Skip to content

Tautline 0.9.8

Choose a tag to compare

@jason-minervit jason-minervit released this 13 Jul 21:35

Fixed

  • Publishing to npm never authenticated, so no release could reach npm. The
    publish workflow held no secrets by design, yet still told npm to read an
    authentication token from the environment. No such token existed, so npm sent
    an empty credential rather than exchanging its OIDC identity, and the registry
    rejected every attempt with a 404. The workflow no longer configures a registry
    token in any form, and npm authenticates over OIDC Trusted Publishing as it was
    always meant to. Publishing to PyPI was never affected.
  • release-tail could not resume once it had tagged a release. It compared the
    tag's object identifier against the commit it had just pushed, but an annotated
    tag's reference names a tag object rather than a commit, so the two never
    matched and the command refused to continue, reporting a correctly placed tag
    as pointing somewhere else. Tags are now resolved to their commit before the
    comparison. A tag that genuinely points at a different commit is still refused:
    a published tag is never moved.

Full changelog: https://github.com/tautlines/tautline/blob/main/CHANGELOG.md