Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Update publish.yml#66

Merged
gracepark merged 1 commit into
maingithub/task-lists-element:mainfrom
gracepark-patch-1github/task-lists-element:gracepark-patch-1Copy head branch name to clipboard
May 14, 2026
Merged

Update publish.yml#66
gracepark merged 1 commit into
maingithub/task-lists-element:mainfrom
gracepark-patch-1github/task-lists-element:gracepark-patch-1Copy head branch name to clipboard

Conversation

@gracepark

@gracepark gracepark commented May 8, 2026

Copy link
Copy Markdown
Contributor

Copilot AI review requested due to automatic review settings May 8, 2026 20:27
@gracepark gracepark requested a review from a team as a code owner May 8, 2026 20:27
Copilot AI reviewed May 8, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the npm publish GitHub Actions workflow to support an OIDC-based publishing flow as part of the referenced OIDC migration effort.

Changes:

  • Adds id-token: write permission for OIDC token minting.
  • Updates actions/checkout and actions/setup-node to @v4 and bumps the configured Node.js version.
  • Switches npm publishing to npm publish --provenance and removes use of the npm_token secret.
Show a summary per file
File Description
.github/workflows/publish.yml Migrates release publishing workflow toward OIDC/provenance-based npm publishing and updates action/node versions.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comments suppressed due to low confidence (1)

.github/workflows/publish.yml:25

  • This package is scoped (@github/task-lists-element), and package.json does not define publishConfig.access. For scoped packages, npm publish can default to restricted/private and/or fail unless --access public (or publishConfig.access: public) is set. Consider making the access explicit to avoid a release-time publish failure or accidentally publishing as restricted.
      - run: npm --ignore-scripts publish --provenance
  • Files reviewed: 1/1 changed files
  • Comments generated: 2

Comment thread .github/workflows/publish.yml
- uses: actions/setup-node@v4
with:
node-version: 14
node-version: 24
Comment thread .github/workflows/publish.yml
- run: npm whoami; npm --ignore-scripts publish
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
- run: npm --ignore-scripts publish --provenance
@gracepark gracepark merged commit 21d30d3 into main May 14, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@llastflowers llastflowers llastflowers approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gracepark @llastflowers
Morty Proxy This is a proxified and sanitized view of the page, visit original site.