Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates the GitHub Actions publish workflow to use npm's built-in OIDC authentication instead of token-based authentication, and corrects the repository URL casing in package.json.
Changes:
- Migrated npm publishing from JS-DevTools/npm-publish action to native
npm publishwith OIDC authentication - Moved permissions from workflow level to job level with appropriate scopes for OIDC
- Updated repository URL to use correct SolidOS organization casing
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| package.json | Updated repository URL to use correct "SolidOS" casing |
| .github/workflows/ci.yml | Migrated to OIDC-based npm publishing with native npm commands and job-level permissions |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| with: | ||
| token: ${{ secrets.NPM_TOKEN }} | ||
| tag: ${{ env.GITHUB_REF_SLUG }} | ||
| run: npm publish --tag ${{ env.GITHUB_REF_SLUG }} |
There was a problem hiding this comment.
Missing NODE_AUTH_TOKEN environment variable required for npm authentication. Add env: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} or configure npm to use the registry-url set in actions/setup-node.
| with: | ||
| token: ${{ secrets.NPM_TOKEN }} | ||
| tag: latest | ||
| run: npm publish --tag latest |
There was a problem hiding this comment.
Missing NODE_AUTH_TOKEN environment variable required for npm authentication. Add env: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} or configure npm to use the registry-url set in actions/setup-node.
| run: npm publish --tag latest | |
| run: npm publish --tag latest | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
2 participants
No description provided.