Skip to content

ci(npm): OIDC/Trusted publishing workflow & node update#1654

Merged
damyanpetev merged 7 commits intomasterfrom
btraykov/update-npm-for-npmjs-oidc
Apr 28, 2026
Merged

ci(npm): OIDC/Trusted publishing workflow & node update#1654
damyanpetev merged 7 commits intomasterfrom
btraykov/update-npm-for-npmjs-oidc

Conversation

@turbobobbytraykov
Copy link
Copy Markdown
Contributor

@turbobobbytraykov turbobobbytraykov commented Apr 22, 2026
edited by kdinev
Loading

Description

This is one of the few remaining repos where we don't have Trusted Publishing to npmjs.org.
I have enabled Trusted Publishing for each package being published from this repo - I believe that publishing a new rc #4 is the best way to try this out.

Related Issue

Closes #

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update
  • Refactoring / code cleanup
  • Build / CI configuration change

Affected Packages

  • igniteui-cli (packages/cli)
  • @igniteui/cli-core (packages/core)
  • @igniteui/angular-templates (packages/igx-templates)
  • @igniteui/angular-schematics (packages/ng-schematics)
  • @igniteui/mcp-server (packages/igniteui-mcp)

Checklist

  • I have tested my changes locally (npm run test)
  • I have built the project successfully (npm run build)
  • I have run the linter (npm run lint)
  • I have added/updated tests as needed
  • My changes do not introduce new warnings or errors

Additional Context

Copilot AI review requested due to automatic review settings April 22, 2026 10:11
@turbobobbytraykov
Copy link
Copy Markdown
Contributor Author

turbobobbytraykov commented Apr 22, 2026

@damyanpetev , according to the initial official docs for Trusted Publishing:
https://docs.npmjs.com/trusted-publishers
image
My concern is that we are currently using node 20 - for this version npm can be updated to v 11.12.1 , so at least npm is OK and I hope that that's sufficient.

Copilot AI reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the npm publish GitHub Actions workflow to use npmjs.org Trusted Publishing (OIDC) instead of an NPM_TOKEN, aligning this repo with the newer publishing model for the listed packages.

Changes:

  • Grants id-token: write so the workflow can request an OIDC token for npm Trusted Publishing.
  • Updates npm in the runner prior to publishing.
  • Removes NODE_AUTH_TOKEN injection (token-based auth) from the publish step.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/npm-publish.yml
Comment on lines 6 to 8
permissions:
id-token: write
contents: read
Copy link

Copilot AI Apr 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider scoping id-token: write to the specific job (or even the publishing step via job-level permissions) instead of workflow-wide permissions. This keeps least-privilege if additional jobs are added later.

Copilot uses AI. Check for mistakes.
Comment thread .github/workflows/npm-publish.yml Outdated
Comment thread .github/workflows/npm-publish.yml Outdated
@coveralls
Copy link
Copy Markdown

coveralls commented Apr 22, 2026
edited
Loading

Coverage Status

coverage: 86.279%. remained the same — btraykov/update-npm-for-npmjs-oidc into master

damyanpetev
damyanpetev reviewed Apr 28, 2026
View reviewed changes
Comment thread .github/workflows/npm-publish.yml Outdated
damyanpetev
damyanpetev reviewed Apr 28, 2026
View reviewed changes
Comment thread .github/workflows/npm-publish.yml Outdated
damyanpetev
damyanpetev reviewed Apr 28, 2026
View reviewed changes
Comment thread .github/workflows/npm-publish.yml Outdated
damyanpetev and others added 3 commits April 28, 2026 12:13
@damyanpetev
ci(npm): update node version
334581a 
Co-authored-by: Damyan Petev <damyanpetev@users.noreply.github.com>
@damyanpetev
chore: update packages for 15.1.0-beta.0
18e4e94
@turbobobbytraykov
Add repository details to package.json for igniteui-mcp package
ecf7069 
So we can get OIDC/Trusted publishing to npmjs.org going
damyanpetev
damyanpetev previously approved these changes Apr 28, 2026
View reviewed changes
@damyanpetev damyanpetev changed the title (ci)Update npm-publish workflow for npmjs.org OIDC/Trusted publishing ci(npm): OIDC/Trusted publishing workflow & node update Apr 28, 2026
@damyanpetev damyanpetev merged commit 94b167f into master Apr 28, 2026
2 of 3 checks passed
@damyanpetev damyanpetev deleted the btraykov/update-npm-for-npmjs-oidc branch April 28, 2026 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@damyanpetev damyanpetev damyanpetev approved these changes

Assignees

@damyanpetev damyanpetev

Labels

ci: github-actions npm squash-merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@turbobobbytraykov @coveralls @damyanpetev