Skip to content

CLOUDPLAT-3162: add npm OIDC publish workflow (node-cpp-skel)#173

Open
haseebehsan wants to merge 1 commit into
mainfrom
cloudplat-3162/add-npm-oidc-publish
Open

CLOUDPLAT-3162: add npm OIDC publish workflow (node-cpp-skel)#173
haseebehsan wants to merge 1 commit into
mainfrom
cloudplat-3162/add-npm-oidc-publish

Conversation

@haseebehsan

@haseebehsan haseebehsan commented Jun 24, 2026

Copy link
Copy Markdown

Summary

  • .github/workflows/npm-release.yml: new workflow_dispatch workflow that publishes to npm and creates a GitHub release using OIDC Trusted Publishing — no npm tokens required.
  • CONTRIBUTING.md: documents the release process — bump version, update CHANGELOG, merge PR, trigger workflow from Actions tab.
  • package.json: patch version bump and publishConfig: { access: "public" } for the scoped package.

Prerequisites before merging

The workflow uses an npm-release GitHub Environment as a release gate. Before merging, create it in this repo:

  1. Go to Settings → Environments → New environment, name it npm-release
  2. Under Deployment branches, restrict to the default branch (main)
  3. Under Required reviewers, add your team (or mapbox/team-mapbox to allow any Mapbox employee to approve)

Without this environment, the workflow will fail when triggered.

Trigger: once merged, run from the Actions tab → NPM release → Run workflow → approve the environment gate.

Ticket: https://mapbox.atlassian.net/browse/CLOUDPLAT-3162

@haseebehsan haseebehsan added the ai AI coding agents co-authored the code label Jun 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ai AI coding agents co-authored the code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@haseebehsan