Skip to content

feat: enable trusted publishing and update dependencies #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
taimos-projen merged 1 commit into from
Dec 28, 2025
Merged

feat: enable trusted publishing and update dependencies #45

taimos-projen merged 1 commit into from
Dec 28, 2025

Conversation

@hoegertn
Copy link
Member

@hoegertn hoegertn commented Dec 28, 2025
edited by coderabbitai bot
Loading

  • Set npmTrustedPublishing to true in .projenrc.ts for enhanced security during publishing.
  • Updated js-yaml and @typescript-eslint packages to version 8.50.1 in package-lock.json for improved functionality and security.

Summary by CodeRabbit

  • Chores
    • Updated npm publishing authentication configuration to use a trusted publisher approach instead of token-based credentials.

✏️ Tip: You can customize this high-level summary in your review settings.

@hoegertn
feat: enable trusted publishing and update dependencies
1ccd54a 
- Set npmTrustedPublishing to true in .projenrc.ts for enhanced security during publishing.
- Updated js-yaml and @typescript-eslint packages to version 8.50.1 in package-lock.json for improved functionality and security.
@amazon-inspector-frankfurt
Copy link

amazon-inspector-frankfurt bot commented Dec 28, 2025

⏳ I'm reviewing this pull request for security vulnerabilities and code quality issues. I'll provide an update when I'm done

@github-actions github-actions bot requested a review from hoegerma December 28, 2025 23:01
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 28, 2025
edited
Loading

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

The changes migrate npm publishing authentication from token-based to trusted publisher mode. The release workflow environment variable NPM_TOKEN is removed and NPM_TRUSTED_PUBLISHER is set to true, while the project configuration enables the npmTrustedPublishing option.

Changes

Cohort / File(s) Summary
npm Trusted Publisher Configuration
.github/workflows/release.yml, .projenrc.ts		 Replaces NPM_TOKEN environment variable with NPM_TRUSTED_PUBLISHER flag in release workflow; adds npmTrustedPublishing option to TaimosTypescriptLibrary project configuration to enable trusted publisher mode

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 No tokens needed, just trust so true,
Our publisher's got work to do,
With projen and workflows aligned,
A safer path we've left behind! 🎉

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch trusted-publishing
📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6005f92 and 1ccd54a.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (2)
  • .github/workflows/release.yml
  • .projenrc.ts

Comment @coderabbitai help to get the list of available commands and usage tips.

@taimos-projen taimos-projen bot enabled auto-merge December 28, 2025 23:01
@amazon-inspector-frankfurt
Copy link

amazon-inspector-frankfurt bot commented Dec 28, 2025

✅ I finished the code review, and didn't find any security or code quality issues.

@taimos-projen taimos-projen bot added this pull request to the merge queue Dec 28, 2025
Merged via the queue into main with commit 1573fd6 Dec 28, 2025
6 of 7 checks passed
@taimos-projen taimos-projen bot deleted the trusted-publishing branch December 28, 2025 23:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hoegerma hoegerma hoegerma approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hoegertn @hoegerma