Skip to content

chore: remove CI/CD release workflow and add manual publishing docs#171

Merged
jaruesink merged 4 commits intomainfrom
changeset-release/main
Jan 22, 2026
Merged

chore: remove CI/CD release workflow and add manual publishing docs#171
jaruesink merged 4 commits intomainfrom
changeset-release/main

Conversation

@jaruesink
Copy link
Copy Markdown
Contributor

@jaruesink jaruesink commented Jan 22, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Documentation

    • Updated versioning and publishing guidance detailing the Changesets workflow with automatic CI/CD publishing
    • Added comprehensive Publishing section documenting automated publishing via npm trusted publishers and manual workflows

  • Chores

    • Updated CI/CD release workflow to support automated publishing via OIDC, eliminating the need for long-lived npm tokens
    • Updated GitHub Actions dependencies to latest versions

✏️ Tip: You can customize this high-level summary in your review settings.

@jaruesink
chore: remove CI/CD release workflow and add manual publishing docs
1bdf638 
- Remove .github/workflows/release.yml
- Add comprehensive publishing documentation to README
- Document manual release process using changesets and npm CLI
@jaruesink
docs: clarify changeset publish workflow uses npm
8debc2d
@jaruesink
feat: add CI/CD release workflow with npm trusted publishers
f8916bc 
- Recreate release.yml workflow with OIDC support
- Add id-token: write permission for trusted publishing
- Update README with trusted publisher setup instructions
- Remove need for NPM_TOKEN secret
@bolt-new-by-stackblitz
Copy link
Copy Markdown

bolt-new-by-stackblitz bot commented Jan 22, 2026

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Jan 22, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

Walkthrough

This PR implements npm trusted publishers (OIDC) for automated CI/CD releases, replacing NPM_TOKEN-based authentication. The GitHub Actions workflow is updated with OIDC permissions and tool version bumps, while documentation is expanded to guide both automatic and manual publishing workflows through this new authentication path.

Changes

Cohort / File(s) Summary
Publishing Documentation
AGENTS.md, .cursor/rules/versioning-with-npm.mdc, README.md		 Adds and expands guidance on CI/CD publishing via npm trusted publishers (OIDC). Documents removal of long-lived npm tokens, clarifies Changesets workflow with automatic publishing, and provides comprehensive setup instructions including prerequisite configuration on npmjs.com.
CI/CD Workflow
.github/workflows/release.yml		 Adds OIDC permissions block (id-token: write), updates checkout action to v4, updates Node setup to v4 with version 22, bumps Yarn from 4.4.1 to 4.9.1, changes install command to --immutable, and removes NPM_TOKEN environment variable.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 No tokens tucked away in my burrow so deep,
OIDC trust lets publishing secrets keep,
GitHub and npm in harmony dance,
CI/CD's magic—no token perchance!
To the registry I hop, free and light! 🚀

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch changeset-release/main

Comment @coderabbitai help to get the list of available commands and usage tips.

@jaruesink
docs: update documentation for npm trusted publishers
f4fe593 
- Update AGENTS.md to mention trusted publishers and changeset workflow
- Update versioning-with-npm.mdc to clarify changesets as primary method
- Add notes about OIDC authentication and no tokens required
@jaruesink jaruesink merged commit 782bb72 into main Jan 22, 2026
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jaruesink