones140 ljones140 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bteng22 @ljones140