Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
kentonv
reviewed
Nov 4, 2025
GitHub issues this token automatically based on the permissions specified in the workflow itself. Seems like the right thing to do.
🦋 Changeset detectedLatest commit: aec9092 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
commit: |
Docs: https://docs.npmjs.com/trusted-publishers This should mean no token is needed for publishing. And so, we have eliminated the need for any configured secrets!
This is needed because trusted publishing can only trust one specific workflow, so we need both actions in the same workflow. Luckily they have the same trigger...
These scripts seem to have no purpose except to run shell commands. We can just run the shell commands directly from the shell. This removes a layer of indirection, making it easier to see what's going on.
kentonv
force-pushed
the
release-automation
branch
from
04cd19d to
7cc17da
Compare
This lets us prevent the workflow from running on a non-main branch, even if someone edits the workflow file in their PR.
threepointone
commented
Nov 4, 2025
(For the release workflow, moved the permissions to the right place to affect both jobs.)
kentonv
approved these changes
Nov 4, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Mostly copied from workers-oauth-provider. I still need to setup repo secrets and a couple of apps, but opening this rn.
EDIT: added secrets and apps.
This sets up some stuff for release automation, built around github actions, changesets, and pkg.pr.new.
@beta, with the version being the git hash. This lets people test whatever's in master quickly.You can make a changeset in 2 ways:
npx changesetin your PR branch, which will ask you a couple of questions (what level of change, and title). You can add more details directly in the generated changeset. You can add as many (or as few, even 0) changesets as you'd like.