eslint-plugin-jest-dom icon indicating copy to clipboard operation
eslint-plugin-jest-dom copied to clipboard
verified publisher icon testing-library

ci: switch to using OIDC for publishing releases

Open G-Rath opened this issue 2 months ago • 2 comments

What:

This

  • bumps the version of Node when publishing to v22, as that is required by semantic-release v25
  • uses semantic-release v25 for publishing, as that version supports OIDC authentication
  • ensures the release job has the needed permissions for publishing with OIDC
  • ensures npm v11.5.1 or higher is installed as that is the first version that introduced support for OIDC publishing
  • removes the use of the NPM token, since OIDC is now used for authentication

Why:

Publishing tokens are now going to have a max expiration of 90 days, making them not suitable for CI-based publishing.

OIDC is also generally more secure and allows publishing with provenance

How:

Checklist:

  • [ ] Documentation
  • [ ] Tests
  • [ ] Ready to be merged

G-Rath avatar Oct 23 '25 18:10 G-Rath

@MichaelDeBoey @Belco90 someone with access to the NPM package will need to setup the trusted publisher, similar to this.

Once that is done, I'll mark this as ready-for-review

G-Rath avatar Oct 23 '25 18:10 G-Rath

@MichaelDeBoey @Belco90 someone with access to the NPM package will need to setup the trusted publisher, similar to this.

Once that is done, I'll mark this as ready-for-review

I'm afraid I don't have access to this. It's published under @benmonro account on npm registry.

Belco90 avatar Oct 27 '25 08:10 Belco90