chore(release): bump to v0.4.5 + fix npm OIDC publishing#71
Merged
Conversation
Sync npm with current code (npm stuck at 0.4.3; PyPI/repo at 0.4.4 with 14 unreleased commits) and unblock automated npm publishing. - ci(npm-publish): upgrade npm CLI before publish. Node 22 bundles npm 10.x, which lacks OIDC trusted-publishing support and falls back to anonymous publish — registry returns 404. Trusted publishing needs npm >= 11.5.1. - bump 0.4.4 -> 0.4.5 across pyproject, package.json, marketplace, README badge, install.sh, install.ps1 (scripts/bump-version.sh) - changelog: add [0.4.5] Requires the npmjs trusted publisher to be configured for codeforerunner (repo derek-palmer/codeforerunner, workflow npm-publish.yml, environment npm) before the v0.4.5 tag is pushed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release 0.4.5 — brings npm back in sync with current code and unblocks automated npm publishing.
Background
npm was stuck at 0.4.3 while PyPI/repo sat at 0.4.4 with 14 unreleased commits. Root cause of the npm gap: the
npm-publishworkflow has never succeeded — every run 404s at the publish step. Two causes:codeforerunner(OIDC, tokenless). 0.4.3 reached npm via a manual hand-publish.404.Changes
ci(npm-publish): addnpm install -g npm@latestbefore publish; fix the misleading Node-version comment (it is the npm CLI version that gates OIDC trusted publishing, not the Node version).0.4.4 → 0.4.5acrosspyproject.toml,package.json,marketplace.json(×2), README Socket badge,install.sh,install.ps1viascripts/bump-version.sh.CHANGELOG.md: add[0.4.5].v.0.4.4git tag (stray dot, pointed at an unrelated commit, caused spurious failed runs).Required manual step before tagging
OIDC trusted publishing must be configured on npmjs.com (owner-only, 2FA):
npmjs.com → package
codeforerunner→ Settings → Trusted Publishers → GitHub Actions:derek-palmer· Repocodeforerunner· Workflownpm-publish.yml· EnvironmentnpmOnce configured + this PR merged, push tag
v0.4.5→ publishes npm 0.4.5 (OIDC) + PyPI 0.4.5 + Docker + Codex marketplace, all in sync.Validation
scripts/check_versions.py— 6-way parity OKscripts/validate_codex_marketplace.py— exit 0pytest253 passed ·npm test8 passedDecided to skip a 0.4.4 npm backfill (OIDC cannot publish from a laptop, and re-pushing v0.4.4 would re-trigger duplicate PyPI/Docker publishes) — npm goes 0.4.3 → 0.4.5.