Skip to content

ci(publish): pure OIDC (package now bootstrapped)#45

Merged
lex00 merged 1 commit into
mainfrom
ci/publish-oidc-final
Jun 19, 2026
Merged

ci(publish): pure OIDC (package now bootstrapped)#45
lex00 merged 1 commit into
mainfrom
ci/publish-oidc-final

Conversation

@lex00

@lex00 lex00 commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

@intentius/github-warden@0.2.0 is published (bootstrapped via a local npm publish with interactive 2FA — the one manual step npm requires for any brand-new package).

Now that the package exists, the token path is dead weight (the org enforces 2FA, so tokens hit EOTP). This reverts publish.yml to clean pure OIDC trusted publishingid-token: write, --provenance, no secret.

To make future just release runs publish automatically (token-free)

Two one-time steps on your side (you're org owner):

  1. npmjs.com → Packages → @intentius/github-warden → Settings → Trusted publishing → add GitHub repo intentius/github-warden, workflow publish.yml.
  2. Delete the NPM_TOKEN repo secret (unused now).

After that, just release minorv0.3.0 → CI publishes via OIDC, exactly like the lexicons.

🤖 Generated with Claude Code

@lex00 @claude
ci(publish): pure OIDC trusted publishing (drop dead token path)
5ea0287 
@intentius/github-warden@0.2.0 is now published (bootstrapped via a local
2FA login). The org enforces 2FA so tokens hit EOTP — the token path is
dead weight. Revert publish.yml to clean pure-OIDC; future releases go
via the package's trusted-publisher record.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@lex00 lex00 merged commit 2f29210 into main Jun 19, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lex00