chore: switch npm publish to trusted publishers via OIDC

[Prashant-Surya]

Description

• Update the publish workflow to use npm trusted publishers instead of NPM_TOKEN secret for authentication.
• Uses OIDC-based auth as recommended by npm docs — bumps to actions/checkout@v6, actions/setup-node@v6, Node 24, adds id-token: write permission, and removes the NPM_TOKEN dependency.

Type of Change

• Feature (non-breaking change which adds functionality)

Screenshots and Media (if applicable)

Test Scenarios

Published using github action from the branch:
https://github.com/makeplane/plane-node-sdk/actions/runs/23664758333/job/68943804887

Summary by CodeRabbit

• Chores
  • Updated CI/CD infrastructure dependencies and build tooling configurations to improve build reliability and consistency.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 70655740-bbb8-433c-8ef2-74788e643846

📥 Commits

Reviewing files that changed from the base of the PR and between d3c564e and 2a33343.

📒 Files selected for processing (1)

• .github/workflows/publish-node-sdk.yml

---

📝 Walkthrough

Walkthrough

A GitHub Actions workflow for Node SDK publishing is updated to use newer action versions (checkout v6, setup-node v6), upgrade Node.js runtime from version 20 to 24, and switch the publish command from pnpm to npm while removing the provenance flag.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow .github/workflows/publish-node-sdk.yml	Updated actions/checkout from v4 to v6, actions/setup-node from v4 to v6, bumped Node.js runtime from 20 to 24, and changed publish command from pnpm publish --access public --provenance to npm publish --access public.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

• chore: switch npm publish to trusted publishers via OIDC #36 — Modifies the same CI workflow publishing step to update npm publishing configuration and authentication.

Suggested reviewers

• sriramveeraghanta

Poem

🐰 Hop, hop, hurray! The workflows take flight,
Actions upgraded, Node's version bright!
From pnpm to npm, the package takes wing,
Version twenty-four makes the CI bell ring! 📦✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: switching to npm trusted publishers via OIDC for authentication, which aligns with the workflow updates and removal of NPM_TOKEN dependency.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/fix-trusted-publishers-workflow

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Updates the Node SDK publishing workflow to use npm Trusted Publishers (OIDC) instead of an NPM_TOKEN, modernizing the release pipeline authentication model.

Changes:

• Switches GitHub Actions publishing auth to OIDC by enabling id-token: write permissions.
• Bumps GitHub Actions tooling to actions/checkout@v6, actions/setup-node@v6, and uses Node.js 24.
• Publishes with npm publish --access public (instead of pnpm publish ...).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.