Skip to content

fix(ci): use package-token capable publish workflow#7

Merged
Jess Sullivan (Jesssullivan) merged 1 commit into
mainfrom
jess/use-ci-template-package-token
Apr 28, 2026
Merged

fix(ci): use package-token capable publish workflow#7
Jess Sullivan (Jesssullivan) merged 1 commit into
mainfrom
jess/use-ci-template-package-token

Conversation

@Jesssullivan

@Jesssullivan Jess Sullivan (Jesssullivan) commented Apr 28, 2026

Copy link
Copy Markdown
Contributor

Summary

  • update the reusable js-bazel-package.yml pin to ci-templates#22
  • keep the existing publish trigger behavior while allowing the inherited GITHUB_PACKAGES_TOKEN secret to be used for GitHub Packages publication

Validation

  • ruby -e 'require "yaml"; YAML.load_file(".github/workflows/ci.yml")'
  • git diff --check

@greptile-apps

greptile-apps Bot commented Apr 28, 2026

Copy link
Copy Markdown

Greptile Summary

This PR bumps the pinned SHA for the reusable js-bazel-package.yml workflow from 53f0326... to 0d88ad7... (corresponding to ci-templates#22), enabling the inherited GITHUB_PACKAGES_TOKEN secret to be used for GitHub Packages publication. All other workflow inputs, trigger logic, and permissions are unchanged.

Confidence Score: 5/5

Safe to merge — minimal, targeted SHA pin update with no logic changes.

The only change is a SHA reference bump for a trusted internal org workflow. SHA pinning is the correct security practice, secrets: inherit and packages: write permission were already present before this PR, and the publish trigger logic is unaffected.

No files require special attention.

Important Files Changed

Filename Overview
.github/workflows/ci.yml Updates the pinned SHA for the reusable js-bazel-package.yml workflow from 53f0326... to 0d88ad7... to enable GITHUB_PACKAGES_TOKEN-based publication; no other changes.

Sequence Diagram

sequenceDiagram
    participant GH as GitHub Actions
    participant CI as ci.yml (tinyland-security)
    participant TPL as js-bazel-package.yml@0d88ad7<br/>(ci-templates#22)
    participant GPR as GitHub Packages Registry

    GH->>CI: trigger (push/tag/PR/dispatch)
    CI->>TPL: call reusable workflow<br/>(secrets: inherit)
    TPL->>TPL: build, typecheck, test
    alt publish == true OR tag push
        TPL->>GPR: publish @tinyland-inc/tinyland-security<br/>using GITHUB_PACKAGES_TOKEN
    else
        TPL->>TPL: dry_run (no publish)
    end
    TPL-->>CI: workflow result
Loading

Reviews (1): Last reviewed commit: "fix(ci): use package-token capable publi..." | Re-trigger Greptile

@Jesssullivan Jess Sullivan (Jesssullivan) merged commit 7fa2f85 into main Apr 28, 2026
5 checks passed
@Jesssullivan Jess Sullivan (Jesssullivan) deleted the jess/use-ci-template-package-token branch April 28, 2026 01:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Jesssullivan