ci: migrate to npm trusted publishing (OIDC) and update publishing workflow #16630
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- necessary for the OIDC authentication for trusted npm publishing via workflows
Fixes GH-13319 The GH pages are published on each release, and we publish them after the actual package release was successful, so no need for an additional publishing here
Member
Author
github-project-automation
bot
moved this from Waiting on reviewers
to Waiting on author
in PR Backlog
As we need to switch to trusted npm publishing using OIDC authenticaction, we merge the next and release publish workflows to one which handles all cases. Fixes GH-16434
Member
Author
|
Thanks @sgraband for your review! I updated my commits and force pushed them, would be great if you could have another look! TIA! |
sgraband
reviewed
Nov 25, 2025
| - [ ] Folder structure follows Theia conventions (see [Code Organization](https://github.com/eclipse-theia/theia/blob/master/doc/code-organization.md)) | ||
| - [ ] Package is added to the example applications (i.e. `browser`, `browser-only`, `electron`) | ||
| - [ ] New packages must be published manually by a Theia committer initially (see also [Release Process - Newly added Theia packages](https://github.com/eclipse-theia/theia/blob/master/doc/Publishing.md#212-newly-added-theia-packages---publish-initially-to-npm)). | ||
| If you are not a committer or do not have enough time, please open a follow-up ticket with the label `toDoWithRelease` to inform the release team about the new package. |
Contributor
There was a problem hiding this comment.
I think we need to clarify that this is in the Theia IDE repo, right?
Member
Author
There was a problem hiding this comment.
No I think theia is correct, as this is about the actual publishing of a new @theia package on NPM. This is part of the Theia release.
Adding this newly published package to the Theia IDE is then a separate step, and right below.
(I just introduced the todoWithRelease concept also for the theia repo as well, hope that's not too confusing?)
Contributor
There was a problem hiding this comment.
Ah yes sorry, i was confused for a second 😄 Thanks for clarifying.
sgraband
approved these changes
Nov 25, 2025
Contributor
sgraband
left a comment
sgraband
left a comment
There was a problem hiding this comment.
Thank you very much for the contribution and the iterations. Great improvement 🎉
github-project-automation
bot
moved this from Waiting on author
to Needs merge
in PR Backlog
ndoschek
added a commit
that referenced
this pull request
Nov 25, 2025
3 tasks
ndoschek
added a commit
that referenced
this pull request
Nov 25, 2025
3 tasks
ndoschek
added a commit
that referenced
this pull request
Nov 25, 2025
3 tasks
ndoschek
added a commit
that referenced
this pull request
Nov 25, 2025
Follow up of GH-16630 - fix checkout step and make sure to fetch master branch for comparison - fix commentBody to use backticks to have a proper multi-line string in JavaScript
3 tasks
ndoschek
added a commit
that referenced
this pull request
Nov 26, 2025
* fix check-new-packages.yml workflow Follow up of GH-16630 - fix checkout step and make sure to fetch master branch for comparison - fix commentBody to use backticks to have a proper multi-line string in JavaScript - add an example issue link for the initial manual publish run for new theia packages * fix: check-publish script for next releases The checkPublish script did not work properly for next releases, if a new package was freshly released. This change updates the checkPublish script to check for next releases if all packages (also new ones) were published to npm.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What it does
Note
@theiapackages were updated today.How to test
Follow-ups
Breaking changes
Attribution
Review checklist
nlsservice (for details, please see the Internationalization/Localization section in the Coding Guidelines)Reminder for reviewers