Skip to content

fix(ci): update npm for OIDC trusted publishing#5

Merged
assagman merged 1 commit intomainfrom
fix/npm-oidc
Jan 15, 2026
Merged

fix(ci): update npm for OIDC trusted publishing#5
assagman merged 1 commit intomainfrom
fix/npm-oidc

Conversation

@assagman
Copy link
Owner

@assagman assagman commented Jan 15, 2026

Summary

  • Add npm install -g npm@latest before publish step
  • npm 11.5.1+ required for OIDC trusted publishing

Root Cause

GitHub Actions runners have outdated npm, causing:

npm notice Access token expired or revoked
npm error 404 Not Found

After Merge

Re-run Publish Release workflow to publish v0.10.1 to npm.

@assagman
fix(ci): update npm to latest for OIDC trusted publishing
f0eefcb 
GitHub Actions runners have outdated npm that doesn't support OIDC.
npm 11.5.1+ required for trusted publishing to work.

Signed-off-by: assagman <ahmetsercansagman@gmail.com>
Copilot AI review requested due to automatic review settings January 15, 2026 21:45
@gemini-code-assist
Copy link

gemini-code-assist bot commented Jan 15, 2026

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

@assagman assagman merged commit 314289f into main Jan 15, 2026
5 checks passed
@assagman assagman deleted the fix/npm-oidc branch January 15, 2026 21:46
Copilot AI reviewed Jan 15, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the GitHub Actions release workflow to install the latest npm version before publishing to npm. This addresses an issue where outdated npm versions on GitHub Actions runners lack support for OIDC trusted publishing (requires npm 11.5.1+), which was causing authentication failures.

Changes:

  • Added a new workflow step to globally install the latest npm version before the publish step

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/release-publish.yml
registry-url: 'https://registry.npmjs.org'

- name: Update npm for OIDC trusted publishing
run: npm install -g npm@latest
Copy link

Copilot AI Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using npm@latest may introduce instability if future npm versions have breaking changes. Consider pinning to a specific version range (e.g., npm@^11.5.1) to ensure OIDC support while maintaining predictable behavior.

Suggested change
run: npm install -g npm@latest
run: npm install -g npm@^11.5.1

Copilot uses AI. Check for mistakes.
.github/workflows/release-publish.yml
registry-url: 'https://registry.npmjs.org'

- name: Update npm for OIDC trusted publishing
run: npm install -g npm@latest
Copy link

Copilot AI Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider adding an inline comment documenting the minimum required npm version (11.5.1+) to help future maintainers understand the version requirement for OIDC trusted publishing.

Suggested change
run: npm install -g npm@latest
run: npm install -g npm@latest # Ensure npm >= 11.5.1 for OIDC trusted publishing

Copilot uses AI. Check for mistakes.
@github-actions github-actions bot mentioned this pull request Jan 15, 2026
Merged
3 tasks
assagman added a commit that referenced this pull request Jan 15, 2026
@assagman
fix(release): handle [Unreleased] section in changelog generation
b532009 
- Workflow now inserts new version AFTER [Unreleased], not before
- Fixed misplaced [Unreleased] section in CHANGELOG.md
- Added 0.10.2 entry for recent changes (#5, #6)
- Consolidated duplicate 0.10.1 entries

Signed-off-by: assagman <ahmetsercansagman@gmail.com>
assagman added a commit that referenced this pull request Jan 15, 2026
@github-actions @assagman
Release v0.10.2 (#7)
2b9ace2 
* chore(release): prepare v0.10.2

* fix(release): handle [Unreleased] section in changelog generation

- Workflow now inserts new version AFTER [Unreleased], not before
- Fixed misplaced [Unreleased] section in CHANGELOG.md
- Added 0.10.2 entry for recent changes (#5, #6)
- Consolidated duplicate 0.10.1 entries

Signed-off-by: assagman <ahmetsercansagman@gmail.com>

---------

Signed-off-by: assagman <ahmetsercansagman@gmail.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: assagman <ahmetsercansagman@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@assagman