chore(NODE-7563): migrate 5.x release workflows to npm trusted publishers#4942
Closed
tadjik1 wants to merge 2 commits into
Closed
chore(NODE-7563): migrate 5.x release workflows to npm trusted publishers#4942tadjik1 wants to merge 2 commits into
tadjik1 wants to merge 2 commits into
Conversation
…hers Replace NPM_TOKEN with OIDC dispatch to npm-publish.yml in release-5.x.yml, release-alpha.yml, and release-nightly.yml; add dispatch-and-wait.mjs helper script.
This was referenced May 18, 2026
Move alphaVersion input to an env var so bash does not perform command substitution on user-controlled input (semgrep finding).
tadjik1
changed the title
Member
Author
|
closed as we are not going to backport these changes yet |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Summary of Changes
Migrates
release-5.x.yml,release-alpha.yml, andrelease-nightly.ymlon the5.xbranch to npm Trusted Publishing by dispatching to the centralizednpm-publish.ymlworkflow (lives onmain, introduced in #4930). Addsdispatch-and-wait.mjshelper script — required because GitHub Actions loads workflow files from the triggering branch, but the script defaults to loadingnpm-publish.ymlfrommain.Notes for Reviewers
The
5.xbranch uses an older single-job workflow structure with a local.github/actions/setupcomposite action instead ofdrivers-github-tools. The dispatch pattern is identical to main; only the surrounding YAML structure differs.Main PR: #4941 — 6.x PR: #4943
Double check the following
npm run check:lint)type(NODE-xxxx)[!]: descriptionfeat(NODE-1234)!: rewriting everything in coffeescript