Skip to content

Set write permission for Trusted publishing#86

Merged
agneym merged 1 commit intomasterfrom
chore/release-permissions
Dec 20, 2025
Merged

Set write permission for Trusted publishing#86
agneym merged 1 commit intomasterfrom
chore/release-permissions

Conversation

@agneym
Copy link
Owner

@agneym agneym commented Dec 20, 2025
edited by coderabbitai bot
Loading

https://docs.npmjs.com/trusted-publishers

Summary by CodeRabbit

  • Chores
    • Updated release workflow permissions configuration.

✏️ Tip: You can customize this high-level summary in your review settings.

@changeset-bot
Copy link

changeset-bot bot commented Dec 20, 2025

⚠️ No Changeset found

Latest commit: 8e41148

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai
Copy link

coderabbitai bot commented Dec 20, 2025
edited
Loading

Caution

Review failed

The pull request is closed.

Walkthrough

A GitHub Actions workflow file was updated to explicitly configure permissions for the release process. The id-token permission was set to write and contents to read, with no changes to workflow triggers or execution steps.

Changes

Cohort / File(s) Summary
GitHub Actions permissions configuration
\.github/workflows/release\.yml		 Added explicit permissions block to workflow: id-token: write for OIDC token generation and contents: read for repository access.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Specific areas requiring attention:
    • Verify that id-token: write is necessary for the release workflow's signing or deployment steps
    • Confirm contents: read provides sufficient access for all release operations
    • Ensure no regression in workflow execution after permissions lock-down

Poem

🐰 A rabbit hops through workflows bright,
Securing tokens, holding tight!
With id-token: write in place,
The release runs with trusted grace. ✨

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch chore/release-permissions
📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b414557 and 8e41148.

📒 Files selected for processing (1)
  • .github/workflows/release.yml (1 hunks)

Comment @coderabbitai help to get the list of available commands and usage tips.

@agneym agneym merged commit 9a81198 into master Dec 20, 2025
1 of 2 checks passed
@agneym agneym deleted the chore/release-permissions branch December 20, 2025 09:23
@coderabbitai coderabbitai bot mentioned this pull request Dec 20, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@agneym