fix(ci): update npm for OIDC trusted publishing #5
Conversation
GitHub Actions runners have outdated npm that doesn't support OIDC. npm 11.5.1+ required for trusted publishing to work. Signed-off-by: assagman <[email protected]>
|
Note Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported. |
There was a problem hiding this comment.
Pull request overview
This PR updates the GitHub Actions release workflow to install the latest npm version before publishing to npm. This addresses an issue where outdated npm versions on GitHub Actions runners lack support for OIDC trusted publishing (requires npm 11.5.1+), which was causing authentication failures.
Changes:
- Added a new workflow step to globally install the latest npm version before the publish step
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| registry-url: 'https://registry.npmjs.org' | ||
|
|
||
| - name: Update npm for OIDC trusted publishing | ||
| run: npm install -g npm@latest |
There was a problem hiding this comment.
Using npm@latest may introduce instability if future npm versions have breaking changes. Consider pinning to a specific version range (e.g., npm@^11.5.1) to ensure OIDC support while maintaining predictable behavior.
| run: npm install -g npm@latest | |
| run: npm install -g npm@^11.5.1 |
| registry-url: 'https://registry.npmjs.org' | ||
|
|
||
| - name: Update npm for OIDC trusted publishing | ||
| run: npm install -g npm@latest |
There was a problem hiding this comment.
Consider adding an inline comment documenting the minimum required npm version (11.5.1+) to help future maintainers understand the version requirement for OIDC trusted publishing.
| run: npm install -g npm@latest | |
| run: npm install -g npm@latest # Ensure npm >= 11.5.1 for OIDC trusted publishing |
- Workflow now inserts new version AFTER [Unreleased], not before - Fixed misplaced [Unreleased] section in CHANGELOG.md - Added 0.10.2 entry for recent changes (#5, #6) - Consolidated duplicate 0.10.1 entries Signed-off-by: assagman <[email protected]>
* chore(release): prepare v0.10.2 * fix(release): handle [Unreleased] section in changelog generation - Workflow now inserts new version AFTER [Unreleased], not before - Fixed misplaced [Unreleased] section in CHANGELOG.md - Added 0.10.2 entry for recent changes (#5, #6) - Consolidated duplicate 0.10.1 entries Signed-off-by: assagman <[email protected]> --------- Signed-off-by: assagman <[email protected]> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: assagman <[email protected]>
Summary
npm install -g npm@latestbefore publish stepRoot Cause
GitHub Actions runners have outdated npm, causing:
After Merge
Re-run Publish Release workflow to publish v0.10.1 to npm.