Skip to content

fix(releases): use npm 11.x for OIDC support in the release workflow #2742

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
myftija merged 1 commit into from
Dec 4, 2025
Merged

fix(releases): use npm 11.x for OIDC support in the release workflow #2742

myftija merged 1 commit into from
Dec 4, 2025

Conversation

@myftija
Copy link
Collaborator

@myftija myftija commented Dec 4, 2025

Support for OIDC requires npm v11.5.1 or newer.

@myftija
fix(releases): use npm 11.x for OIDC support in the release workflow
21621d4 
Support for OIDC requires npm v11.5.1 or newer.
@changeset-bot
Copy link

changeset-bot bot commented Dec 4, 2025

⚠️ No Changeset found

Latest commit: 21621d4

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 4, 2025
edited
Loading

Walkthrough

This pull request modifies the .github/workflows/release.yml file to add explicit npm 11.x (version 11.6.4) installation steps to the release workflow. The identical setup blocks are inserted in three locations: the release job, the update-lockfile job, and the prerelease section. These steps are positioned before lockfile installation and dependency operations to ensure OIDC support is available.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Repetitive, homogeneous changes (identical npm setup blocks added in three locations reduce cognitive load)
  • Straightforward additive changes with no complex logic modifications
  • Single file affected (workflow configuration)
  • Key focus areas for review:
    • Verify npm version 11.6.4 is the intended and correct version across all three insertion points
    • Confirm step placement is appropriate before each lockfile and dependency operation
    • Ensure consistency of the setup block implementation across all three job sections
    • Validate that no conflicts exist with existing workflow steps

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Description check ⚠️ Warning The description is minimal and incomplete. It only states the rationale (OIDC requires npm v11.5.1+) but lacks required template sections like testing steps, changelog entry, and checklist. Add missing sections: complete the checklist, describe testing steps taken, provide a changelog entry summarizing the changes, and include any relevant screenshots if applicable.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main change: adding npm 11.x to the release workflow for OIDC support. It is concise, specific, and directly reflects the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch another-smol-fix-prerelease
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 249878e and 21621d4.

📒 Files selected for processing (1)
  • .github/workflows/release.yml (2 hunks)
🧰 Additional context used
🧠 Learnings (2)
📚 Learning: 2025-11-27T16:27:48.109Z 
Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-27T16:27:48.109Z
Learning: pnpm version `10.23.0` and Node.js version `20.11.1` are required for development

Applied to files:

  • .github/workflows/release.yml
📚 Learning: 2025-11-27T16:27:48.109Z 
Learnt from: CR
Repo: triggerdotdev/trigger.dev PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-27T16:27:48.109Z
Learning: Use pnpm for package management in this monorepo

Applied to files:

  • .github/workflows/release.yml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (23)
  • GitHub Check: units / internal / 🧪 Unit Tests: Internal (6, 8)
  • GitHub Check: units / internal / 🧪 Unit Tests: Internal (8, 8)
  • GitHub Check: units / internal / 🧪 Unit Tests: Internal (2, 8)
  • GitHub Check: units / internal / 🧪 Unit Tests: Internal (7, 8)
  • GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (5, 8)
  • GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (2, 8)
  • GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (7, 8)
  • GitHub Check: units / internal / 🧪 Unit Tests: Internal (5, 8)
  • GitHub Check: units / internal / 🧪 Unit Tests: Internal (3, 8)
  • GitHub Check: units / internal / 🧪 Unit Tests: Internal (1, 8)
  • GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (1, 8)
  • GitHub Check: units / internal / 🧪 Unit Tests: Internal (4, 8)
  • GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (3, 8)
  • GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (8, 8)
  • GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (6, 8)
  • GitHub Check: units / webapp / 🧪 Unit Tests: Webapp (4, 8)
  • GitHub Check: units / packages / 🧪 Unit Tests: Packages (1, 1)
  • GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - npm)
  • GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - npm)
  • GitHub Check: e2e / 🧪 CLI v3 tests (ubuntu-latest - pnpm)
  • GitHub Check: e2e / 🧪 CLI v3 tests (windows-latest - pnpm)
  • GitHub Check: typecheck / typecheck
  • GitHub Check: Analyze (javascript-typescript)
🔇 Additional comments (3)
.github/workflows/release.yml (3)

140-143: npm setup placement and version are correct for OIDC in update-lockfile job.

The npm v11.6.4 setup is appropriately positioned before lockfile operations and includes a clear reference to the OIDC requirement. This ensures the job has OIDC support when pushing updates.

193-196: npm setup placement and version are correct for OIDC in prerelease job.

The npm v11.6.4 setup is appropriately positioned before dependency operations and includes clear documentation. This ensures the prerelease publish has OIDC support.

1-217: Verify the purpose of npm setup in update-lockfile versus release jobs.

The update-lockfile job (which only modifies lockfiles, not publishes) now has npm setup, while the release job (which actually publishes to npm) is missing it. Clarify whether npm setup is genuinely needed in update-lockfile, or if this was placed in the wrong job. The primary OIDC requirement should be in the release job during the actual publish operation.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@myftija myftija merged commit 748ae65 into main Dec 4, 2025
27 of 28 checks passed
@myftija myftija deleted the another-smol-fix-prerelease branch December 4, 2025 11:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nicktrn nicktrn nicktrn approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@myftija @nicktrn