Skip to content

chore: refactors CI workflows for trusted publishing#11820

Merged
Zyie merged 1 commit intodevfrom
chore/trusted-publishing
Dec 30, 2025
Merged

chore: refactors CI workflows for trusted publishing#11820
Zyie merged 1 commit intodevfrom
chore/trusted-publishing

Conversation

@Zyie
Copy link
Member

@Zyie Zyie commented Dec 30, 2025

Refactors CI workflows for trusted publishing:

https://docs.npmjs.com/trusted-publishers

  • Converts publish-branch and release workflows to workflow_call for shared execution
  • Creates new publish-switch workflow to handle dual triggering (release publication and branch pushes). This is needed as currently only one workflow file can be configured
  • Updates permissions to properly handle OIDC tokens and content access
  • Removes redundant NODE_AUTH_TOKEN from push.yml

@Zyie
chore: Refactors CI workflows for trusted publishing
6e1d0f1 
Adjusts triggers, adds permissions, and introduces new publish-switch workflow. Removes NODE_AUTH_TOKEN and updates release logic conditions for better security and maintainability.
@Zyie Zyie requested a review from bigtimebuddy December 30, 2025 12:37
@pkg-pr-new
Copy link

pkg-pr-new bot commented Dec 30, 2025

commit: 6e1d0f1

@Zyie Zyie added the ✅ Ready To Merge Helpful when issues are in the queue waiting to get merged. This means the PR is completed and has t label Dec 30, 2025
@Zyie Zyie added this pull request to the merge queue Dec 30, 2025
Merged via the queue into dev with commit b77423c Dec 30, 2025
7 checks passed
@Zyie Zyie deleted the chore/trusted-publishing branch December 30, 2025 15:28
Zyie added a commit that referenced this pull request Mar 10, 2026
@Zyie
fix: add secrets: inherit to publish-switch workflow for S3 docs upload
30dae9b 
Since the trusted publishing refactor (#11820), the release workflow
called via workflow_call has not received AWS secrets, silently skipping
S3 documentation uploads on every release since v8.15.0.
@Zyie Zyie mentioned this pull request Mar 10, 2026
Merged
2 tasks
github-merge-queue bot pushed a commit that referenced this pull request Mar 16, 2026
@Zyie
fix: add secrets: inherit to publish-switch workflow for S3 docs uplo…
2ae2192 
…ad (#11962)

Since the trusted publishing refactor (#11820), the release workflow
called via workflow_call has not received AWS secrets, silently skipping
S3 documentation uploads on every release since v8.15.0.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bigtimebuddy bigtimebuddy bigtimebuddy approved these changes

Assignees

No one assigned

Labels

✅ Ready To Merge Helpful when issues are in the queue waiting to get merged. This means the PR is completed and has t

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Zyie @bigtimebuddy