Updated ci.yml file and upgraded protocol version#194
Updated ci.yml file and upgraded protocol version#194miantalha45 wants to merge 2 commits intometacall:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Updates the project’s npm publishing workflow and bumps the @metacall/protocol dependency version, aligning CI/release behavior with the new publishing approach.
Changes:
- Bump
@metacall/protocolfrom^0.1.24to^0.1.27inpackage.json. - Update GitHub Actions workflow permissions and change Node version used in CI.
- Change npm publishing approach (move away from the previous token-based
npm-publishaction configuration towardnpm publish --provenance).
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| package.json | Upgrades @metacall/protocol dependency version. |
| .github/workflows/ci.yml | Adjusts workflow permissions, Node version, and the npm publish step/procedure. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
.github/workflows/ci.yml
Outdated
|
|
||
| - name: Publish | ||
| uses: JS-DevTools/npm-publish@v1 | ||
| uses: JS-DevTools/npm-publish@v2 |
There was a problem hiding this comment.
This workflow step is invalid because it specifies both uses: and run: in the same step. GitHub Actions requires a step to use either an action (uses) or a shell command (run). Remove uses: JS-DevTools/npm-publish@v2 and keep the run block, or switch back to using the action with appropriate inputs (and no run).
| uses: JS-DevTools/npm-publish@v2 |
| token: '${{ secrets.NPM_AUTH_TOKEN }}' | ||
| run: | | ||
| unset NODE_AUTH_TOKEN | ||
| npm publish --provenance |
There was a problem hiding this comment.
Since this is a scoped package (@metacall/deploy), npm publish commonly requires --access public (or publishConfig.access="public" in package.json) to avoid defaulting to restricted access. The previous workflow explicitly set access: 'public'; consider adding --access public (or publishConfig) back to prevent publish failures on tag builds.
| npm publish --provenance | |
| npm publish --access public --provenance |
| }, | ||
| "dependencies": { | ||
| "@metacall/protocol": "^0.1.24", | ||
| "@metacall/protocol": "^0.1.27", |
There was a problem hiding this comment.
package-lock.json is committed and still pins @metacall/protocol to the old range/version, so installs will continue using the locked version (or update the lock locally) despite this package.json bump. Please update and commit package-lock.json to reflect the new @metacall/protocol version so dependency resolution is deterministic and npm ci would remain consistent.
| "@metacall/protocol": "^0.1.27", | |
| "@metacall/protocol": "^0.1.26", |
Summary
Updated ci.yml file for changing the procedure of publishing on npm
upgraded protocol version in package.json