ci: adopt release-please and OIDC publishing#55
Merged
Conversation
Adopt release-please in simple mode (seeds from the v3.0.1 tag): it opens a release PR from conventional commits, and on merge tags, cuts the GitHub release, and the publish job ships to npm via OIDC trusted publishing (no token, automatic provenance).
release-please now owns versioning, tagging, the GitHub release, and the npm publish, so the manual release, prerelease, and postrelease scripts are gone.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Replaces the manual
npm versionrelease flow with release-please plus OIDC trusted publishing.Changes
.github/workflows/release.yml: release-please in simple mode (seeds from thev3.0.1tag) opens a release PR from conventional commits; on merge it tags, cuts the GitHub release, and the publish job ships to npm via OIDC trusted publishing (noNPM_TOKEN, automatic provenance).release,prerelease, andpostreleasescripts now that release-please owns versioning, tagging, the release, and the publish.Verification
npm testpasses locally. The release workflow can only be exercised onmainafter merge.On merge this PR cuts no release: release-please scans commits since
v3.0.1and finds only chore/build/ci/test, so no version bump and the publish job stays gated off. The first automated release happens when the nextfix:/feat:lands (the dist-only + engines change). npm trusted publisher and the GitHub Actions PR/permission settings are already configured.