Skip to content

chore(npm): Attempt to fix issue with Trusted Publishers when using reusable workflows #187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gnbm merged 1 commit into from
Nov 16, 2025
Merged

chore(npm): Attempt to fix issue with Trusted Publishers when using reusable workflows #187

gnbm merged 1 commit into from
Nov 16, 2025

Conversation

@gnbm
Copy link
Contributor

@gnbm gnbm commented Nov 16, 2025
edited
Loading

What is the current behavior?

  • Publishing to npm is failing due to the changes to move to Trusted Publishers, since it seems that they still don't support reusable workflows, as mentioned here
  • The action to which we grant permissions on npm needs to follow a strict path location .github/workflows/ in your repository.
  • Permissions mismatches running GitHub actions
  • Used stenciljs/.github/actions/publish-npm@main

GitHub Issue Number: N/A

What is the new behavior?

  • The repo now owns an OIDC-enabled publish-npm.yml, release-dev.yml, release-production.yml, and release-orchestrator.yml, so releases no longer reuse stenciljs/.github/actions/publish-npm@main
  • Fixed permissions mismatch by applying the orchestrator method for npm publish:

release-orchestrator.yml (contents: read, id-token: write)
├─→ release-dev.yml (contents: read, id-token: write)
│ └─→ publish-npm.yml (contents: read, id-token: write) ✅
└─→ release-production.yml (contents: read, id-token: write)
└─→ publish-npm.yml (contents: read, id-token: write) ✅

Documentation

N/A

Does this introduce a breaking change?

  • Yes
  • No

Testing

  • Run pipelines after merge

Other information

  • The workflow release-orchestrator.yml needs to be the one set up in the npm package settings for the Trusted Publishers

@gnbm gnbm added Bug: Validated github_actions Pull requests that update GitHub Actions code labels Nov 16, 2025
@gnbm gnbm marked this pull request as ready for review November 16, 2025 23:01
@gnbm gnbm merged commit d584772 into main Nov 16, 2025
6 checks passed
@gnbm gnbm changed the title bug(npm): Attempt to fix issue with Trusted Publishers when using reusable workflows chore(npm): Attempt to fix issue with Trusted Publishers when using reusable workflows Nov 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Bug: Validated github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gnbm