Skip to content

chore: use npm trust publish #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fengmk2 merged 6 commits into from
Nov 11, 2025
Merged

chore: use npm trust publish #44

fengmk2 merged 6 commits into from
Nov 11, 2025

Conversation

@fengmk2
Copy link
Member

@fengmk2 fengmk2 commented Nov 11, 2025
edited
Loading

@fengmk2 fengmk2 requested a review from Copilot November 11, 2025 13:45
Copilot AI reviewed Nov 11, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements npm trusted publishing (OIDC-based) for automated package releases to npm when version tags are pushed. It removes the deprecated git-contributor tool and updates the contributors section to use contrib.rocks instead.

  • Adds a new GitHub Actions workflow for automated npm publishing using trusted publishers
  • Removes git-contributor package and its npm script
  • Updates README contributors section to use contrib.rocks service
  • Updates History.md to point to GitHub Releases for changelog information
  • Adds Node.js version 24 to the CI test matrix

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
.github/workflows/release.yml New workflow for automated npm package publishing using OIDC-based trusted publishing
.github/workflows/nodejs.yml Adds Node.js 24 to the CI test matrix
package.json Removes git-contributor dependency and script
README.md Updates Contributors section to use contrib.rocks instead of git-contributor
History.md Adds notice to refer to GitHub Releases for the latest changelog

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/release.yml Outdated

- run: npm install
- run: npm run build --if-present
- run: npm test
Copy link

Copilot AI Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow runs npm test on line 26, but this will execute all tests including integration tests that require external services (Redis, etcd, Layotto) which are not set up in this workflow.

According to the package.json, npm test runs jest --detectOpenHandles which runs all tests. However, the nodejs.yml workflow uses npm run ci which runs npm run lint && npm run build && npm run test:unit - using only unit tests.

Consider changing line 26 to npm run test:unit to avoid failures due to missing integration test dependencies, or set up the required services similar to the nodejs.yml workflow.

Suggested change
- run: npm test
- run: npm run test:unit

Copilot uses AI. Check for mistakes.
@fengmk2 fengmk2 merged commit 70094f9 into main Nov 11, 2025
2 of 8 checks passed
@fengmk2 fengmk2 deleted the trust-publish branch November 11, 2025 13:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fengmk2