Trusted publishing

[mateuszsikora]

No description provided.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

📝 Walkthrough

Walkthrough

A GitHub Actions workflow configuration is updated to use OpenID Connect (OIDC) authentication for publishing. The change adds permissions for id-token write access and removes explicit NODE_AUTH_TOKEN environment variables from publish steps, relying on id-token-based authentication instead.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow .github/workflows/publish.yml	Adds id-token: write permissions to the publish job and removes NODE_AUTH_TOKEN environment variables from the publish platform packages and publish main package steps, shifting to OIDC-based authentication.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	No pull request description was provided by the author, making it impossible to evaluate whether the description relates to the changeset.	Consider adding a description that explains the purpose of the trusted publishing migration and any relevant context for reviewers.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: migrating to trusted publishing by adding id-token permissions and removing NODE_AUTH_TOKEN environment variables.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ms-fix-publish-workflow

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/publish.yml:
- Around line 73-74: The job-level permissions currently only set id-token:
write which causes unspecified scopes to default to none and breaks
actions/checkout; update the publish job's permissions block to include
contents: read alongside id-token: write so actions/checkout can read the
repository (i.e., add the contents: read permission in the same permissions
mapping used for the publish job).