chore(release): cut v0.8.0-rc.1 — Trusted Publishing smoke test#479
Merged
Conversation
Release-candidate dispatch slot for the v0.8.0 cycle. Smoke-tests the restored npmjs.com Trusted Publishing path (ADR-0044, supersedes ADR-0041) before the v0.8.0 final dispatch — exercises the OIDC + --provenance shape end-to-end on a low-stakes version. Surface content unchanged from v0.8.0: - README badge + status banner reframed as RC; references ADR-0044 and acknowledges v0.7.x shipped via the ADR-0041 NPM_TOKEN fallback. - docs/specorator.md version line updated; v0.8.x publish-via-OIDC narrative replaces the earlier "deferred per ADR-0041" line. - CHANGELOG adds a minimal [v0.8.0-rc.1] section above the planned [v0.8.0] entry. Post-RC: bump back to 0.8.0 in a follow-up PR, tag, dispatch v0.8.0 final. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bump package.json + README + docs/specorator.md + CHANGELOG to
v0.8.0-rc.1so the next release dispatch exercises npmjs.com Trusted Publishing on a low-stakes version before we cutv0.8.0final.Why
ADR-0041's NPM_TOKEN fallback shipped v0.7.0 / v0.7.1. ADR-0044 (landed in #478) restored the OIDC +
--provenancepath after the npmjs.com Trusted Publisher was activated againstrelease.ymlon thereleasedeployment environment (closes #411). The first dispatch under the new auth is the v0.8.0 release. If the Trusted Publisher configuration is misaligned (wrong workflow ref, wrong environment, wrong repo) the publish step fails closed, and recovery either repairs the config + re-dispatches or reverts ADR-0044 with a one-line PR re-addingNODE_AUTH_TOKENand falling back to NPM_TOKEN.Cutting
v0.8.0-rc.1first burns the RC slot rather than0.8.0if the validation fails. If the RC dispatch succeeds, we follow up with a back-bump PR (0.8.0-rc.1 -> 0.8.0), tag, and dispatch.Surface content
Unchanged from v0.8.0 — this is a TP smoke test, not new feature work. README banner and
docs/specorator.mdversion line reframe as RC; CHANGELOG adds a one-paragraph[v0.8.0-rc.1]section above the planned[v0.8.0]entry.Test plan
npm run check:fast(with sites workspace installed) — 445 tests pass under sequential pool.npm run check:public-surfaces— README badge + status line anddocs/specorator.mdversion line matchpackage.json#version0.8.0-rc.1.npm run check:claude-plugin— bundle absent on this branch (gitignored), so structural-only.v0.8.0-rc.1, dispatchrelease.yml -f version=0.8.0-rc.1 -f dry_run=false -f prerelease=true -f publish_package=true -f confirm=0.8.0-rc.1. Expected: OIDC mints,npm publish --provenancesucceeds,npm view specorator@0.8.0-rc.1 --json | jq '.dist.attestations'returns a sigstore provenance URL.0.8.0-rc.1 -> 0.8.0and proceed with v0.8.0 final dispatch.Out of scope
NPM_TOKENrepo secret (handled after first successful OIDC publish per ADR-0044).🤖 Generated with Claude Code