Skip to content

fix: update ci to publish on npm#167

Merged
jorgedanisc merged 1 commit into
devfrom
jorgedanisc
Dec 14, 2025
Merged

fix: update ci to publish on npm#167
jorgedanisc merged 1 commit into
devfrom
jorgedanisc

Conversation

@jorgedanisc

Copy link
Copy Markdown
Contributor

No description provided.

@jorgedanisc jorgedanisc self-assigned this Dec 14, 2025
Copilot AI review requested due to automatic review settings December 14, 2025 01:43
@jorgedanisc jorgedanisc merged commit f817ebb into dev Dec 14, 2025

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR migrates the ducsvg and ducpdf packages from using the @semantic-release/npm plugin to using npm publish directly within the @semantic-release/exec plugin. The workflows are updated to include Node.js setup and npm update steps to support OIDC-based publishing.

Key Changes:

  • Removed @semantic-release/npm plugin configuration and switched to npm publish command in @semantic-release/exec
  • Added Node.js setup and npm update steps to both release workflows
  • Added npm audit signatures verification step to both workflows

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 6 comments.

File Description
packages/ducsvg/release.config.cjs Replaced @semantic-release/npm plugin with npm publish command in @semantic-release/exec
packages/ducpdf/release.config.cjs Replaced @semantic-release/npm plugin with npm publish command in @semantic-release/exec
.github/workflows/release-ducsvg.yml Added Node.js setup, npm update, and npm audit signatures steps to support npm publishing
.github/workflows/release-ducpdf.yml Added Node.js setup, npm update, and npm audit signatures steps to support npm publishing

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +33 to +36
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20.x

Copilot AI Dec 14, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NPM authentication is not configured in the workflow. The setup-node action should include registry-url and the Release step should include NPM_TOKEN in the environment variables. Without this, npm publish will fail with authentication errors. Add registry-url: 'https://registry.npmjs.org' to the Setup Node.js step and add NPM_TOKEN: secrets.NPM_TOKEN to the Release step's environment variables.

Copilot uses AI. Check for mistakes.
- name: Update npm
run: npm install -g npm@latest


Copilot AI Dec 14, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are two consecutive blank lines here. The codebase typically uses single blank lines between sections for consistency. Consider removing one blank line.

Suggested change

Copilot uses AI. Check for mistakes.
- name: Update npm
run: npm install -g npm@latest


Copilot AI Dec 14, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are two consecutive blank lines here. The codebase typically uses single blank lines between sections for consistency. Consider removing one blank line.

Suggested change

Copilot uses AI. Check for mistakes.
"@semantic-release/exec",
{
prepareCmd: "node ../../scripts/semrel-set-version.js packages/ducsvg ${nextRelease.version}",
publishCmd: "npm publish",

Copilot AI Dec 14, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The npm publish command is missing the --provenance flag that was previously configured via @semantic-release/npm. OIDC-based provenance publishing provides cryptographic proof of where and how the package was built, which is a security best practice. Without this flag, packages will be published without provenance attestations. Consider adding the --provenance flag: "npm publish --provenance"

Suggested change
publishCmd: "npm publish",
publishCmd: "npm publish --provenance",

Copilot uses AI. Check for mistakes.
"@semantic-release/exec",
{
prepareCmd: "node ../../scripts/semrel-set-version.js packages/ducpdf ${nextRelease.version}",
publishCmd: "npm publish",

Copilot AI Dec 14, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The npm publish command is missing the --provenance flag that was previously configured via @semantic-release/npm. OIDC-based provenance publishing provides cryptographic proof of where and how the package was built, which is a security best practice. Without this flag, packages will be published without provenance attestations. Consider adding the --provenance flag: "npm publish --provenance"

Suggested change
publishCmd: "npm publish",
publishCmd: "npm publish --provenance",

Copilot uses AI. Check for mistakes.
Comment on lines +33 to +36
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20.x

Copilot AI Dec 14, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NPM authentication is not configured in the workflow. The setup-node action should include registry-url and the Release step should include NPM_TOKEN in the environment variables. Without this, npm publish will fail with authentication errors. Add registry-url: 'https://registry.npmjs.org' to the Setup Node.js step and add NPM_TOKEN: secrets.NPM_TOKEN to the Release step's environment variables.

Copilot uses AI. Check for mistakes.
@github-actions

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 3.1.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 3.1.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 2.3.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 2.2.3 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 2.1.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

jorgedanisc added a commit that referenced this pull request Jun 2, 2026
fix: update ci to publish on npm
jorgedanisc added a commit that referenced this pull request Jun 4, 2026
fix: update ci to publish on npm
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants