Closed
Conversation
bleepbloopsify
force-pushed
the
leon/fix-release-workflow
branch
from
ce716de to
cfc62ce
Compare
2 tasks
Shigoto-dev19
added a commit
that referenced
this pull request
Feb 9, 2026
Cloeses o1-labs/o1js-site#3. Sibling of PR #142. ## Summary - Remove `registry-url` from `actions/setup-node`: it generates an `.npmrc` that conflicts with npm's OIDC trusted publishing authentication - Add `--provenance` to `npm publish`: signs the package with a build attestation linking it to this repo and workflow - Add `workflow_dispatch` trigger: allows manual publishes from the GitHub Actions UI - NOTE: - This PR does everything as PR [#142 ](#142.). However #142 didn't add `--provenance`. Without it, the `id-token: write` permission is set up but never actually used. The OIDC token gets requested but `npm publish` doesn't attach it as a signed attestation to the package. So it's a fix on top of what PR #142 had. ## Publishing process ### Pre-release steps 1. Bump the version in `package.json` (e.g. `npm version patch` / `minor` / `major`) 2. Commit the version bump 3. Tag the commit: `git tag v<version>` (e.g. `git tag v0.1.0`) 4. Push both: `git push origin main --tags` The workflow triggers automatically on the `v*` tag push. It will: 1. Install dependencies (`npm ci`) 2. Build the package (`npm run build`) 3. Run tests (`npm test`) 4. Publish to npm with provenance attestation Alternatively, you can trigger the workflow manually from the [Actions tab](../../actions/workflows/publish-npm.yml) using "Run workflow" on any branch. ### Prerequisites - npm trusted publishing must be configured for this package on npmjs.com, linking it to this GitHub repo (already done by Leon) - The version in `package.json` must not already be published on npm ## Test plan - [ ] Trigger workflow manually via `workflow_dispatch` to verify it authenticates and publishes correctly - [ ] Verify the published package on `npmjs.com` shows provenance information
Contributor
|
Closed in favor of #143. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
the release workflow copied directly from github doesn't work right