Skip to content

fix(ci): publishing doesn't work #570

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
molikuner merged 1 commit into from
Jan 23, 2026
Merged

fix(ci): publishing doesn't work #570

molikuner merged 1 commit into from
Jan 23, 2026
+3,728 −2,682

Conversation

@molikuner
Copy link
Contributor

@molikuner molikuner commented Jan 22, 2026
edited
Loading

What

This PR migrates the publishing process to use the Trusted Publishing mechanism.

Why

GitHub and NPM recently introduced tighter security on the publishing process for NPM packages.

More info can be found here: https://github.blog/changelog/2025-09-29-strengthening-npm-security-important-changes-to-authentication-and-token-management/

How

Adjust the release process to use id-tokens from GitHub to authenticate against the npm registry.

Closes #569

@molikuner
fix(ci): publishing doesn't work
d14bc8a 
GitHub and NPM recently introduced tighter security on the publishing
process for NPM packages. To use trusted publishing without tokens, we
have to slightly change the publishing config.

Example config can be found here: https://github.com/semantic-release/semantic-release/blob/c58fe12f90022b4d6c6e34fc0eb0e4f7b21e815a/docs/recipes/ci-configurations/github-actions.md#githubworkflowsreleaseyml-configuration-for-node-projects

SREI-3017
@molikuner molikuner self-assigned this Jan 22, 2026
molikuner
molikuner commented Jan 22, 2026
View reviewed changes
@pkg-pr-new
Copy link

pkg-pr-new bot commented Jan 22, 2026

Open in StackBlitz

npm i https://pkg.pr.new/@freenow/wave@570

commit: d14bc8a

molikuner
molikuner commented Jan 22, 2026
View reviewed changes
@molikuner molikuner merged commit 6b5dcd7 into main Jan 23, 2026
13 checks passed
@molikuner molikuner deleted the SREI-3017-fix-publishing branch January 23, 2026 08:55
github-actions bot pushed a commit that referenced this pull request Jan 23, 2026
@semantic-release-bot
chore(release): 2.49.1 [skip ci]
269dffd 
## <small>2.49.1 (2026-01-23)</small>

* fix(AUT-2298): Bug fix for years that default incorrectly  (#568) ([5568a13](5568a13)), closes [#568](#568)
* fix(ci): extend GITHUB_TOKEN permissions for release (#571) ([85a6fc6](85a6fc6)), closes [#571](#571)
* fix(ci): publishing doesn't work (#570) ([6b5dcd7](6b5dcd7)), closes [#570](#570)
@github-actions
Copy link
Contributor

github-actions bot commented Jan 23, 2026

🎉 This PR is included in version 2.49.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jonotrujillo jonotrujillo jonotrujillo approved these changes

Assignees

@molikuner molikuner

Labels

released

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

The automated release is failing 🚨

3 participants

@molikuner @jonotrujillo