Skip to content

fix: npm release failing #106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
varonix0 merged 2 commits into from
Jan 19, 2026
Merged

fix: npm release failing #106

varonix0 merged 2 commits into from
Jan 19, 2026

Conversation

@varonix0
Copy link
Member

@varonix0 varonix0 commented Jan 19, 2026

Description 📣

Added NPM trusted publisher which uses OIDC auth to avoid having a static access token with a TTL.

Type ✨

  • Bug fix
  • New feature
  • Improvement
  • Breaking change
  • Documentation

@varonix0 varonix0 self-assigned this Jan 19, 2026
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Jan 19, 2026

Greptile Summary

This PR adds the id-token: write permission to enable NPM OIDC authentication, but doesn't actually implement it. The workflow continues using the static NPM_TOKEN secret throughout the npm-release job (lines 68-88), meaning the security improvement described in the PR isn't achieved.

  • Added id-token: write permission in workflow permissions
  • Issue: Static NPM_TOKEN secret is still used for authentication - OIDC not actually implemented
  • The .npmrc setup and publish steps need to be updated to use NPM provenance publishing with the --provenance flag instead of token-based auth

Confidence Score: 2/5

  • This PR is incomplete and doesn't fix the npm release issue as described
  • The PR claims to add NPM trusted publisher with OIDC auth but only adds the permission without implementing the actual OIDC authentication mechanism. The workflow still relies on the static NPM_TOKEN secret, which means the security improvement isn't realized and the npm release issue may not be fixed
  • The workflow file needs significant changes to actually implement OIDC authentication - remove token-based auth and add provenance publishing

Important Files Changed

Filename Overview
.github/workflows/release_build_infisical_cli.yml Added id-token: write permission but the workflow still uses static NPM_TOKEN secret - OIDC authentication not actually implemented

greptile-apps[bot]
greptile-apps bot reviewed Jan 19, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 file reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

@varonix0 varonix0 merged commit a0fe2fb into main Jan 19, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maidul98 maidul98 maidul98 approved these changes

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@varonix0 varonix0

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@varonix0 @maidul98