Skip to content

github actions workflow to publish to npm and then trigger codepipeline to publish to maven/nuget #1098

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 7, 2025
Merged

github actions workflow to publish to npm and then trigger codepipeline to publish to maven/nuget #1098

merged 1 commit into from
Nov 7, 2025

Conversation

@chungjac
Copy link
Contributor

@chungjac chungjac commented Nov 6, 2025
edited
Loading

Problem

The current publishing process runs everything through CodePipeline with hourly triggers, using classic npm tokens and mixed authentication patterns.

Context: npm has changed granular tokens from unlimited expiration to 90-day max limit: https://github.blog/changelog/2025-09-29-strengthening-npm-security-important-changes-to-authentication-and-token-management/#granular-npm-access-token-lifetime-limits

Solution

Implement a hybrid approach

GitHub Actions handles npm publishing:

  • Uses OIDC authentication, eliminating token expiration issues
  • Triggered only when commits are merged to main, removing the need for hourly triggers
  • Centralizes version management and git operations

CodePipeline continues to handle Maven and NuGet publishing:

  • Triggered on-demand by GitHub Actions after npm publishing
  • Maintains existing authentication patterns for these package types
  • Ensures version consistency across all packages

Benefits:

  • Eliminates npm token rotation burden with OIDC authentication
  • Reduces resource waste with on-demand execution instead of hourly runs
  • Improves security with modern authentication patterns
  • Synchronizes versions across all package managers

Note

verison is bumped from 1.0.331 --> 1.0.335 as used a few versions for testing

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@chungjac chungjac requested a review from a team as a code owner November 6, 2025 22:25
@chungjac chungjac merged commit c91929c into main Nov 7, 2025
7 checks passed
@chungjac chungjac deleted the test-release branch November 7, 2025 00:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@XiaoxuanLu XiaoxuanLu XiaoxuanLu approved these changes

@laileni-aws laileni-aws laileni-aws approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chungjac @XiaoxuanLu @laileni-aws