Skip to content

feat(release): add trusted publish workflow with provenance #28

Closed
#49
Closed
feat(release): add trusted publish workflow with provenance#28
#49
Labels
priority:mediumMedium priority for production readinessproduction-readinessProduction readiness hardening before public releasetype:ciContinuous integration and automationtype:securitySecurity policy or supply-chain hardening
@ubugeeei

Description

@ubugeeei
ubugeeei
opened on May 18, 2026

Problem

There is no tag-triggered release workflow, OIDC trusted publishing, npm provenance, crate dry-run gate, or artifact attestation.

Acceptance criteria

  • Add a release workflow for tags.
  • Use trusted publishing/OIDC where supported.
  • Publish npm packages with provenance and verify crate package dry-runs.
  • Attach release artifacts or attestations where appropriate.

Metadata

Metadata

Assignees

No one assigned

    Labels

    priority:mediumMedium priority for production readinessproduction-readinessProduction readiness hardening before public releasetype:ciContinuous integration and automationtype:securitySecurity policy or supply-chain hardening

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions