chore: add id-token to release workflow by ctrlc03 · Pull Request #1088 · theinterfold/interfold

ctrlc03 · 2025-12-08T09:45:58Z

Summary by CodeRabbit

Documentation
- Added a README for the Enclave Config package describing its purpose and shared configuration role.
Chores
- Updated CI/CD workflow permissions to support token write operations.
- Simplified the package publish step by removing in-step authentication handling and relying on streamlined tagging logic.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

coderabbitai · 2025-12-08T09:46:08Z

Walkthrough

This PR adds id-token: write to the releases GitHub Actions workflow, removes inline npm auth handling from the publish step, and adds packages/enclave-config/README.md documenting the Enclave Config package.

Changes

Cohort / File(s)	Summary
GitHub Actions configuration `\.github/workflows/releases.yml`	Added `id-token: write` permission; removed in-step npm auth (`env.NODE_AUTH_TOKEN` and `npm config set`), leaving publish step to rely on TAG logic / external/trusted-publisher auth.
Documentation `packages/enclave-config/README.md`	Added new README with a short description for the Enclave Config package (shared configuration for the Enclave monorepo).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Review points:
- .github/workflows/releases.yml: confirm id-token: write is correct for OIDC/trusted-publisher usage and that removal of inline npm auth is intentional and covered by repo/organization trusted publisher configuration.
- packages/enclave-config/README.md: verify wording and placement.

Possibly related PRs

Add releases workflows #476 — Modifies the same releases workflow; likely directly related to prior workflow changes.
chore: add script to bump versions and release workflows #764 — Also adjusts release/publish/auth handling; related to moving to token/OIDC-based publishing.

Suggested reviewers

0xjei

Poem

🐇 I found a token, gave the secret a shove,
Swapped a config note for a README of love,
No more inline keys, trust takes the flight,
Enclave config snug in the repo tonight,
Hop, publish, and code — all ears on delight.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	The addition of a README.md to packages/enclave-config appears to be out of scope relative to the stated objective of migrating to trusted publishers for npm publishing.	Remove the packages/enclave-config/README.md changes or clarify why this documentation is necessary for the trusted publishers migration in issue #1087.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the primary change: adding id-token permissions to the release workflow, which is the main requirement for migrating to trusted publishers.
Linked Issues check	✅ Passed	The PR adds id-token: write permissions and removes npm authentication handling in the release workflow, implementing the trusted publishers approach required by issue #1087.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch chore/release-updates

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8ea89b9 and 29696a5.

📒 Files selected for processing (2)

.github/workflows/releases.yml (1 hunks)
packages/enclave-config/README.md (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

.github/workflows/releases.yml
packages/enclave-config/README.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

GitHub Check: build_sdk
GitHub Check: build_e3_support_dev
GitHub Check: crisp_unit
GitHub Check: integration_prebuild
GitHub Check: rust_integration
GitHub Check: test_net
GitHub Check: build_enclave_cli
GitHub Check: test_contracts
GitHub Check: build_ciphernode_image
GitHub Check: rust_unit

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

vercel · 2025-12-08T09:46:08Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
crisp	Ready	Preview	Comment	Dec 9, 2025 8:54am
enclave-docs	Ready	Preview	Comment	Dec 9, 2025 8:54am

coderabbitai

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c8aff7c and b7fa938.

📒 Files selected for processing (2)

.github/workflows/releases.yml (1 hunks)
packages/enclave-config/README.md (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-11-05T14:12:57.814Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 963
File: examples/CRISP/client/package.json:25-25
Timestamp: 2025-11-05T14:12:57.814Z
Learning: In the Enclave/CRISP codebase, `enclave-e3/sdk` and `crisp-e3/sdk` are different packages: `enclave-e3/sdk` is the general Enclave SDK, while `crisp-e3/sdk` is the CRISP-specific SDK. The CRISP client (`examples/CRISP/client`) intentionally depends on `enclave-e3/sdk`, not `crisp-e3/sdk`.

Applied to files:

packages/enclave-config/README.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

GitHub Check: integration_prebuild
GitHub Check: test_contracts
GitHub Check: crisp_unit
GitHub Check: build_enclave_cli
GitHub Check: build_e3_support_dev
GitHub Check: build_sdk
GitHub Check: test_net
GitHub Check: rust_unit
GitHub Check: build_ciphernode_image
GitHub Check: rust_integration

🔇 Additional comments (1)

packages/enclave-config/README.md (1)

1-3: Documentation looks good.

The README provides a clear, concise description of the package's purpose. No issues here.

ctrlc03 requested a review from hmzakhalid December 8, 2025 09:45

ctrlc03 self-assigned this Dec 8, 2025

vercel Bot deployed to Preview – enclave-docs December 8, 2025 09:46 View deployment

vercel Bot deployed to Preview – crisp December 8, 2025 09:47 View deployment

coderabbitai Bot reviewed Dec 8, 2025

View reviewed changes

Comment thread .github/workflows/releases.yml

hmzakhalid previously approved these changes Dec 8, 2025

View reviewed changes

ctrlc03 dismissed hmzakhalid’s stale review via 396442b December 8, 2025 21:13

ctrlc03 requested a review from hmzakhalid December 8, 2025 21:13

vercel Bot deployed to Preview – enclave-docs December 8, 2025 21:14 View deployment

vercel Bot deployed to Preview – crisp December 8, 2025 21:15 View deployment

vercel Bot deployed to Preview – enclave-docs December 8, 2025 21:19 View deployment

vercel Bot deployed to Preview – crisp December 8, 2025 21:19 View deployment

ctrlc03 added 3 commits December 9, 2025 08:52

chore: add id-token to release workflow

6580985

chore: remove unnecessary npm token secret

37a3ba1

chore: remove unnecessary token setup

29696a5

ctrlc03 force-pushed the chore/release-updates branch from 8ea89b9 to 29696a5 Compare December 9, 2025 08:52

ctrlc03 enabled auto-merge (squash) December 9, 2025 08:52

hmzakhalid approved these changes Dec 9, 2025

View reviewed changes

vercel Bot deployed to Preview – enclave-docs December 9, 2025 08:53 View deployment

vercel Bot deployed to Preview – crisp December 9, 2025 08:54 View deployment

ctrlc03 merged commit 9c5407f into main Dec 9, 2025
25 checks passed

github-actions Bot deleted the chore/release-updates branch December 17, 2025 02:51

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore: add id-token to release workflow#1088

chore: add id-token to release workflow#1088
ctrlc03 merged 3 commits into
mainfrom
chore/release-updates

ctrlc03 commented Dec 8, 2025 •

edited by coderabbitai Bot

Loading

Uh oh!

coderabbitai Bot commented Dec 8, 2025 •

edited

Loading

Uh oh!

vercel Bot commented Dec 8, 2025 •

edited

Loading

Uh oh!

coderabbitai Bot left a comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

ctrlc03 commented Dec 8, 2025 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

coderabbitai Bot commented Dec 8, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Possibly related PRs

Suggested reviewers

Poem

Pre-merge checks and finishing touches

Uh oh!

vercel Bot commented Dec 8, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

ctrlc03 commented Dec 8, 2025 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented Dec 8, 2025 •

edited

Loading

vercel Bot commented Dec 8, 2025 •

edited

Loading