Skip to content

Update npm-publish.yml#29

Merged
mariokresic merged 1 commit intomainfrom
update-npm-publish-workflow
Feb 14, 2026
Merged

Update npm-publish.yml#29
mariokresic merged 1 commit intomainfrom
update-npm-publish-workflow

Conversation

@mariokresic
Copy link
Collaborator

@mariokresic mariokresic commented Feb 14, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

Chores

  • Updated npm publishing workflow to require a release name parameter for specifying publication targets.
  • Added automated validation logic to verify package names and filter only intended packages for publication.
  • Enhanced workflow reporting with improved release summary output including publish status and selected packages information.

@mariokresic mariokresic self-assigned this Feb 14, 2026
@coderabbitai
Copy link

coderabbitai bot commented Feb 14, 2026
edited
Loading

📝 Walkthrough

Walkthrough

The npm-publish workflow now accepts a release_name input parameter to selectively publish specific packages. A new "Resolve publish targets" step validates the input, maps package names to available packages, and outputs control flags that conditionally gate downstream build and publish operations.

Changes

Cohort / File(s) Summary
Workflow Configuration
.github/workflows/npm-publish.yml		 Added workflow_dispatch input release_name (string, required); introduced "Resolve publish targets" step to parse and validate release target with output flags (skip_publish, selected_packages, skip_reason); modified "Build monorepo for publishing" step to conditionally run based on skip_publish; updated "Publish packages" step to filter publications using resolved package list; added "Publish summary" step for logging release details.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A workflow so clever, now selective and keen,
Release names parsed through logic so clean,
Packages selected with surgical care,
Skip flags dancing through variables we share,
Publish with purpose—no wasteful affair! 🎉

🚥 Pre-merge checks | ✅ 3 | ❌ 1
❌ Failed checks (1 inconclusive)
Check name Status Explanation Resolution
Title check ❓ Inconclusive The title 'Update npm-publish.yml' is generic and vague, lacking specificity about the actual changes made to the workflow. Use a more descriptive title that highlights the main change, such as 'Add workflow_dispatch input and selective package publishing to npm-publish workflow' or 'Refactor npm-publish workflow to support targeted releases'.
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection ✅ Passed ✅ No merge conflicts detected when merging into main

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch update-npm-publish-workflow

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Feb 14, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Fix all issues with AI agents 
In @.github/workflows/npm-publish.yml:
- Around line 49-53: The workflow currently injects user-controlled values
directly into the shell via inline expression interpolation (e.g.,
RELEASE_NAME="${{ github.event.release.name || inputs.release_name }}"), which
enables shell injection; change these to pass values through environment
variables instead: set an env entry (e.g., env: RELEASE_NAME: ${{
github.event.release.name || inputs.release_name }}) on the step and reference
$RELEASE_NAME inside the run block, and do the same for other occurrences (steps
named resolve-targets, publish, and the summary step using
steps.resolve-targets.outputs.*) by moving all `${{ ... }}` references into env
entries and reading them from the environment in the script.
- Around line 111-123: The publish step currently runs pnpm publish without
authentication and will fail; fix by either setting NODE_AUTH_TOKEN for pnpm
(add env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} to the "Publish packages"
job so pnpm can authenticate) or change the step to use npm publish instead
(replace pnpm publish with npm publish) to leverage OIDC via setup-node@v4;
update the "Publish packages" run invocation accordingly and ensure the
selected_packages filter logic and --no-git-checks remain unchanged.

@mariokresic mariokresic merged commit d533604 into main Feb 14, 2026
5 checks passed
@mariokresic mariokresic deleted the update-npm-publish-workflow branch February 14, 2026 14:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

@mariokresic mariokresic

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mariokresic