Skip to content

CICDL-258: Test OIDC with id-token permission on consumer job#28

Merged
pipedrive-public-gha-bot[bot] merged 2 commits into
masterfrom
CICDL-258-test-trusted-publisher-v3
May 20, 2026
Merged

CICDL-258: Test OIDC with id-token permission on consumer job#28
pipedrive-public-gha-bot[bot] merged 2 commits into
masterfrom
CICDL-258-test-trusted-publisher-v3

Conversation

@Moser-ss

Copy link
Copy Markdown
Contributor

Summary

Third test iteration for NPM Trusted Publishers (OIDC).

  • Adds permissions: id-token: write to the consumer publish job — this is required at every level of the reusable workflow chain; setting it only in the reusable workflow is not sufficient
  • Still pointing at CICDL-258-use-trusted-providers branch

How to trigger

Add the npm-ready-for-publish label.

Expected outcome

GITHUB_TOKEN Permissions in the run log should now show id-token: write, and npm should authenticate via OIDC without ENEEDAUTH.

🤖 Generated with Claude Code

@Moser-ss Moser-ss marked this pull request as ready for review May 20, 2026 09:28
pipedrive-public-gha-bot Bot pushed a commit that referenced this pull request May 20, 2026
@pipedrive-public-gha-bot pipedrive-public-gha-bot Bot merged commit 52a6b2d into master May 20, 2026
5 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants